有什么办法可以更改本地帐户的标准20个字符的UserName最大长度限制?
(特定于Server 2008 R2)
有什么办法可以更改本地帐户的标准20个字符的UserName最大长度限制?
(特定于Server 2008 R2)
Answers:
您必须引用sam-accountname属性。登录名必须遵循以下规则:
登录名规则
登录名必须遵循以下规则:
本地登录名在工作站上必须唯一,而全局登录名在整个域中必须唯一。
登录名最多可以包含104个字符。但是,使用长度超过64个字符的登录名是不切实际的。
将为所有帐户提供一个Microsoft Windows NT 4.0或更早版本的登录名,默认情况下将其设置为Windows 2000登录名的前20个字符。Windows NT 4.0或更早版本的登录名在整个域中必须是唯一的。
从Windows 2000计算机登录到域的用户可以使用其Windows 2000登录名或Windows NT版本4.0或更早的登录名,而不必考虑域操作模式。
请注意,GUI仅允许您创建20个字符名称,您必须以编程方式创建它们才能超过20个。
“请注意,GUI只允许您创建20个字符名称,您必须以编程方式创建它们才能超过20个字符。”
我会说那句话是不正确的。我无法以编程方式创建大于20个字符的用户名。以下是我在Windows Server 2008 R2上运行的相关VB.NET代码。它用于创建不超过20个字符的用户名,但如果用户名超过20个字符,则会引发异常。自己尝试。真诚的,约瑟夫·达沃利
码:
Imports System.DirectoryServices 'Gives us access to Directory Services.Function Blah() As Whatever
Dim strFNMILN As String = "Christopher.B.Robinson" 'NOTE: Twenty-two characters. Dim strFullName as string = "Christopher B. Robinson"
'Declare a new "DirectoryEntry" object variable and assign to it the entry for 'this computer (the computer on which this code is running). Dim DirectoryEntryThisComputer As New DirectoryEntry("WinNT://" & Environment.MachineName & ",computer")
'Declare a new "DirectoryEntry" object variable and name it "DirectoryEntryNewUser". 'Create a new user in the local directory and assign that user to our object variable. Dim DirectoryEntryNewUser As DirectoryEntry = DirectoryEntryThisComputer.Children.Add(strFNMILN, "user")
'Add the fullname of this user. DirectoryEntryNewUser.Invoke("Put", New Object() {"fullname", strFullName })
'Add a description value. DirectoryEntryNewUser.Invoke("Put", New Object() {"description", "This is a test user."})
'Set the password for this new user (14 character minimum). DirectoryEntryNewUser.Invoke("SetPassword", New Object() {"abcdefg1234567"})
'Save this new user to the local directory (this machine's directory). DirectoryEntryNewUser.CommitChanges()
. . End Function
我在W2K3 AD Server中使用了DSADD,由于“ SAMID”的21个(二十一个)字符长度而失败。
C:\Users\admin-of-change>DSAdd.exe user "CN=SharePoint Service Applications XYZ,OU=Users,OU=District UVW,OU=XYZ,DC=domain-universe,DC=int,DC=net" -samid "adm_xyz_SPServiceApps" -upn adm_xyz_SPServiceApps@domain-universe.int.net -fn "SharePoint Service Applications" -ln "XYZ" -display "SharePoint Service Applications XYZ" -pwd "continue2013" -desc "Non Human Account" -office "Head Office" -email adm_xyz_SPServiceApps@UnusualCompany.com -webpg "www.UnusualCompany.com" -title "SharePoint Service Applications XYZ" -company "X Y Z" -disabled no
dsadd failed:CN=SharePoint Service Applications XYZ,OU=Users,OU=District UVW,OU=XYZ,DC=domain-universe,DC=int,DC=net:The name provided is not a properly formed account name.
type dsadd /? for help.
┌─────────────────────────────────────┐
│ Executed Tue 07/02/2013 13:59:57.88 │ As [admin-of-change]
└─────────────────────────────────────┘
解决了,同时降低了UPN。
C:\Users\admin-of-change>DSAdd.exe user "CN=SharePoint Service Applications XYZ,OU=Users,OU=District UVW,OU=XYZ,DC=domain-universe,DC=int,DC=net" -samid "adm_xyz_SPSvcApps" -upn adm_xyz_SPSvcApps@domain-universe.int.net -fn "SharePoint Service Applications" -ln "XYZ" -display "SharePoint Service Applications XYZ" -pwd "continue2013" -desc "Non Human Account" -office "Head Office" -email adm_xyz_SPSvcApps@UnusualCompany.com -webpg "www.UnusualCompany.com" -title "SharePoint Service Applications XYZ" -company "X Y Z" -disabled no
dsadd succeeded:CN=SharePoint Service Applications XYZ,OU=Users,OU=Users,OU=District UVW,OU=XYZ,DC=domain-universe,DC=int,DC=net
┌─────────────────────────────────────┐
│ Executed Tue 07/02/2013 14:06:21.08 │ As [admin-of-change]
└─────────────────────────────────────┘
欢迎提出任何改进意见。