- Windows user name length
- Answered by:
- Question
- Answers
- All replies
- Windows user name length
- Answered by:
- Question
- Answers
- All replies
- What are the standard minimum and maximum lengths of username, password and email? [closed]
- 3 Answers 3
- Windows user name length
- Вопрос
- Ответы
- Все ответы
- Windows user name length
- Вопрос
- Ответы
- Все ответы
Windows user name length
This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.
Answered by:
Question
I have a Windows 2008 R2 Domain and I recently created a user which exceeds 20 characters in length. We follow the standard of First_Last and this particular user totals 21 characters. My environment includes Windows 2003, XP, and Windows 7. I was under the impression that the 20 character limit was for pre-2000 machines. However, I tried logging in to a Windows 7 machine and it wouldn’t let me until I drop the username to 20 characters.
Any way to work around this? I would think Win2008 R2 would be able to do longer usernames.
Let me know. Thanks
Answers
Ah. All of the name attributes in AD get confusing. The User Logon name is actually the User Principal name. A user can logon either with their user principal name or their «pre-Windows 2000 logon» name. I you use the user principal name, you must include the DNS suffix, for example:
If you use the «pre-Windows 2000 logon» name you can logon with just that name, assuming the logon dialog is pointed to your domain. If not, you can logon with DomainName\userid, where DomainName is the NetBIOS name of the domain and userid is the «pre-Windows 2000 logon» name. I forget the length restrictions for the user principal name, but it can be much longer. If no value is assigned for the user principal name, you can use the «pre-Windows 2000 logon» name instead, for example DomainName\userid. Does this help?
Thanks for your reply
I understand I can logon as username@domainname.internal. but folder redirection didn’t work after that.
So, I just told the user to user the truncated username to login since it’s less typing and folder redirection works.
All replies
The sAMAccountName (pre-Windows 2000 logon name) is limited to 20 characters for user objects. The maximum length has not changed. Some other classes of objects, like groups, can have longer sAMAccountNames. How did you create a user with more than 20 characters in the sAMAccountName? The Common Name (value of the cn attribute) can be much longer.
When I said I created a username with 21 characters I meant that’s what shows under User Logon name next to the @domainname.internal
This username was cut off at 20 characters in the User Logon Name (pre-Windows 2000) field.
I was able to login using the 21 character username using the full username@domainname.internal to a windows 7 workstation but I don’t think it behaves properly since I have folder redirection applied and it didn’t do it when I logged in using this format. Folder redirection is applied correctly when I log in using the 20 character username.
Like you said, it looks like the sAMAccountName cannot be longer than 20. I just wanted to double check since it seems kind of limited for 2008. I understand the backwards compatibility but I was hoping that there was something similar to raising the domain functional level on a domain controller that would unlock certain features by dropping backwards compatibility.
Windows user name length
This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.
Answered by:
Question
I have a Windows 2008 R2 Domain and I recently created a user which exceeds 20 characters in length. We follow the standard of First_Last and this particular user totals 21 characters. My environment includes Windows 2003, XP, and Windows 7. I was under the impression that the 20 character limit was for pre-2000 machines. However, I tried logging in to a Windows 7 machine and it wouldn’t let me until I drop the username to 20 characters.
Any way to work around this? I would think Win2008 R2 would be able to do longer usernames.
Let me know. Thanks
Answers
Ah. All of the name attributes in AD get confusing. The User Logon name is actually the User Principal name. A user can logon either with their user principal name or their «pre-Windows 2000 logon» name. I you use the user principal name, you must include the DNS suffix, for example:
If you use the «pre-Windows 2000 logon» name you can logon with just that name, assuming the logon dialog is pointed to your domain. If not, you can logon with DomainName\userid, where DomainName is the NetBIOS name of the domain and userid is the «pre-Windows 2000 logon» name. I forget the length restrictions for the user principal name, but it can be much longer. If no value is assigned for the user principal name, you can use the «pre-Windows 2000 logon» name instead, for example DomainName\userid. Does this help?
Thanks for your reply
I understand I can logon as username@domainname.internal. but folder redirection didn’t work after that.
So, I just told the user to user the truncated username to login since it’s less typing and folder redirection works.
All replies
The sAMAccountName (pre-Windows 2000 logon name) is limited to 20 characters for user objects. The maximum length has not changed. Some other classes of objects, like groups, can have longer sAMAccountNames. How did you create a user with more than 20 characters in the sAMAccountName? The Common Name (value of the cn attribute) can be much longer.
When I said I created a username with 21 characters I meant that’s what shows under User Logon name next to the @domainname.internal
This username was cut off at 20 characters in the User Logon Name (pre-Windows 2000) field.
I was able to login using the 21 character username using the full username@domainname.internal to a windows 7 workstation but I don’t think it behaves properly since I have folder redirection applied and it didn’t do it when I logged in using this format. Folder redirection is applied correctly when I log in using the 20 character username.
Like you said, it looks like the sAMAccountName cannot be longer than 20. I just wanted to double check since it seems kind of limited for 2008. I understand the backwards compatibility but I was hoping that there was something similar to raising the domain functional level on a domain controller that would unlock certain features by dropping backwards compatibility.
What are the standard minimum and maximum lengths of username, password and email? [closed]
Want to improve this question? Add details and clarify the problem by editing this post.
Closed last month .
What are the standard minimum and maximum lengths of username, password and email?
3 Answers 3
I have issues with this question, as it pre-supposes that there should be a standard, and that the values will be the same across all services.
