adjoin.samaccountname.length

This configuration parameter specifies the maximum number of characters to use when the adjoin command must generate a pre-Windows 2000 computer name by truncating the host name. This parameter also determines how adjoin creates the computer account in Active Directory.

The default value is 15 characters to conform to the maximum length allowed by the NetLogon service, which is the preferred service for adclient to use for NTLM pass-through authentication. NetLogon is fast and automatically returns a user's group membership.

The maximum length allowed for the pre-Windows 2000 computer name, which is stored in the sAMAccountName attribute for the computer account in Active Directory, is 19 characters. However, if you specify more than 15 characters (up to the 19 character limit) adclient will use slower NTLM authentication methods, and will use additional LDAP searches to fetch the user's group membership.

This configuration parameter is ignored if you run the adjoin command with the --prewin2k option to manually specify the pre-Windows 2000 computer name.

The parameter value should be a positive integer in the valid range of 1 to 19 characters. For example:

adjoin.samaccountname.length: 15

If you specify a value greater than 19, the parameter setting is ignored and the computer name is truncated at 19 characters in the sAMAccountName attribute for the computer account.

If the computer's host name size exceeds the specified value for this parameter, adjoin will use LDAP (and require administrative privileges) to create computer accounts, instead of MS-RPC. In any case, if the computer's short host name exceeds 19 characters, then it is no longer possible to create computer accounts by using MS-RPC methods and LDAP will be used instead.