can somebody point out to the symbols which is better not to use when naming AD DS groups? I want to have some explanations/links to documentation on why those should not be used. For example Windows Server 2012 allows you to use "/" in group name but I believe it may cause issues in certain scenarios as this symbol has a special meaning in LDAP filter specification for example... So certain symbols allowed but may cause interoperability issue I presume. Will appreciate list of symbols to avoid with explanation why/prospective troubles you may run into using them
SnapOverflow
Active Directory has been historically compliant to RFC 2253 for naming conventions; I don't think that has changed for Windows 2012 (info about Windows 2003: https://technet.microsoft.com/en-us/library/cc776019%28v=ws.10%29.aspx )
The RFC lists the following characters:
That list matches what is stated on this other article about Windows 2012 R2: https://technet.microsoft.com/en-us/library/cc733146.aspx
If you want interoperability between AD and any system that can ever be connected to it, to be on the safe side use only alphanumeric characters and underscores in all names. It doesn't hurt much to avoid spaces and (especially important) diacritics. If you do opposite, the problems may arise when you try ie. integrated login with some software, even despite declared (not always well tested) UTF-8 conformance.
A nice example is the Ruckus software for WLAN management that my company uses, which fails on every LDAP logon/group name with diacritics. This includes both CN and sAMAccountName.
Another example can be UNIX shell scripts, which may not always correctly handle spaces in arguments, or may need specific locales installed to handle diacritics.