I don’t think it’s useful to impose a maximum length for any of these fields, especially the password field. With password hashing, there’s no space benefit from restricting password length. There may be cause to limit the minimum password length, but what the minimum should be depends on the security of the service.
With the email address, you can’t guess how long an address your users will pick, nor how short: who are you to say that a.very.long.address@some.subdomain.of.makealongeremailaddress.com isn’t valid, and conversely, that Twitter won’t start selling email aliases on t.co?
Usernames are slightly more difficult to reason about, but again I’d argue that there’s no benefit to restricting the length. If your service is likely to be popular, then (like Google) you may benefit from stopping the race to get the short vanity usernames, but especially if you’re popular, there’s no benefit to restricting the length and if you do then you may be stopping your users from finding a suitable name that’s not already taken (cf «No-As-Big-As-Medium-Sized-Jock-But-Bigger-Than-Wee-Jock-Jock»).
Windows user name length
Вопрос
I have a Windows 2008 R2 Domain and I recently created a user which exceeds 20 characters in length. We follow the standard of First_Last and this particular user totals 21 characters. My environment includes Windows 2003, XP, and Windows 7. I was under the impression that the 20 character limit was for pre-2000 machines. However, I tried logging in to a Windows 7 machine and it wouldn’t let me until I drop the username to 20 characters.
Any way to work around this? I would think Win2008 R2 would be able to do longer usernames.
Let me know. Thanks
Ответы
Ah. All of the name attributes in AD get confusing. The User Logon name is actually the User Principal name. A user can logon either with their user principal name or their «pre-Windows 2000 logon» name. I you use the user principal name, you must include the DNS suffix, for example:
If you use the «pre-Windows 2000 logon» name you can logon with just that name, assuming the logon dialog is pointed to your domain. If not, you can logon with DomainName\userid, where DomainName is the NetBIOS name of the domain and userid is the «pre-Windows 2000 logon» name. I forget the length restrictions for the user principal name, but it can be much longer. If no value is assigned for the user principal name, you can use the «pre-Windows 2000 logon» name instead, for example DomainName\userid. Does this help?
Thanks for your reply
I understand I can logon as username@domainname.internal. but folder redirection didn’t work after that.
So, I just told the user to user the truncated username to login since it’s less typing and folder redirection works.
Все ответы
The sAMAccountName (pre-Windows 2000 logon name) is limited to 20 characters for user objects. The maximum length has not changed. Some other classes of objects, like groups, can have longer sAMAccountNames. How did you create a user with more than 20 characters in the sAMAccountName? The Common Name (value of the cn attribute) can be much longer.
When I said I created a username with 21 characters I meant that’s what shows under User Logon name next to the @domainname.internal
This username was cut off at 20 characters in the User Logon Name (pre-Windows 2000) field.
I was able to login using the 21 character username using the full username@domainname.internal to a windows 7 workstation but I don’t think it behaves properly since I have folder redirection applied and it didn’t do it when I logged in using this format. Folder redirection is applied correctly when I log in using the 20 character username.
Like you said, it looks like the sAMAccountName cannot be longer than 20. I just wanted to double check since it seems kind of limited for 2008. I understand the backwards compatibility but I was hoping that there was something similar to raising the domain functional level on a domain controller that would unlock certain features by dropping backwards compatibility.
Windows user name length
Вопрос
I have a Windows 2008 R2 Domain and I recently created a user which exceeds 20 characters in length. We follow the standard of First_Last and this particular user totals 21 characters. My environment includes Windows 2003, XP, and Windows 7. I was under the impression that the 20 character limit was for pre-2000 machines. However, I tried logging in to a Windows 7 machine and it wouldn’t let me until I drop the username to 20 characters.
Any way to work around this? I would think Win2008 R2 would be able to do longer usernames.
Let me know. Thanks
Ответы
Ah. All of the name attributes in AD get confusing. The User Logon name is actually the User Principal name. A user can logon either with their user principal name or their «pre-Windows 2000 logon» name. I you use the user principal name, you must include the DNS suffix, for example:
If you use the «pre-Windows 2000 logon» name you can logon with just that name, assuming the logon dialog is pointed to your domain. If not, you can logon with DomainName\userid, where DomainName is the NetBIOS name of the domain and userid is the «pre-Windows 2000 logon» name. I forget the length restrictions for the user principal name, but it can be much longer. If no value is assigned for the user principal name, you can use the «pre-Windows 2000 logon» name instead, for example DomainName\userid. Does this help?
Thanks for your reply
I understand I can logon as username@domainname.internal. but folder redirection didn’t work after that.
So, I just told the user to user the truncated username to login since it’s less typing and folder redirection works.
Все ответы
The sAMAccountName (pre-Windows 2000 logon name) is limited to 20 characters for user objects. The maximum length has not changed. Some other classes of objects, like groups, can have longer sAMAccountNames. How did you create a user with more than 20 characters in the sAMAccountName? The Common Name (value of the cn attribute) can be much longer.
When I said I created a username with 21 characters I meant that’s what shows under User Logon name next to the @domainname.internal
This username was cut off at 20 characters in the User Logon Name (pre-Windows 2000) field.
I was able to login using the 21 character username using the full username@domainname.internal to a windows 7 workstation but I don’t think it behaves properly since I have folder redirection applied and it didn’t do it when I logged in using this format. Folder redirection is applied correctly when I log in using the 20 character username.
Like you said, it looks like the sAMAccountName cannot be longer than 20. I just wanted to double check since it seems kind of limited for 2008. I understand the backwards compatibility but I was hoping that there was something similar to raising the domain functional level on a domain controller that would unlock certain features by dropping backwards compatibility.
