Shulou(Shulou.com)06/02 Report--

In our daily work or in the process of automated development for AD, we will have doubts about UserPrincipalName and SamAccountName. After all, most of the time, we all understand these two attribute values as the same concept. As for why it is always unclear, let's simply summarize the content today.

UserPrincipalName: specifies the user principal name (UPN) of the service to be authenticated by the client. A user account name (sometimes called "user login name") and a domain name that identifies the domain in which the user account is located, which is the standard use for logging in to a Windows domain. The format is: xiaowen@azureyun.com (class email address).

SamAccountName: in the AD attribute AMAccountName, storing the account login or user object is actually the old NetBIOS form used in the naming symbol "Domain\ LogonName", which is a required attribute of the domain user object; and the SAMAccountName should always be consistent with the UPN principal name, that is, the SAMAccountName must be equal to the prefix part of the attribute "UserPrincipalName".

UserPrincipalName:

Format of user login name: xiaowen@azureyun.com

Is the user's Internet-style login name based on the Internet standard RFC 822

Should be unique among all security principal objects in the forest

UPN is optional and can be specified or not specified separately when creating a user account

SamAccountName:

Used with earlier versions of Windows (pre-windows 2000)

Format of user login name: azureyun\ xiaowen

Cannot exceed 20 characters

Is unique among all security principal objects in the domain

For example:

Domain name: azureyun.com

SamAccountName:xiaowen

NetBIOS login: azureyun\ xiaowen

UserPrincipalName:xiaowen@azureyun.com

The exception may be the environment where the user will log in to the system using a real e-mail address. Here SAMAccountName can be different from userPrincipalName:

Domain name: azureyun (NetBIOS) azureyun.com (DNS)

SAMAccountName:xiaowen

NetBIOS login: azureyun\ xiaowen

UserPrincialName:xiao.wen@azureyun.local

Windows logins have a data type unicode string-there are never any restrictions imposed by the system. The name cannot exceed 20 characters, and the following characters are not allowed:\ / []:; | =, + *? @ "

Please refer to the official chain for attribute content.

Welcome to the official account of Wechat: Xiao Wen study Society.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.