Windows Server 2008/R2: Change the maximum UserName length?

windows user-management windows-server-2008

Is there any way to change the standard 20 character UserName maximum length restriction for local accounts?

(Server 2008 R2 to be specific)


Nope, it's fixed at 20. I believe this is for backward compatibility reasons. You can go bigger in Active Directory (except for the SAMAccountName field), but not locally.


You must be referring to the sam-accountname attribute. Logon names have to follow these rules:

Rules for Logon Names

Logon names must follow these rules:

Local logon names must be unique on a workstation and global logon names must be unique throughout a domain.

Logon names can be up to 104 characters. However, it isn't practical to use logon names that are longer than 64 characters.

A Microsoft Windows NT version 4.0 or earlier logon name is given to all accounts, which by default is set to the first 20 characters of the Windows 2000 logon name. The Windows NT version 4.0 or earlier logon name must be unique throughout a domain.

Users logging on to the domain from Windows 2000 computers can use their Windows 2000 logon name or their Windows NT version 4.0 or earlier logon name, regardless of the domain operations mode.

Note that the GUI only lets you create 20 char names, you would have to create them programatically to get past 20.


"Note that the GUI only lets you create 20 char names, you would have to create them programatically to get past 20."

I would say that that statement is incorrect. I cannot programmatically create usernames greater than twenty characters. Below is the relevant VB.NET code that I ran on Windows Server 2008 R2. It works for creating user names of twenty or fewer characters, but throws an exception if the username exceeds twenty characters. Try it yourself. Sincerely, Joseph Davoli

Code:

Imports System.DirectoryServices    'Gives us access to Directory Services.

Function Blah() As Whatever

Dim strFNMILN As String = "Christopher.B.Robinson" 'NOTE: Twenty-two characters. Dim strFullName as string = "Christopher B. Robinson"

'Declare a new "DirectoryEntry" object variable and assign to it the entry for 'this computer (the computer on which this code is running). Dim DirectoryEntryThisComputer As New DirectoryEntry("WinNT://" & Environment.MachineName & ",computer")

'Declare a new "DirectoryEntry" object variable and name it "DirectoryEntryNewUser". 'Create a new user in the local directory and assign that user to our object variable. Dim DirectoryEntryNewUser As DirectoryEntry = DirectoryEntryThisComputer.Children.Add(strFNMILN, "user")

'Add the fullname of this user. DirectoryEntryNewUser.Invoke("Put", New Object() {"fullname", strFullName })

'Add a description value. DirectoryEntryNewUser.Invoke("Put", New Object() {"description", "This is a test user."})

'Set the password for this new user (14 character minimum). DirectoryEntryNewUser.Invoke("SetPassword", New Object() {"abcdefg1234567"})

'Save this new user to the local directory (this machine's directory). DirectoryEntryNewUser.CommitChanges()

. . End Function

Related

fsck a filesystem in a file
PATH issues for init.d scripts on startup
Apc, xcache or eAccelerator? What should I use for Wordpress? [closed]
Allow password access for all users except root?
DMARC test failed but we didn't find any obvious reason why; DMARC not passing while SPF and DKIM do
How do I mount a private /proc inside a namespace inside a docker container?
SocketException in Mongo logs
View unbuffered log output from journalctl
Connect two infiniband cards to each other without a switch
IIS7 Not sending Intermediate SSL Certificate
Haproxy: SSL encrypted backend with self-signed cert
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP