Attributes for AD Users : sAMAccountName
In the AD attribute sAMAccountName, the account logon name or the user object is stored - in fact the legacy NetBIOS form as used in the naming notation "Domain\LogonName".
sAMAccountName
| LDAP name | sAMAccountName |
| Data type | String (max 20) |
| Multivalue (Array) | No |
| System Flags | 0x12 |
| Search Flags | 0x0D |
| In Global Catalog? | Yes |
| Attribute ID | 1.2.840.113556.1.4.221 |
| AD DB attribute name | SAM-Account-Name |
| ADSI datatype | 3 - String(Unicode) |
| LDAP syntax | 1.3.6.1.4.1.1466.115.121.1.15 - Directory String |
| Used in ... | > W2K |
| Schema Info | Microsoft - MSDN |
The attribute samAccountName is a mandatory attribute (a MUST attribute)
for user objects. It must be provided when you want to create a user -
otherwise (the result depends on the OS version of the domain controller)
the error -2147016657 respectively 0x8007202f (constraint violation) is
returned, or the system creates automatically a random sAMAccountName for
the new user.
For the purpose of clarity the sAMAccountName should always be conform
to the user principal name (UPN), the modern logon name of a AD User.
Hereby the sAMAccountName has to be equal to the prefix part of the attribute "userPrincipalName".
an example:
Name of domain: CERROTORRE (NetBIOS)
cerrotorre.ads (DNS)
sAMAccountName: pfoe
NetBIOS logon name: CERROTORRE\pfoe
userPrincialName: pfoe@cerrotorre.ads
An exception are maybe environments where the users are due to log on
to the system with the real email addresses. Here the sAMAccountName can
differ from the userPrincipalName:
Name of domain: CERROTORRE (NetBIOS)
cerrotorre.ads (DNS)
sAMAccountName: pfoe
NetBIOS logon name: CERROTORRE\pfoe
userPrincialName: philipp.foeckeler@cerrotorre.de
The Windows logon name has the data type unicode string - never theless
there are some restrictions given by the system. The name cannot consist
of more than 20 characters and the following characters are NOT allowed
for usage:
\ / [ ] : ; | = , + * ? < > @ "