> what would be considered a valid reason for having them be different?
The fact that they are different is a valid reason. Someone decided they wanted them to be different. Making them the same is more of a convenience and to reduce confusion. By default, no UPN is set when creating a user object. Some tools will force the population of the attribute. If it isn't specifically populated, it is still available though. Also note that with K3 AD, you do not have to specify the sAMAccountName and AD will autogenerate one. At that point, you better have a different easier to recall UPN because the sAMAccountName isn't something you will want to type in all the time. Why can't the external repository link via the GUID? It doesn't store binary or can't convert to the GUID binary format when looking back? If that is the case, add a custom attribute and populate it with the text form of the GUID and link on that. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Chopp Sent: Thursday, August 25, 2005 7:59 AM To: [email protected] Subject: [ActiveDir] UPN vs. SAM Account Name Knowing that it is strongly recommended that the username portion of the UPN and the SAM Account Name should be identical, what would be considered a valid reason for having them be different? And, if they were deliberately being set to different values, when it comes to naming a home directory for the user, would you be more likely to name the home directory after the UPN or the SAM Account Name? My choice would be to key on the UPN, but I'm wondering if there's any reason to do it a different way. The reasoning behind the question... I'm monitoring changes to the UPN and SAM Account Name attribute values on user objects for purposes of updating user-specific storage on a server as well as updating other information external to AD that is linked to the user. Given that the user's object DN is irrelevant during a rename operation due to the fact that the "before" value never gets reported with with "after" value, all I can key on for a rename of a user object is the possibility that the UPN and/or the SAM Account Name might get changed as part of the rename. The Display Name isn't suitable for use in linking to the external information, and the external information reposity can't really be modified to link via the user object's GUID value, so using the UPN or SAM Account Name are really the most viable options. -- Chuck Chopp ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com RTFM Consulting Services Inc. 864 801 2795 voice & voicemail 103 Autumn Hill Road 864 801 2774 fax Greer, SC 29651 Do not send me unsolicited commercial email. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
