How to add a user in Active Directory with name longer than 20 characters?

0

I am using Windows 2008 R2 Server and trying to add a user in Active Directory.

I am able to save user ID of length less than 20 characters. But when I try to increase this value to 30 characters I get this error:

“System.DirectoryServices.DirectoryServicesCOMException (0x8007001F): A device attached to the system is not functioning. (Exception from HRESULT: 0x8007001F)”

This error when I searched on net give me various links saying that:

  • Please verify if the issue is caused by the length of sAMAccountName

  • The document of SAM-Account-Name also indicates that the length of it should be less than 20 characters.

I am using the code below to add user in Active Directory

public static void AddUser(ADUser adUser)
{
       if (_logger.IsDebugEnabled)
          _logger.Debug("ADHelper.cs: Enter AddUser");


         // Local variables
            DirectoryEntry oDE = null;
            DirectoryEntry oDENewUser = null;
            DirectoryEntries oDEs = null;

try
{
oDE = GetDirectoryEntry(GetADPath(adUser.UserType));

// 1. Create user account
oDEs = oDE.Children;
oDENewUser = oDEs.Add("CN=" + adUser.UserName, "user");

// 2. Set properties
SetProperty(oDENewUser, Constants.ADAttributes.givenName, adUser.FirstName);
SetProperty(oDENewUser, Constants.ADAttributes.initials, adUser.MiddleInitial);
SetProperty(oDENewUser, Constants.ADAttributes.sn, adUser.LastName);
SetProperty(oDENewUser, Constants.ADAttributes.mail, adUser.Email);
SetProperty(oDENewUser, Constants.ADAttributes.sAMAccountName, adUser.UserName);

SetProperty(oDENewUser, Constants.ADAttributes.ChallengeQuestion, adUser.PasswordChallengeQuestion);
SetProperty(oDENewUser, Constants.ADAttributes.ChallengeAnswer, adUser.PasswordChallengeAnswer);

SetProperty(oDENewUser, Constants.ADAttributes.ChallengeQuestion2, adUser.PasswordChallengeQuestion2);
SetProperty(oDENewUser, Constants.ADAttributes.ChallengeAnswer2, adUser.PasswordChallengeAnswer2);

// Sharepoint changes
if (adUser.CompanyGroupSupplier != string.Empty)
{
SetProperty(oDENewUser, Constants.ADAttributes.CompanyGroupSupplier, adUser.CompanyGroupSupplier);
}
if (adUser.PersonalGroupAddress != string.Empty)
{
SetProperty(oDENewUser, Constants.ADAttributes.PersonalGroupAddress, adUser.PersonalGroupAddress);
}
if (adUser.PersonalGroupPhone != string.Empty)
{
SetProperty(oDENewUser, Constants.ADAttributes.PersonalGroupPhone, adUser.PersonalGroupPhone);
}
// Sharepoint changes

oDENewUser.CommitChanges();

// 3. Set password
SetPassword(oDENewUser.Path, adUser.Password);

// 4. Enable account
EnableAccount(oDENewUser);

oDENewUser.Close();
oDE.Close();

if (_logger.IsDebugEnabled)
_logger.Debug("ADHelper.cs: Exit AddUser");

}
catch (ApplicationException appex)
{
if (_logger.IsErrorEnabled)
_logger.Error("ADHelper.cs: Exception occurred in AddUser. Message: ", appex);
throw appex;
}
catch (Exception ex)
{
if (_logger.IsErrorEnabled)
_logger.Error("ADHelper.cs: Exception occurred in AddUser. Message: ", ex);
throw ex;
}
finally
{
if (oDENewUser != null)
{
oDENewUser.Dispose();
oDENewUser = null;
}
if (oDEs != null)
{
oDEs = null;
}
if (oDE != null)
{
oDE.Dispose();
oDE = null;
}
}
}

How can I increase sAMAccountName length in Active Directory to around 30 characters in length?

active-directory
ad-lds
asked on Server Fault Dec 28, 2011 by shrikant • edited Dec 28, 2011 by James O'Gorman

2 Answers

4

As you've already found and stated in your question, the attribute is limited to 20 characters (MSDN article). This is for backwards compatibility. Active Directory itself is imposing this restriction therefore you can't override it programmatically.

answered on Server Fault Dec 28, 2011 by James O'Gorman
3

20 characters is the limit for the "Pre-Windows 2000" name, also known as the samAccountName.

Refer to this previous answer for more information: https://serverfault.com/a/335565/20701

answered on Server Fault Dec 28, 2011 by Greg Askew • edited Apr 13, 2017 by Community

User contributions licensed under CC BY-SA 3.0