I have a server(windows server 2012) that had Windows AD(Active Directory) installed and is used as part of an application that I maintain. Most of the time my application programmatically manages this server, adding, editing, and removing users as it see's fit. However occasionally I want to make modifications by hand, for example I want to add a user.
Typically I use the "Active Directory users and Computers" snap-in via MMC. However when I attempt to create the user through this application I am presented with a interesting issue:
Windows forces me to append a suffix matching the name of my AD instance.
If I try the same thing through the "Active Directory Administrative Center" I have a similar issue:
For some reason windows doesn't allow me to create users without this mandatory suffix. However I don't seem to have this issue when I create users programmatically. The application that I work with depends on users not having a suffix.
How to I get around AD's requirements in the UI(Add a user with a blank suffix)?
Why does AD even have this requirement in the front end, but not when adding users programmatically?
All users in AD have a UPN suffix whether you explicitly add it or not.When you create users via code, the userPrincipalName attribute may be getting created automatically based on the domain's FQDN. But per jscott's comment below, it is actually not required.However, the application you're working with doesn't likely require users to not have a suffix. It is likely just querying an attribute where the suffix isn't present (like sAMAccountName).