How to add a user in Active Directory with name longer than 20 characters?
I am using Windows 2008 R2 Server and trying to add a user in Active Directory.
I am able to save user ID of length less than 20 characters. But when I try to increase this value to 30 characters I get this error:
“System.DirectoryServices.DirectoryServicesCOMException (0x8007001F): A device attached to the system is not functioning. (Exception from HRESULT: 0x8007001F)”
This error when I searched on net give me various links saying that:
Please verify if the issue is caused by the length of sAMAccountName
The document of SAM-Account-Name also indicates that the length of it should be less than 20 characters.
I am using the code below to add user in Active Directory
public static void AddUser(ADUser adUser)
{
if (_logger.IsDebugEnabled)
_logger.Debug("ADHelper.cs: Enter AddUser");
// Local variables
DirectoryEntry oDE = null;
DirectoryEntry oDENewUser = null;
DirectoryEntries oDEs = null;
try
{
oDE = GetDirectoryEntry(GetADPath(adUser.UserType));
// 1. Create user account
oDEs = oDE.Children;
oDENewUser = oDEs.Add("CN=" + adUser.UserName, "user");
// 2. Set properties
SetProperty(oDENewUser, Constants.ADAttributes.givenName, adUser.FirstName);
SetProperty(oDENewUser, Constants.ADAttributes.initials, adUser.MiddleInitial);
SetProperty(oDENewUser, Constants.ADAttributes.sn, adUser.LastName);
SetProperty(oDENewUser, Constants.ADAttributes.mail, adUser.Email);
SetProperty(oDENewUser, Constants.ADAttributes.sAMAccountName, adUser.UserName);
SetProperty(oDENewUser, Constants.ADAttributes.ChallengeQuestion, adUser.PasswordChallengeQuestion);
SetProperty(oDENewUser, Constants.ADAttributes.ChallengeAnswer, adUser.PasswordChallengeAnswer);
SetProperty(oDENewUser, Constants.ADAttributes.ChallengeQuestion2, adUser.PasswordChallengeQuestion2);
SetProperty(oDENewUser, Constants.ADAttributes.ChallengeAnswer2, adUser.PasswordChallengeAnswer2);
// Sharepoint changes
if (adUser.CompanyGroupSupplier != string.Empty)
{
SetProperty(oDENewUser, Constants.ADAttributes.CompanyGroupSupplier, adUser.CompanyGroupSupplier);
}
if (adUser.PersonalGroupAddress != string.Empty)
{
SetProperty(oDENewUser, Constants.ADAttributes.PersonalGroupAddress, adUser.PersonalGroupAddress);
}
if (adUser.PersonalGroupPhone != string.Empty)
{
SetProperty(oDENewUser, Constants.ADAttributes.PersonalGroupPhone, adUser.PersonalGroupPhone);
}
// Sharepoint changes
oDENewUser.CommitChanges();
// 3. Set password
SetPassword(oDENewUser.Path, adUser.Password);
// 4. Enable account
EnableAccount(oDENewUser);
oDENewUser.Close();
oDE.Close();
if (_logger.IsDebugEnabled)
_logger.Debug("ADHelper.cs: Exit AddUser");
}
catch (ApplicationException appex)
{
if (_logger.IsErrorEnabled)
_logger.Error("ADHelper.cs: Exception occurred in AddUser. Message: ", appex);
throw appex;
}
catch (Exception ex)
{
if (_logger.IsErrorEnabled)
_logger.Error("ADHelper.cs: Exception occurred in AddUser. Message: ", ex);
throw ex;
}
finally
{
if (oDENewUser != null)
{
oDENewUser.Dispose();
oDENewUser = null;
}
if (oDEs != null)
{
oDEs = null;
}
if (oDE != null)
{
oDE.Dispose();
oDE = null;
}
}
}
How can I increase sAMAccountName length in Active Directory to around 30 characters in length?
shrikant2 Answers
As you've already found and stated in your question, the attribute is limited to 20 characters (MSDN article). This is for backwards compatibility. Active Directory itself is imposing this restriction therefore you can't override it programmatically.
James O'Gorman20 characters is the limit for the "Pre-Windows 2000" name, also known as the samAccountName.
Refer to this previous answer for more information: https://serverfault.com/a/335565/20701
Greg Askew
CommunityUser contributions licensed under CC BY-SA 3.0