Info
KeePass Hub
I. LDAP and AD
Quick Active Directory and OpenLDAP User Guide
Directory Connection Setup Overview
AD Filter for Group Membership
Troubleshooting LDAP and AD
Directory Search Filters
Microsoft Entra ID
Secure LDAP is Mandatory for Active Directory
Active Directory and sAMAccountNames
Disconnected Users
AD Access Offline
Legacy LDAP and AD Guides
Sitemap
Info  >  KeePass Hub  >  I. LDAP and AD  >  Active Directory and sAMAccountNames Page last modified Oct 12 2021, 10:09

sAMAccountNames in Active Directory

Use KeePass with Pleasant Password Server

Internally, Active Directory (AD) uses several naming schemes for a given object. In the case of a User, two fields are of particular relevance: sAMAccountName (SAM-Account) and userPrincipalName (UPN).

sAMAccountNames

  • Logon names maintained for backwards compatability with pre-NT4 clients
  • Format: domainname\username
  • Limited to 20 characters

UPNs

  • Logon names formatted as email addresses; Note: the UPN's domain doesn't always match the user's location domain
  • Format: username@domainname.com
  • No character limit

Current Limitations

Authentication / Auto-Import - Allows up to 20 characters (sAMAccountName)

The component that Pleasant Password Server (PPASS) uses for Auto-Import searches via sAMAccountName, not UPN. This means that PPASS will be unable to find users using long usernames, regardless of whether they exist.

Work-Around: Some customers have found a work-around by using the Directory alias ('@alias') as a suffix, for example, username@alias

Manual Importing - Allows 20 or more characters (sAMAccountName/UPN)
  • Import Users or Import Groups pages will bind and allow manual importing of usernames of 20 or more characters long

How do I find sAMAccountNames?

With Active Directory Users and Computers open:

  • Click View > Advanced Features
  • Open the properties of an object > Attribute Editor tab > Scroll down to sAMAccountName

(animated GIF)

sAM Account Names