CN=GivenName Initals. Surname vs CN=username when new account is created

Andrew Bartlett abartlet at
Fri May 28 06:50:30 MDT 2010

On Fri, 2010-05-28 at 12:49 +0100, Lukasz Zalewski wrote:
> Hi all,
> It seems like newuser creates an account with CN=username,<domain>
> By playing with AD's mmc Users and Computer i have noticed that the 
> account is created using:
> CN=GivenName Initals. Surname
> where at lest one of the above three has to be defined
> Should newuser create the account using AD way if at least one of the 
> (GivenName, Initals, Surname) is present and using login name if they not?
> One of the problems (with AD) i can see straight away is uniqueness issue.
> Its probably safe to assume uniqueness of username but with first, 
> initial and surname that is not the case.
> Given possibility of the sparseness of the input data, if there are two 
> people with the same first name (and no initials and surnames are 
> available) this will fail - possibly there might be two people with same 
> first and last name (and initials)
> What are your opinions on this?

Yes, I think it's reasonable to match the AD behaviour if the given and
or surname attributes are specified. 

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list