Alexander's Blog

Sharing knowledge with the global IT community since November 1, 2004

The Strange Way in Which Active Directory Implements the Full Name Attribute

/
/
ad-mania

Did you know that the full name, first name, last name, display name, logon name, and Pre-Windows 2000 account name can all be different for a single user account in Active Directory?

There are some things in software products that are implemented in such a bizarre way that I can’t resist writing about them. One such example is the Full Name attribute in Active Directory accounts. The way Microsoft implements Full Name is rather interesting. Do not confuse Full Name with Display Name. They are two completely different attributes. By default, the Display Name is a combination of a user’s first and last name. Unlike Display Name, the Full Name attribute is not visible in the graphical user interface (GUI) and cannot be set within the properties of the user account.

Try this. Look at all the properties of a user account closely. You won’t find full name anywhere. Yes, you cannot go to a screen and look at the full name. You will find display name, which is not the name that is displayed in Active Directory Users and Computers. So, what is the actual Display Name that is displayed in Active Directory Users and Computers? Well, believe it or not, the actual name that is displayed is the full name. The next obvious question you are going to ask is how do I change the full name if it’s not shown in the GUI? Answer: By right clicking the account and selecting Rename you will notice a pop-up Window that will show you the full name. That’s the only time you will find the screen that shows the full name.

So, let’s summarize what we’ve learned so far. The Full Name is by default a combination of a user’s first and last name, but it can be a combination of anything you want, totally unrelated to the actual first or last name. The first name, last name, display name and the full name can be completely independent of each other. You can literally have a first name Bill, last name Gates, display name Steve Ballmer, a logon name Melinda and a full name Brad Smith. Play around with these attributes and you will see what I mean.

By the way, the logon name of the user and the SAM account name (Pre-Windows 2000 name) can also be completely independent. So, Bill Gates logon name can be Melinda. The logon and Pre-Windows 2000 names are configured on the Account tab of the user account properties.

As I mentioned earlier, the Display name is not the name that is displayed in the Active Directory Users and Computers. The real display name is “Full Name”, it’s just not called Display name. To display what I call the “real” display name requires that you change the Full Name by right clicking the user account. I changed the Full Name (i.e., Display name) to Brad Smith. So what we have is the following.

  • Full name (the “real” Display name) = Brad Smith
  • First name = Bill
  • Last name = Gates
  • Display name = Steve Ballmer
  • User logon name = Melinda

Once you rename the user account, the General tab will look like this. Notice that the Display name (Steve Ballmer) is not the name that is displayed in Active Directory Users and Computers and that you are allowed to change the display name so it doesn’t match with the first name and last name. When you create a new account, the Active Directory creates a display name that is based on the user’s first name and last name. However, Active Directory doesn’t have a mechanism to check if the display name is a combination of the first name and last name after the fact. In some situations, this behavior can come handy.

I should point out that the Pre-Windows 2000 account can also be changed to a different name. For example, if the logon name contains a period (e.g. Melinda.Gates) and you don’t want a period in the Pre-Windows 2000 account name you can simply remove the period (e.g. MelindaGates). Here’s how the Pre-Windows 2000 account can be different than the standard logon name.

Obviously, I am not recommending you configure the account in such a manner, I am just pointing out the fact that the full name, first name, last name, display name, user logon name, and SAM account name can all be different for a single user account in Active Directory. Which is all fine and dandy, but the way the full name and the display name is implemented in Active Directory appears rather strange to me. I am bringing this up because when I am teaching Active Directory classes, my students are often confused about the whole concept of full name versus display name until I explain the non-intuitive way that it is implemented in Active Directory.

The screen shots in this article are from Windows Server 2012 but this implementation is the same in Windows Server 2008, Windows Server 2003 and Windows Server 2000.

NOTE: You can change the display name and configure it in different ways in ADSIEdit using the properties of “CN=user-Display” as described in this KB250455 article, but that’s not what I am talking about in this article.

Feedback to Microsoft

There are several issues in the way this concept is implemented and here are my suggestions to Microsoft.

  • In the Rename User screenshot below, the box Full name should be called Display name because that’s what is actually displayed in the Active Directory Users and Computers.

  • The Display name box should be called Full name and it should directly come from the combination of user’s first name and last name, which is the case by default.
  • We should not be able to manually change this box, similar to when you create new contacts in Microsoft Exchange, otherwise it is no longer the full name as you can see in the Rename User screenshot above where the name was changed.

Potential Issues

The fact that changing the first and last name doesn’t change the Full Name is known to cause developers some headaches, e.g., issues with sharing of a BCM database. The inconsistency in the way this feature is implemented has also some known issues with Exchange, which were documented in this MSDN article. The biggest challenge that the Active Directory administrators face is the confusion that it causes and in my opinion the order of display name and full name should be swapped, as explained in the previous section.


Copyright © 2013 SeattlePro Enterprises, LLC. All rights reserved.

  • Facebook
  • Twitter
  • Linkedin

1 Comments

Leave a Comment

Your email address will not be published. Required fields are marked *

This div height required for enabling the sticky sidebar