有什么方法可以改变本地帐户的标准 20 个字符的用户名最大长度限制?
(具体为 Server 2008 R2)
答案1
不,它固定在 20。我相信这是出于向后兼容的原因。您可以在 Active Directory 中设置更大的值(SAMAccountName 字段除外),但不能在本地设置。
答案2
您肯定指的是 sam-accountname 属性。登录名必须遵循这些规则:
登录名规则
登录名称必须遵循以下规则:
本地登录名在工作站上必须是唯一的,全局登录名在整个域中必须是唯一的。
登录名最多可以包含 104 个字符。但是,使用长度超过 64 个字符的登录名是不切实际的。
所有帐户均被赋予 Microsoft Windows NT 4.0 版或更早版本的登录名,默认情况下,该登录名设置为 Windows 2000 登录名的前 20 个字符。Windows NT 4.0 版或更早版本的登录名在整个域中必须是唯一的。
从 Windows 2000 计算机登录到域的用户可以使用他们的 Windows 2000 登录名或他们的 Windows NT 4.0 版或更早版本的登录名,而不管域操作模式如何。
请注意,GUI 仅允许您创建 20 个字符名称,您必须以编程方式创建它们才能超过 20 个。
答案3
“请注意,GUI 仅允许您创建 20 个角色名称,您必须以编程方式创建它们才能超过 20 个。”
我想说这种说法是错误的。我无法以编程方式创建超过 20 个字符的用户名。下面是我在 Windows Server 2008 R2 上运行的相关 VB.NET 代码。它适用于创建 20 个或更少字符的用户名,但如果用户名超过 20 个字符,则会引发异常。自己尝试一下。诚挚的,Joseph Davoli
代码:
Imports System.DirectoryServices 'Gives us access to Directory Services.Function Blah() As Whatever
Dim strFNMILN As String = "Christopher.B.Robinson" 'NOTE: Twenty-two characters. Dim strFullName as string = "Christopher B. Robinson"
'Declare a new "DirectoryEntry" object variable and assign to it the entry for 'this computer (the computer on which this code is running). Dim DirectoryEntryThisComputer As New DirectoryEntry("WinNT://" & Environment.MachineName & ",computer")
'Declare a new "DirectoryEntry" object variable and name it "DirectoryEntryNewUser". 'Create a new user in the local directory and assign that user to our object variable. Dim DirectoryEntryNewUser As DirectoryEntry = DirectoryEntryThisComputer.Children.Add(strFNMILN, "user")
'Add the fullname of this user. DirectoryEntryNewUser.Invoke("Put", New Object() {"fullname", strFullName })
'Add a description value. DirectoryEntryNewUser.Invoke("Put", New Object() {"description", "This is a test user."})
'Set the password for this new user (14 character minimum). DirectoryEntryNewUser.Invoke("SetPassword", New Object() {"abcdefg1234567"})
'Save this new user to the local directory (this machine's directory). DirectoryEntryNewUser.CommitChanges()
. . End Function
答案4
我正在使用 DSADD 进入 W2K3 AD 服务器,由于“SAMID”的长度为 21(二十一)个字符而失败。
C:\Users\admin-of-change>DSAdd.exe user "CN=SharePoint Service Applications XYZ,OU=Users,OU=District UVW,OU=XYZ,DC=domain-universe,DC=int,DC=net" -samid "adm_xyz_SPServiceApps" -upn [email protected] -fn "SharePoint Service Applications" -ln "XYZ" -display "SharePoint Service Applications XYZ" -pwd "continue2013" -desc "Non Human Account" -office "Head Office" -email [email protected] -webpg "www.UnusualCompany.com" -title "SharePoint Service Applications XYZ" -company "X Y Z" -disabled no
dsadd failed:CN=SharePoint Service Applications XYZ,OU=Users,OU=District UVW,OU=XYZ,DC=domain-universe,DC=int,DC=net:The name provided is not a properly formed account name.
type dsadd /? for help.
┌─────────────────────────────────────┐
│ Executed Tue 07/02/2013 13:59:57.88 │ As [admin-of-change]
└─────────────────────────────────────┘
减少 UPN 即可解决。
C:\Users\admin-of-change>DSAdd.exe user "CN=SharePoint Service Applications XYZ,OU=Users,OU=District UVW,OU=XYZ,DC=domain-universe,DC=int,DC=net" -samid "adm_xyz_SPSvcApps" -upn [email protected] -fn "SharePoint Service Applications" -ln "XYZ" -display "SharePoint Service Applications XYZ" -pwd "continue2013" -desc "Non Human Account" -office "Head Office" -email [email protected] -webpg "www.UnusualCompany.com" -title "SharePoint Service Applications XYZ" -company "X Y Z" -disabled no
dsadd succeeded:CN=SharePoint Service Applications XYZ,OU=Users,OU=Users,OU=District UVW,OU=XYZ,DC=domain-universe,DC=int,DC=net
┌─────────────────────────────────────┐
│ Executed Tue 07/02/2013 14:06:21.08 │ As [admin-of-change]
└─────────────────────────────────────┘
欢迎任何改进意见。