sAMAccountName vs. userPrincipalName for %S, %U, and %u

Ken Cross kcross at
Mon Jan 26 22:23:26 GMT 2004


We're having a problem with home directories.

Consider a user in the WIN1DOM.LOCAL realm with the following account

 sAMAccountName: crossk
 userPrincipalName: ken.cross at win1dom.local

Our customer wants to let users log in using their sAMAccountName, but use
the userPrincipalName for their home directories.

Prior to 3.0 Beta2, you would get:

 %S=ken.cross         (userPrincipalName)
 %U=crossk            (sAMAccountName)
 %u=WIN1DOM\ken.cross (domain + userPrincipalName)

Since then you get:

 %S=crossk            (sAMAccountName)
 %U=crossk            (sAMAccountName)
 %u=WIN1DOM\crossk    (domain + sAMAccountName)

(security=ADS in all cases)  The userPrincipalName is not available
anywhere, so an "add user script" (which we use to create home directories)
cannot use it.

Furthermore, the output from wbinfo -u gives "WIN1DOM\ken.cross", which
seems inconsistent since there's no simple way to correlate this to the

Was this change done by design?  Is there a way to get userPrincipalName to
use during logon (like a %n or something)?


Ken Cross

Network Storage Solutions
Phone 865.675.4070 ext 31
kcross at 

More information about the samba-technical mailing list