jspωiki
MMC Account Tab
Your trail: 

Overview#

The MMC Account Tab is used to manage accounts in Microsoft Active Directory

Account Tab

userPrincipalName (User logon name:)#

When using the MMC, in the "New Object – user" dialog you are also required to specify a "User logon name". Which, in combination with the DNS domain name, becomes the "userPrincipalName".

The userPrincipalName typically appears as jim@mad.willeke.com which is made up from the MMC interface value that is the "User logon name:" and the drop down that the MMC only allows the "@" and the domain name (mad.willeke.com).

However, this is not enforced nor required. The userPrincipalName has no enforcement within Microsoft Active Directory other than the MMC interface.

The userPrincipalName is one of the "logon" attributes permitted by Microsoft Active Directory

Often, this value is populated with the user email address.

The "userPrincipalName" is an alternative name for the user to logon with. This attribute is not always assigned a value in Active Directory.

SamAccountName (User login name (pre-Windows 2000)):#

When you key in "User logon name", the field "pre-Windows 2000 logon name" is filled in for you with the first 20 characters of "User logon name". This becomes the "SamAccountName" attribute.

Account Tab

Domain NetBios Name#

The Domain NetBios Name is not stored on the user but is shown as read-only in the MMC Account Tab

This implies the user can logon as MAD\jim

"User must change password"#

The Microsoft Active Directory LDAP attribute in pwdLastSet determines if the user is prompted to change their password on the next login.

"User cannot change password"#

Sets the PASSWD_CANT_CHANGE bit of the user-Account-Control Attribute.

"Password never expires"#

Checking this value actually sets a user-Account-Control Attribute bit value DONT_EXPIRE_PASSWORD to indicate the password never expires.

Account Expires#

When "Never" is check, then the Microsoft Active Directory LDAP attribute in accountExpires is set to 0, which implies the account never expires. We have also seen this value in transactions in DirXML as "9223372036854775807".

"Store password using reversible encryption"#

Sets the USE_DES_KEY_ONLY bit of the user-Account-Control Attribute.

"End of:"#

When selecting a date, the value is set on the Microsoft Active Directory LDAP attribute in accountExpires.

More Information#

There might be more information for this subject on one of the following:
This page (revision-26) was last changed on 24-Aug-2014 19:49 by jim Top

Main page
About
Recent Changes
Tools Page

Lead Pages#

WikiEtiquette
Find pages
Unused pages
Undefined pages
Page Index
News


Site Maintained By -jim

Costs of Wiki

Donations#

If you like Ldapwiki, please consider a donation.

Donation for LDAPWiki


Active Sessions98
Uptime48d, 22h 43m 57s
Number of pages14054

JSPWiki v2.10.1
jspωiki
Please see our Copyright And Intellectual Property Page and Standard Disclaimer Pages!
JSPWiki v2.10.1