<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! userPrincipalName
The [Microsoft Active Directory] attribute that you typically see expressed as an email address:
{{{
jwilleke@example.com
}}}

In the [MMC Account Tab], this is labeled as the &quot;User Logon Name&quot;.

The value can be used as an alternate login name within [Microsoft Active Directory].

The [userPrincipalName is defined in MSDN|http://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx|target='_blank']

!! Interesting Aspects
* [{$pagename}] is a [SINGLE-VALUE] and indexed attribute that is a string that specifies the user principal name [UPN] of the user. 
* [{$pagename}] is an Internet-style login name for the user based on the Internet standard RFC 822. 
* [{$pagename}] is shorter than the distinguished name and easier to remember. By convention, this should map to the user's email name. The point of the UPN is to consolidate the email and logon namespaces so that the user need only remember a single name.
* [{$pagename}] is the preferred logon name for Windows users. Users should be using their UPNs to log on to the domain. At logon time, a UPN is validated first by searching the local domain, then the global catalog. Failure to find the UPN in the local domain or the GC results in rejection of the UPN.
* [{$pagename}] can be assigned, but is not required, when the user account is created. When assigned, the UPN is unaffected by changes to other attributes of the user object, for example, if the user is renamed or moved, or changes to the domains in the tree, for example, if a parent domain was renamed or a domain was moved. Thus, a user can keep the same login name, although the directory may be radically restructured. Be aware that the UPN can be changed administratively at any time.
* [{$pagename}] is a string attribute that can contain any string value. However, the following scheme is recommended:
** [{$pagename}] prefix (the user account name) 
** [{$pagename}] suffix (a DNS domain name). 
*  [{$pagename}] must be unique among all [Security Principal Objects] within the __directory forest__. 
* [{$pagename}] can consist of any name for the user (such as the sAMAccountName attribute of the user) and the domain tree name to which the user belongs in the following form: &lt;name&gt;@&lt;tree name&gt; (By default for the built-in user accounts and user accounts created using the Active Directory Users and Computers snap-in)
* When creating a new user object, you should check the local domain and the global catalog for the proposed name to ensure it does not already exist.!! Attribute Definition
The [{$pagename}] [AttributeTypes] is defined as:
* [OID] of [1.2.840.113556.1.4.656] 
* NAME: [{$pagename}]
* DESC: 
* [EQUALITY]: []
* [ORDERING]: []
* SYNTAX: [1.3.6.1.4.1.1466.115.121.1.15]
* [SINGLE-VALUE]
* USAGE [UserApplications] !! [{$pagename}] Format
[{$pagename}] format is described in [RFC 822] (obsoleted by [RFC 2822])

The &quot;&lt;tree name&gt;&quot; is the domain name system (DNS) name of a [domain], but is not required to be the name of the domain containing the user. 

However, the &quot;&lt;tree name&gt;&quot; portion of the [{$pagename}] must be the name of a domain in the current forest or an alternate name listed in the upnSuffixes attribute of the Partitions container within the Configuration container. You can add or remove [{$pagename}] suffixes by modifying the upnSuffixes attribute (or by choosing Properties for the root node of the Active Directory Domains and Trusts and modifying the [{$pagename}] suffixes on the [{$pagename}] Suffixes tab). 

Usually, the &quot;&lt;tree name&gt;&quot; is the name of the first domain in the first tree of the forest. In most cases, this domain name is the domain name registered as the enterprise domain on the Internet. The &quot;&lt;tree name&gt;&quot; is formatted by binding to the [RootDSE] on any domain in the forest, reading the [RootDomainNamingContext] attribute, and then transforming this from DC format (dc=fabrikam,dc=com) to the [{$pagename}] format (fabrikam.com) using the [ADSI] IADsNameTranslate interface.

%%information
In [ADAM], this attribute is not required to be in the Internet standard [RFC 822] format; it can be a simple name.
%%
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>