64………is the magic number

Most Windows administrators know that the maximum length for the Netbios computer name of a machine is 15 characters since they may well have hit that limit at some point in time. Slightly less familiar might be the samAccountName attribute of an Active Directory account which must be less than 20 characters – I had experience troubleshooting this one though as recently as last year.

Last week  I needed to create hundreds of distribution lists in Active Directory (using PowerShell of course 😉 ), some with particularly long names and during the first run through in my test environment about 20% of them failed to create with an error along the lines that one of the properties I was trying to set was causing a violation.

I tracked it down to the ldap ‘name’ property, i.e. the Relative Distinguished Name, and it appeared to have a limit of 64 characters although I could not confirm this with the AD documentation I found on MSDN.

Thankfully Twitter again proved incredibly useful, I posted my question on there and within minutes had a response from AD guru and PowerShell MVP Brandon Shell (I kind of hoped he would know when I posted the tweet), thanks to him again for his assistance. He encouraged me to post to a newsgroup and not too long after also followed up with the confirmed answer, links below:

http://technet.microsoft.com/en-us/library/cc977992.aspx

http://groups.google.com/group/microsoft.public.windows.server.active_directory/browse_thread/thread/d70df4342f43b8f7