Certain requirements must be met when creating objects in
Active Directory. These can be user accounts, groups, computers, or other classes of objects. This article documents some of these requirements. Errors will be raised if any of these requirements are not met. You can use this article to troubleshoot the
possible problems. These requirements apply whether you create objects in the Active Directory Users and Computers
MMC, in a script, or using command line utilities.
In this article:
↑ Return to Top
A user cannot logon using a sAMAccountName that includes the
"@" character. ADUC will not allow you to assign a sAMAccountName with this character, but it can be done in code. For example, assume the sAMAccountName is
"r@cameron" in a domain with DNS name
"mydomain.com". If this user attempts to logon using either
"mydomain\r@cameron", the system will respond with the message
"the user name or password is incorrect". However, if the userPrincipalName (UPN) for this user is
"firstname.lastname@example.org", they can logon with that name. Even if the UPN is
"r@email@example.com", they can logon successfully with that name. And if no userPrincipalName has been assigned to the user, they can always logon with their sAMAccountName, followed by the
"@" character, following by the DNS name of the domain. This is a default UPN. So in this example, the user can always logon as
"r@firstname.lastname@example.org", whether they have a UPN or not.