Is there a way to i...
 
Notifications
Clear all

Is there a way to increase the 20 character limit on user and group creation in AD?

4 Posts
2 Users
0 Reactions
2,194 Views
Posts: 6
Topic starter
(@lostlogic)
Active Member
Joined: 7 years ago

Hi.

When creating a group, ie: "User Access - Citrix Desktop" for a Customer, it will be truncated to UserAccess-Cit_00000

The same happens when creating a user. Is there a way to:

  1. Increase the limit of how many characters are allowed before truncation happens
  2. Allow for spaces when creating a user / group

It works fine in terms of it looks OK in SolidCP, but when we, the system administrators have to set security rights to folders based on groups created in SolidCP, it's tedious to identify the group created to use for something useful in security settings for a folder structure for instance, especially since the Display Name is not written to any of the Active Directory attributes.

Our current workaround is creating the users and groups in the AD we are currently working on, then running a powershell script that imports it into the SolidCP database so we can continue management from there. This is both time consuming and cumbersome.

3 Replies
Posts: 1995
Admin
(@m-tiggelaar)
Noble Member
Joined: 9 years ago

Hello,

For issue 1: If you go to Policies (bottom right @ serveradmin home) --> Hosted Organization policy --> there it has the password restrictions/ requirements.

Please note by changing it keep in mind for any AD limitiations (as they also have max char limits).

The display name is actually stored in Active Directory --> displayName attribute.

In addition depending on what type of permissions you set outside of SolidCP --> Alot of basic security permissions and group permissions can be set from within SolidCP (which is usually the best way to go to avoid conflicts/ rewrites etc).

I don't fully understand issue 2, can you clarify that a bit?

Regards,

Marco

Reply
Posts: 6
Topic starter
(@lostlogic)
Active Member
Joined: 7 years ago

The Policy you describe governs, as far as I can tell, Password policies and should have no impact on how long a User or Group display name can be, before truncation happens.

DisplayName is stored in Active Directory for users only. For groups, it is not reflected as it is shown in SolidCP.

Attached to this post is a snippet that visually describes the issue. The user "xxxxxx00000" Could easily have been named the full display name instead of the first part of the UPN with trailing numbers, with the addition of 00000 to SolidCP use to ensure no duplicates are occurring.

The group has the same issue, but in a different way. As shown in the picture, there is no displayname tied to the object in AD. Which makes differentiation between GSXXXXX-Arkiv-R00000 and GSXXXXX-Arkiv-R00001 difficult.

For the last issue I described, I'd really like (Not much of an issue, more in the way that it would be convenient) a way to tune the truncation of the names. Can I remove truncation of spaces for instance. Or is it tied to some unique ID in the database that does not allow for spaces as it is an invalid character?

Reply
Posts: 1995
Admin
(@m-tiggelaar)
Noble Member
Joined: 9 years ago

For the first part: yes sorry seems i mistaken pass policy for the user restrictions.

The _number+1 is created to avoid duplicates (which you would get if you for example use Display name --> people would just create 10x support --> causing issues).

there's a second option in the hosted org settings to change _00000 into the Org ID.

As far as groups go: my security groups have a display name, although those are Distribution lists of exchange which might change the matter a little.

Reply
Share: