My software program is going to auto-generate Active Directory group names. We need to know which characters aren't allowed in an AD Group name (i.e. /, \, [, \, |, etc.).

I found this link from Microsoft explaining the valid names for computers, domains, sites, and OUs, but not specifically for groups.

The AD server environment is 2008, but I'd like to make the group validation targeting down to 2003.

1 Answer

The names of security principal objects can contain all Unicode characters except the special LDAP characters defined in RFC 2253. This list of special characters includes: a leading space; a trailing space; and any of the following characters: # , + " \ < > ;

Max. size for Group name:

63 characters, or 63 bytes depending upon the character set; individual characters may require more than one byte.

Special Limitations:

A group account cannot consist solely of numbers, periods (.), or spaces. Any leading periods or spaces are cropped.

• MS Source
• RFC 2253

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy