Discussion:
User logon name matches computer name
(too old to reply)
Carol Deavy
2006-11-07 14:27:02 UTC
Permalink
Is there any reason that a user logon name should NOT match a computer name
in active directory? Will this cause any problems? Is there documentation
you can point me to or provide which outlines this information?

Thanks in advance.
Richard Mueller
2006-11-07 14:55:07 UTC
Permalink
Post by Carol Deavy
Is there any reason that a user logon name should NOT match a computer name
in active directory? Will this cause any problems? Is there
documentation
you can point me to or provide which outlines this information?
The Common Names (the value of the cn attribute) cannot match if the objects
are in the same container/OU. If they are in different containers, the
Distinguished Name's will be different, and so it is allowed. The cn of a
computer object is the NetBIOS name of the computer.

The NT names can be the same. For user objects, this is the value of the
sAMAccountName attribute. It is also called the "pre-Windows 2000 logon
name". For computer objects, it is called the NetBIOS name of the machine.
They can match because for computer objects the value of the sAMAccountName
is the NetBIOS name with "$" appended on the end. The value of
sAMAccountName must be unique in the domain.

The main drawback I see is possible confusion.
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
Carol Deavy
2006-11-07 15:29:01 UTC
Permalink
Thank you. Your explaination is excellent and clear. Much appreciated.
Post by Richard Mueller
Post by Carol Deavy
Is there any reason that a user logon name should NOT match a computer name
in active directory? Will this cause any problems? Is there documentation
you can point me to or provide which outlines this information?
The Common Names (the value of the cn attribute) cannot match if the objects
are in the same container/OU. If they are in different containers, the
Distinguished Name's will be different, and so it is allowed. The cn of a
computer object is the NetBIOS name of the computer.
The NT names can be the same. For user objects, this is the value of the
sAMAccountName attribute. It is also called the "pre-Windows 2000 logon
name". For computer objects, it is called the NetBIOS name of the machine.
They can match because for computer objects the value of the sAMAccountName
is the NetBIOS name with "$" appended on the end. The value of
sAMAccountName must be unique in the domain.
The main drawback I see is possible confusion.
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
Loading...