This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
MMC Account Tab
MMC Account Tab

Version management

Difference between version and

At line 1 added 51 lines
!!! Overview
The [{$pagename}] is used to manage accounts in [Microsoft Active Directory]
[{Image src='MMC Account Tab/MAD-user-Account-LDAP.jpg' caption='Account Tab' style='font-size: 120%; color: blue;'}]
!! [userPrincipalName] (User logon name:)
When using the [MMC], in the "New Object – user" dialog you are also required to specify a "User logon name". Which, in combination with the DNS domain name, becomes the "[userPrincipalName]".
The [userPrincipalName] typically appears as jim@mad.willeke.com which is made up from the [MMC] interface value that is the "User logon name:" and the drop down that the [MMC] only allows the "@" and the domain name (mad.willeke.com).
However, this is not enforced nor required. The [userPrincipalName] has no enforcement within [Microsoft Active Directory] other than the [MMC] interface.
The [userPrincipalName] is one of the "logon" attributes permitted by [Microsoft Active Directory]
Often, this value is populated with the user email address.
The "[userPrincipalName]" is an alternative name for the user to logon with. This attribute is not always assigned a value in Active Directory.
!! [SamAccountName] (User login name (pre-Windows 2000)):
When you key in "User logon name", the field "pre-Windows 2000 logon name" is filled in for you with the first 20 characters of "User logon name". This becomes the "[SamAccountName]" attribute.
[{Image src='MMC Account Tab/MAD-user-Account-LDAP-annotated.jpg' caption='Account Tab' style='font-size: 120%; color: blue;'}]
!! Domain NetBios Name
The Domain NetBios Name is not stored on the user but is shown as read-only in the [MMC Account Tab]
This implies the user can logon as MAD\jim
!! "User must change password"
The [Microsoft Active Directory] LDAP attribute in [pwdLastSet|pwd-Last-Set attribute] determines if the user is prompted to change their password on the next login.
!! "User cannot change password"
Sets the [PASSWD_CANT_CHANGE] bit of the [user-Account-Control Attribute].
!! "Password never expires"
Checking this value actually sets a [user-Account-Control Attribute] bit value [DONT_EXPIRE_PASSWORD] to indicate the password never expires.
!! [Account Expires]
When "Never" is check, then the [Microsoft Active Directory] LDAP attribute in [accountExpires] is set to 0, which implies the account never expires. We have also seen this value in transactions in [DirXML] as "[9223372036854775807|9,223,372,036,854,775,807]".
!! "Store password using reversible encryption"
Sets the [USE_DES_KEY_ONLY] bit of the [user-Account-Control Attribute].
!"End of:"
When selecting a date, the value is set on the [Microsoft Active Directory] LDAP attribute in [accountExpires].
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop