0

I am using Windows 2008 R2 Server and trying to add a user in Active Directory.

I am able to save user ID of length less than 20 characters. But when I try to increase this value to 30 characters I get this error:

“System.DirectoryServices.DirectoryServicesCOMException (0x8007001F): A device attached to the system is not functioning. (Exception from HRESULT: 0x8007001F)”

This error when I searched on net give me various links saying that:

  • Please verify if the issue is caused by the length of sAMAccountName

  • The document of SAM-Account-Name also indicates that the length of it should be less than 20 characters.

I am using the code below to add user in Active Directory

public static void AddUser(ADUser adUser)
{
       if (_logger.IsDebugEnabled)
          _logger.Debug("ADHelper.cs: Enter AddUser");


         // Local variables
            DirectoryEntry oDE = null;
            DirectoryEntry oDENewUser = null;
            DirectoryEntries oDEs = null;

try
{
oDE = GetDirectoryEntry(GetADPath(adUser.UserType));

// 1. Create user account
oDEs = oDE.Children;
oDENewUser = oDEs.Add("CN=" + adUser.UserName, "user");

// 2. Set properties
SetProperty(oDENewUser, Constants.ADAttributes.givenName, adUser.FirstName);
SetProperty(oDENewUser, Constants.ADAttributes.initials, adUser.MiddleInitial);
SetProperty(oDENewUser, Constants.ADAttributes.sn, adUser.LastName);
SetProperty(oDENewUser, Constants.ADAttributes.mail, adUser.Email);
SetProperty(oDENewUser, Constants.ADAttributes.sAMAccountName, adUser.UserName);

SetProperty(oDENewUser, Constants.ADAttributes.ChallengeQuestion, adUser.PasswordChallengeQuestion);
SetProperty(oDENewUser, Constants.ADAttributes.ChallengeAnswer, adUser.PasswordChallengeAnswer);

SetProperty(oDENewUser, Constants.ADAttributes.ChallengeQuestion2, adUser.PasswordChallengeQuestion2);
SetProperty(oDENewUser, Constants.ADAttributes.ChallengeAnswer2, adUser.PasswordChallengeAnswer2);

// Sharepoint changes
if (adUser.CompanyGroupSupplier != string.Empty)
{
SetProperty(oDENewUser, Constants.ADAttributes.CompanyGroupSupplier, adUser.CompanyGroupSupplier);
}
if (adUser.PersonalGroupAddress != string.Empty)
{
SetProperty(oDENewUser, Constants.ADAttributes.PersonalGroupAddress, adUser.PersonalGroupAddress);
}
if (adUser.PersonalGroupPhone != string.Empty)
{
SetProperty(oDENewUser, Constants.ADAttributes.PersonalGroupPhone, adUser.PersonalGroupPhone);
}
// Sharepoint changes

oDENewUser.CommitChanges();

// 3. Set password
SetPassword(oDENewUser.Path, adUser.Password);

// 4. Enable account
EnableAccount(oDENewUser);

oDENewUser.Close();
oDE.Close();

if (_logger.IsDebugEnabled)
_logger.Debug("ADHelper.cs: Exit AddUser");

}
catch (ApplicationException appex)
{
if (_logger.IsErrorEnabled)
_logger.Error("ADHelper.cs: Exception occurred in AddUser. Message: ", appex);
throw appex;
}
catch (Exception ex)
{
if (_logger.IsErrorEnabled)
_logger.Error("ADHelper.cs: Exception occurred in AddUser. Message: ", ex);
throw ex;
}
finally
{
if (oDENewUser != null)
{
oDENewUser.Dispose();
oDENewUser = null;
}
if (oDEs != null)
{
oDEs = null;
}
if (oDE != null)
{
oDE.Dispose();
oDE = null;
}
}
}

How can I increase sAMAccountName length in Active Directory to around 30 characters in length?

James O'Gorman
  • 5,249
  • 2
  • 23
  • 28
shrikant
  • 11
  • 1
  • 1
  • 2
    If this is a real user account, I don't think anyone really wants to be typing in a 20-character username. Mine is 11 and that's annoying enough. – Mark Henderson Dec 28 '11 at 21:20

2 Answers2

4

As you've already found and stated in your question, the attribute is limited to 20 characters (MSDN article). This is for backwards compatibility. Active Directory itself is imposing this restriction therefore you can't override it programmatically.

James O'Gorman
  • 5,249
  • 2
  • 23
  • 28
3

20 characters is the limit for the "Pre-Windows 2000" name, also known as the samAccountName.

Refer to this previous answer for more information: https://serverfault.com/a/335565/20701

Community
  • 1
Greg Askew
  • 34,339
  • 3
  • 52
  • 81