Check sAMAccountName Requirements

Function Check-sAMAccountName {
    [CmdletBinding()]
    [OutputType([string])]
    param(
        [parameter(Mandatory=$true)]
        [string]$ScriptParameters
    )
    # exclude the characters " * + , / : ; < = > ? @ [ \ ] |
    $excludedChars = 34,42,43,44,47,58,59,60,61,62,63,64,91,92,93,124
    $StringBuilder = New-Object System.Text.StringBuilder
    # split name into Char Array and check each character
    $sAMAccountName.ToCharArray() | ForEach-Object{
        try{
            # convert char to ascii decimal
            $ascii = [byte][char]$_
            # check if char is in the excluded range, if not add to string builder
            if($ascii -le 32 -or $excludedChars -contains $ascii){
                Write-Verbose "$_ - excluded character"
            } else {
                $StringBuilder.Append($_) | Out-Null
            }
        }
        catch{
            Write-Verbose "$_ - None ascii character"
        }
    }

    # create new name string after removing excluded charaters
    $newName = $StringBuilder.ToString()

    # check that name is less than 20 characters
    if($newName.Length -gt 20){
        $newName = $newName.Substring(0,20)
    }

    # Check that last character is not the period character, ".". Remove if found
    $newName = [regex]::Replace($newName,".$","")

    $newName
}

Details

This function will check a string to confirm that it meets the requirements for creating a sAMAccountName. The requirements are based on the Objects with sAMAccountName Attribute section of the Active Directory: Requirements For Creating Objects wiki article.

Example

PS C:\> Function Check-sAMAccountName {
>>     [CmdletBinding()]
>>     [OutputType([string])]
>>     param(
>>         [parameter(Mandatory=$true)]
>>         [string]$ScriptParameters
>>     )
>>     # exclude the characters " * + , / : ; < = > ? @ [ \ ] |
>>     $excludedChars = 34,42,43,44,47,58,59,60,61,62,63,64,91,92,93,124
>>     $StringBuilder = New-Object System.Text.StringBuilder
>>     # split name into Char Array and check each character
>>     $sAMAccountName.ToCharArray() | ForEach-Object{
>>         try{
>>             # convert char to ascii decimal
>>             $ascii = [byte][char]$_
>>             # check if char is in the excluded range, if not add to string builder
>>             if($ascii -le 32 -or $excludedChars -contains $ascii){
>>                 Write-Verbose "$_ - excluded character"
>>             } else {
>>                 $StringBuilder.Append($_) | Out-Null
>>             }
>>         }
>>         catch{
>>             Write-Verbose "$_ - None ascii character"
>>         }
>>     }
>>     # create new name string after removing excluded charaters
>>     $newName = $StringBuilder.ToString()
>>     # check that name is less than 20 characters
>>     if($newName.Length -gt 20){
>>         $newName = $newName.Substring(0,20)
>>     }
>>     # Check that last character is not the period character, ".". Remove if found
>>     $newName = [regex]::Replace($newName,".$","")
>>     $newName
>> }
>> 
>> $sAMAccountName = 'boberton . smithingtonworth"[].:;|=+*?<>/\,'
>> Check-sAMAccountName $sAMAccountName -verbose

VERBOSE:   - excluded character
VERBOSE:   - excluded character
VERBOSE: " - excluded character
VERBOSE: [ - excluded character
VERBOSE: ] - excluded character
VERBOSE: : - excluded character
VERBOSE: ; - excluded character
VERBOSE: | - excluded character
VERBOSE: = - excluded character
VERBOSE: + - excluded character
VERBOSE: * - excluded character
VERBOSE: ? - excluded character
VERBOSE: < - excluded character
VERBOSE: > - excluded character
VERBOSE: / - excluded character
VERBOSE: \ - excluded character
VERBOSE: , - excluded character
boberton.smithingto

Share this:

Related Posts

Get AD Users by Last Password Change Date

Get AD Users by Last Logon Date

Get the AD Groups for a User with 1 Level of Inheritance