Azure Active Directory Domain Services Username Limitations RRS feed

  • Question

  • Hi Guys

    Is it correct, that the choosen username has to bee <= 20 chars to be successfully synced to the Domain Services served by a AAD? Is it possible to fix that by a workround? 

    Just tested this with a bunch of usernames. See my results below:

    Instead of completely not syncing these users, wouldnt it make sense to substr to 20 chars

    Anyway. Is it possible to access to synclogs anywhere?


    • Edited by emTwoCode Thursday, January 7, 2016 10:24 AM
    Thursday, January 7, 2016 9:00 AM

All replies

  • Thanks for reporting this issue, Michael. You're right in observing that users for whom the first component of the UPN is longer than 20 characters are not available in AAD-DS. This behavior is due to the 20 character limit on the size of the SAMAccountName attribute in AD. We are investigating ways by which we can resolve this. Is this currently blocking your use of AAD-DS - i.e. do you have a lot of users in your tenant that fall into this category (i.e. names longer than 20 characters)?
    Thursday, January 7, 2016 7:34 PM
  • Sorry for the delay. I came to the same conclusion for the SAMAccountName and its limitations. This not blocking for us, we just removing the chars > 20, but i think there should be a more reliable solution


    Tuesday, January 12, 2016 8:49 AM