Overview#
The MMC Account Tab is used to manage accounts in Microsoft Active Directory |
userPrincipalName (User logon name:)#
When using the MMC, in the "New Object – user" dialog you are also required to specify a "User logon name". Which, in combination with the DNS domain name, becomes the "userPrincipalName".The userPrincipalName typically appears as jim@mad.willeke.com which is made up from the MMC interface value that is the "User logon name:" and the drop down that the MMC only allows the "@" and the domain name (mad.willeke.com).
However, this is not enforced nor required. The userPrincipalName has no enforcement within Microsoft Active Directory other than the MMC interface.
The userPrincipalName is one of the "logon" attributes permitted by Microsoft Active Directory
Often, this value is populated with the user email address.
The "userPrincipalName" is an alternative name for the user to logon with. This attribute is not always assigned a value in Active Directory.
SamAccountName (User login name (pre-Windows 2000)):#
When you key in "User logon name", the field "pre-Windows 2000 logon name" is filled in for you with the first 20 characters of "User logon name". This becomes the "SamAccountName" attribute. |
Domain NetBios Name#
The Domain NetBios Name is not stored on the user but is shown as read-only in the MMC Account TabThis implies the user can logon as MAD\jim
"User must change password"#
The Microsoft Active Directory LDAP attribute in pwdLastSet determines if the user is prompted to change their password on the next login."User cannot change password"#
Sets the PASSWD_CANT_CHANGE bit of the user-Account-Control Attribute."Password never expires"#
Checking this value actually sets a user-Account-Control Attribute bit value DONT_EXPIRE_PASSWORD to indicate the password never expires.Account Expires#
When "Never" is check, then the Microsoft Active Directory LDAP attribute in accountExpires is set to 0, which implies the account never expires. We have also seen this value in transactions in DirXML as "9223372036854775807"."Store password using reversible encryption"#
Sets the USE_DES_KEY_ONLY bit of the user-Account-Control Attribute."End of:"#
When selecting a date, the value is set on the Microsoft Active Directory LDAP attribute in accountExpires.More Information#
There might be more information for this subject on one of the following:Add new attachment
List of attachments
| Kind | Attachment Name | Size | Version | Date Modified | Author | Change note |
|---|---|---|---|---|---|---|
jpg |
MAD-user-Account-LDAP-annotate... | 87.0 kB | 1 | 03-Apr-2010 11:33 | jim | MAD-user-Account-LDAP-annotated |
jpg |
MAD-user-Account-LDAP.jpg | 32.2 kB | 1 | 03-Apr-2010 11:32 | jim | MAD-User-LDAP-Account |
Main page
About
Recent Changes
Tools Page
Lead Pages#
- LDAP
- Authentication,
Authorization - OAuth 2.0, OIDC, UMA
- Cryptography
- WEB Access Management
- eDirectory, DirXML, Imanager
- Microsoft Active Directory
- Passwords
- Authentication, Authorization
- Glossary
WikiEtiquette
Find pages
Unused pages
Undefined pages
Page Index
News
Donations#
If you like Ldapwiki, please consider a donation. |