Home / server / Questions / 105142
Accepted
Matias Nino
Asked: 2010-01-22 11:11:41 +0800 CST

Windows Server 2008/R2: Change the maximum UserName length?

  • 772

Is there any way to change the standard 20 character UserName maximum length restriction for local accounts?

(Server 2008 R2 to be specific)

windows windows-server-2008 user-management

4 Answers

  1. Best Answer

    Nope, it's fixed at 20. I believe this is for backward compatibility reasons. You can go bigger in Active Directory (except for the SAMAccountName field), but not locally.

    • 11

  2. You must be referring to the sam-accountname attribute. Logon names have to follow these rules:

    Rules for Logon Names

    Logon names must follow these rules:

    Local logon names must be unique on a workstation and global logon names must be unique throughout a domain.

    Logon names can be up to 104 characters. However, it isn't practical to use logon names that are longer than 64 characters.

    A Microsoft Windows NT version 4.0 or earlier logon name is given to all accounts, which by default is set to the first 20 characters of the Windows 2000 logon name. The Windows NT version 4.0 or earlier logon name must be unique throughout a domain.

    Users logging on to the domain from Windows 2000 computers can use their Windows 2000 logon name or their Windows NT version 4.0 or earlier logon name, regardless of the domain operations mode.

    Note that the GUI only lets you create 20 char names, you would have to create them programatically to get past 20.

    • 9

  3. "Note that the GUI only lets you create 20 char names, you would have to create them programatically to get past 20."

    I would say that that statement is incorrect. I cannot programmatically create usernames greater than twenty characters. Below is the relevant VB.NET code that I ran on Windows Server 2008 R2. It works for creating user names of twenty or fewer characters, but throws an exception if the username exceeds twenty characters. Try it yourself. Sincerely, Joseph Davoli

    Code:

    Imports System.DirectoryServices    'Gives us access to Directory Services.
    


    Function Blah() As Whatever
    


    Dim strFNMILN As String = "Christopher.B.Robinson"   'NOTE:  Twenty-two characters.
Dim strFullName as string = "Christopher B. Robinson"
    


    'Declare a new "DirectoryEntry" object variable and assign to it the entry for
'this computer (the computer on which this code is running).
Dim DirectoryEntryThisComputer As New DirectoryEntry("WinNT://" & Environment.MachineName & ",computer")
    


    'Declare a new "DirectoryEntry" object variable and name it "DirectoryEntryNewUser".
'Create a new user in the local directory and assign that user to our object variable.
Dim DirectoryEntryNewUser As DirectoryEntry = DirectoryEntryThisComputer.Children.Add(strFNMILN, "user")
    


    'Add the fullname of this user.
DirectoryEntryNewUser.Invoke("Put", New Object() {"fullname", strFullName })
    


    'Add a description value.
DirectoryEntryNewUser.Invoke("Put", New Object() {"description", "This is a test user."})
    


    'Set the password for this new user (14 character minimum).
DirectoryEntryNewUser.Invoke("SetPassword", New Object() {"abcdefg1234567"})
    


    'Save this new user to the local directory (this machine's directory).
DirectoryEntryNewUser.CommitChanges()
    


    .
.
End Function

    • 5

  4. I'm using DSADD into W2K3 AD Server, it's failed due to 21 (twenty one) characters length of "SAMID".

    C:\Users\admin-of-change>DSAdd.exe user "CN=SharePoint Service Applications XYZ,OU=Users,OU=District UVW,OU=XYZ,DC=domain-universe,DC=int,DC=net" -samid "adm_xyz_SPServiceApps" -upn [email protected] -fn "SharePoint Service Applications" -ln "XYZ" -display "SharePoint Service Applications XYZ" -pwd "continue2013" -desc "Non Human Account" -office "Head Office" -email [email protected] -webpg "www.UnusualCompany.com" -title "SharePoint Service Applications XYZ" -company "X Y Z" -disabled no
dsadd failed:CN=SharePoint Service Applications XYZ,OU=Users,OU=District UVW,OU=XYZ,DC=domain-universe,DC=int,DC=net:The name provided is not a properly formed account name.
type dsadd /? for help.

┌─────────────────────────────────────┐
│ Executed Tue 07/02/2013 13:59:57.88 │ As [admin-of-change]
└─────────────────────────────────────┘

    It's solved while decrease the UPN.

    C:\Users\admin-of-change>DSAdd.exe user "CN=SharePoint Service Applications XYZ,OU=Users,OU=District UVW,OU=XYZ,DC=domain-universe,DC=int,DC=net" -samid "adm_xyz_SPSvcApps" -upn [email protected] -fn "SharePoint Service Applications" -ln "XYZ" -display "SharePoint Service Applications XYZ" -pwd "continue2013" -desc "Non Human Account" -office "Head Office" -email [email protected] -webpg "www.UnusualCompany.com" -title "SharePoint Service Applications XYZ" -company "X Y Z" -disabled no
dsadd succeeded:CN=SharePoint Service Applications XYZ,OU=Users,OU=Users,OU=District UVW,OU=XYZ,DC=domain-universe,DC=int,DC=net

┌─────────────────────────────────────┐
│ Executed Tue 07/02/2013 14:06:21.08 │ As [admin-of-change]
└─────────────────────────────────────┘

    Any comments for improvement are welcome.

    • 0