AD Username with "-" minus or "_" underscore

TristanH
New Contributor II

Hello,

we are more or less new to Jamf Pro and rollout our first managed Macs in a friedly user phase.

Main Problem:
AD usernames with - or _ in it like "muller-riha.marc" will not work. It is shaking like the password is wrong.

Does anybody know anything about it?

Best
Tristan

1 ACCEPTED SOLUTION

TristanH
New Contributor II

blame on us

We thought, that our Macs using the "User logon name" at AD.
But it's using the "Display Name".
If we have a normal user account and an admin account with the same "Display name", the password window will shake. In our friendly user phase are admins the only ons with "-" in the name.

View solution in original post

7 REPLIES 7

Cyberghost
New Contributor III

Hey,

Shaking on the Mac Login window? Mac is AD-bounded? Users like mike.mustermann is working?

Best Thorsten

TristanH
New Contributor II

yes

isThisThing0n
Contributor

Both are valid characters in an AD environment.

Are date and time correct?

Have you verified your machine is bound successfully?

Log in using local user and open terminal:

id muller-riha.marc

If you see any output other than ‘no such user’ then the Mac is bound.

Cyberghost
New Contributor III

Hmm, tested it here but no problems. Possible that the mac is not bound correctly?

dpratl
Contributor II

We also use "_" in some of our usernames (mine has one) and we never had that problem.
I would also suggest du check the AD bound status. Deppends on the AD configuration but in our AD the Macs have to be in a special group. If a Mac (or a Windows PC) is not in the correct group the login won't work because of security profiles.

BR
Danie

blackholemac
Valued Contributor III

So I’m probably not much help here but I recall back to 2003 (yeah not terribly timely) that we had a problem with that on the Windows computer side of the house. Our solution back then was to reissue new logins to about the 200 accounts we had. We’ve since grown obviously and that solution wouldn’t be viable today.

Again not timely as AD has evolved greatly, but Windows computers had a problem with underscore logins at one time too.

That incident though was why we have a standing order to our AD admins not to allow underscores in login names to this day.

TristanH
New Contributor II

blame on us

We thought, that our Macs using the "User logon name" at AD.
But it's using the "Display Name".
If we have a normal user account and an admin account with the same "Display name", the password window will shake. In our friendly user phase are admins the only ons with "-" in the name.