This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Special Characters sAMAccountName - AD Readiness Tool

Hi All,

There's been an issue identified where as if a user has special character in their sAMAccountName, STAS and the XG Firewall will fail the authentication because a user object can't be created because of the special character. I don't consider this a bug on XG, I don't personally believe that special characters should be a part of a username in active directory. Alas, some people have come across this issue. Because of this, I've created a Active Directory Readiness Tool.

This tool is designed to work in two stages.

Option 1 - Takes inventory of active directory and provides a CSV of the users with special characters in the sAMAccountName, so they can be notified of the changes to their account.

Option 2 - Re-runs the query and removes the identified special characters from the sAMAccountName Attribute.

Note: This is V1, and I'll continue to tidy the PowerShell script when I get a chance over the next couple of days. This has been written and tested on Server 2012.

Download Here

Cheers,

Ben

This thread was automatically locked due to age.

0 Aditya Patel over 8 years ago

HI Ben ,

Thank you for creating such a tool, this would help us dearly to our Customers who wish to use such solution

Thanks and Regards

Aditya Patel
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 8 years ago in reply to Aditya Patel

Aditya,

is this a bug or a code limitation prevents XG to use special characters inside AD Accounts?

Are you checking it inside?

We will appreciate an update on it.

Thanks to BenVerschaeren for the great tool. Many of the users here will appreciate it!

[;)]
Cancel
Vote Up 0 Vote Down

Cancel
0 Aditya Patel over 8 years ago in reply to lferrara

Hi Luk ,

We have checked from our end , and found its a Known Behaviour which may not be fixed. Although we are going to refactor the Access Server which should resolve this issue . Look out for release for NC-13937.

Thanks and regards

Aditya Patel | Network and Security engineer.
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 8 years ago in reply to Aditya Patel

Thanks a lot for the update. Everyone will appreciate it.

The NC Link does not work for us (maybe is something available only for Sophos Staff).

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 BenVerschaeren over 8 years ago in reply to lferrara

lferrara said:

The NC Link does not work for us (maybe is something available only for Sophos Staff).

With the amount you post you should have recruited by now :-)

That's correct it's an internal link that was published. Keep an eye out in the change log but I think it's at least v17 away from an update that will allow special characters in sAMAccountNames.
Cancel
Vote Up 0 Vote Down

Cancel
0 Aditya Patel over 8 years ago in reply to BenVerschaeren

Agreed [:D]
Cancel
Vote Up 0 Vote Down

Cancel