2003 Server with long user names

[StuH]

Have a single W2K3 server scenario with Raised Domain Function levels to 2003 in a school setting. Aim is to provide logon accounts for all students via XP clients joined to the domain. I've been told the logon name is to be in the form firstname.lastname (to teach the kids to type their own name).

Now for the problem. Some parents are really mean and gave their kids really long names. For example, one kid would have an account name of Sharon.Adamson-Jenkins. A
whopping 22 characters for the poor kindy kid to type. Too bad, blame the parents.

Now this long name doesn't want to work on a single 2003 server if an account is made with that name. Not for me anyway. Windows truncates the name and their home folder to 20 characters, i.e. Sharon.Adamson-Jenki, meaning for these poor kids with long names, they will have to remember that their server logon name will have to be truncated to work.

Is there a way to have a longer logon name in AD that actually works? I can create the longer account name, but I can't seem to logon with it. But if I truncate it to 20 characters, I'm in.

Win 2000 and 2003 says they support 64 characters. And yes, I can make them, but I can't logon with them.

Any help is appreciated.

 

[StuH]

added note:

I saw a thread here that says you add the domain name to the username, ie. firstname.lastname@domain.com (where the domain is a long schoolsname.edu in our case), but that does not work in testing.

Thanks.

 

[itsp1965]

Stu if the users are logging onto the domain then they do not need to add the @domain.com part when logging on (just the firstname.lastname part)
As for the truncating home folders, you may want to take a look at the length of the home folder. I am assuming it's being truncated since the path is prob > 255 chars. I don't think there is a reason why it should truncate after the 20th char. Hope this helps.

 

[StuH]

Thanks itsp1965.

You're right, you don't have to add the @domain... *IF* the logon name is 20 characters or LESS. BUT if it's more than 20 characters, you do have to add it, otherwise you have to truncate the name to 20 characters.

The home folder name can be longer, but by default when adding a long name in AD, it truncates to 20 characters.

Still a problem.

 

[itsp1965]

You are correct Stu. Although Windows 2003 support a 64 character object name (ex CN=user OU=..), for logon purposes unfortunately the maximum user account size is 20 chars. This is by design. Hope this helps.

 

[StuH]

Thanks itsp1965. I've found another workaround:

You can add a shorter UPN Suffix to the domain and configure user accounts to use it. Here's how:

Open the "Active Directory Domains and Trusts" MMC
In the console, right click "Active Directory Domains and
Trusts"-->Properties
Add an Alternative UPN suffix e.g. SCHOOL

Once done open the "Active Directory Users and Computers" MMC
View the properties of a user account
On the "Account" tab, enter the full long UserID into the "User logon name" box, and select @SCHOOL as the UPN suffix

After doing the above users should be able to log in using
Mylongfirstname.Mylonglastname@SCHOOL.

That's the best I can do it seems.