3.1.1.8.4 sAMAccountName

  1. If the objectSid attribute has a RID of DOMAIN_USER_RID_KRBTGT and there is already a value present in the sAMAccountName attribute, the server MUST return an error status.

  2. If the sAMAccountName attribute value is NOT unique with respect to the union of all sAMAccountName and msDS-AdditionalSamAccountName attribute values for all other objects within the scope of the account and built-in domain, the server MUST return an error status, according to the following conditions.

    Condition

    Error status

    The object whose sAMAccountName matches the sAMAccountName attribute of the current object is a group object as defined in section 3.1.1.

    STATUS_GROUP_EXISTS

    The object whose sAMAccountName matches the sAMAccountName attribute of the current object is an alias object as defined in section 3.1.1.

    STATUS_ALIAS_EXISTS

    Otherwise:

    STATUS_USER_EXISTS

Show: