That's a good question. Ambiguity is what I'd be concerned about in this case so I think that most of the noticeable errors would occur in messaging (Exchange DG's) and administration efforts. Since everything relies on sid's, it wouldn't be in the form of logging on, but rather when you search for or try to use a group by samaccountname. Interaction with legacy domains would be impacted (only due to replication I would think. )
I don't imagine you'll get enough ammo from any testing to push somebody to convert those. As JoeK said, you can use that length and make it work (they do so programmatically). I'm just wondering out loud if there are errors that have yet to be attributed to that. Since it's expected to be 20 chars, even if the directory only enforces 64 chars I would expect some apps to have some issues with it.
Only the GDO for building 7 or somebody on that team likely knows while it's not enforced at 20 like those used on user objects.
On 6/5/06, Freddy HARTONO <[EMAIL PROTECTED]> wrote:
How do I test that? I'd love to change all of these to match the samaccountname to the objectcn = as its showing half complete on the samaccountname for those adc created objects and is not neat...Thank you and have a splendid day!
Kind Regards,
Freddy Hartono
Group Support Engineer
InternationalSOS Pte Ltd
mail: [EMAIL PROTECTED]
phone: (+65) 6330-9785
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Al Mulnick
Sent: Monday, June 05, 2006 10:55 PMSubject: Re: [ActiveDir] OT: Samaccountname attribute (20 char limit) not applicable to gr oups?
I wonder if they do work? or if some of them don't because only the first 20 chars are being looked at/returned by the api's that consume them?Interesting. That variable is a 20 char variable so I don't see why a loophole of 64 is allowed? Any thoughts?
On 6/4/06, Joe Kaplan <[EMAIL PROTECTED]> wrote:My understanding is that the DS enforces a limit of 64 char for
sAMAccountName for groups, but 20 for users. I know we have thousands of
groups with sAMAccountName longer than 20. They still work and the DS
doesn't balk. :)
These are all created programmatically through tools though and are not
created or modified with ADUC. There might be some behavior difference
there.
Joe K.
----- Original Message -----
From: Al Mulnick
To: [email protected]
Sent: Sunday, June 04, 2006 11:58 AM
Subject: Re: [ActiveDir] OT: Samaccountname attribute (20 char limit) not
applicable to gr oups?
That's on the target? Or that's in the source?
On 6/4/06, Freddy HARTONO <[EMAIL PROTECTED] > wrote:
Hi Al
I have one of this group with way more than 20char
samaccountname
AKL.AST.Assistance Management.Assistant GM- Assistance Services
Thank you and have a splendid day!
Kind Regards,
Freddy Hartono
Group Support Engineer
InternationalSOS Pte Ltd
mail: [EMAIL PROTECTED]
phone: (+65) 6330-9785
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
