Duplicate sAMAccountName in AD problem

Hi Experts,

We've integrate SM 9.52 with Active Directory for our customer. We map sAMAccountName in AD with name in operator table of SM. So user can log in SM using their AD user. The problem is our customer has 2 sites HO and North. 

I saw an user in HO has samAccountName, falcon.  And in the North Site, there is another user that has same sAMAccountName, falcon.

Normally, if they log in webmail (OWA), they must use different username e.g. north\falcon  for user in North site and falcon for user in HO.

In SM, only one user can log in because SM only use sAMAccountName to authorize user with AD. I have try to create user "north\falcon" in SM but it doesn't work. I also try to enable ldapstats in sm.ini. The sm.log show that SM only query with sAMAccountName and return only 1 result. For example:

LDAP: Query for ((sAMAccountName=falcon)) took 0.000000 seconds

LDAP: Query returned DN: CN=XXX,OU=XXXXX,OU=XXX,DC=north,DC=XXX,DC=com

Is there any way to config in SM, so both user can login SM normally use their AD account as they login to Webmail?

Please help me on this.

Thanks and Regards.


  • Hello , 

    i'm trying to understand the issue , but in fact i got confused . 

    where is the issue exactly , 

    do you have the same AD account created in both  sites . 

    what is meant by site here , subdomain ? or aother domain in the AD forst ?

    please try to explain the AD structure , i may be able to help you 


  • Hi Timberwolf,
    Each AD user has a distinguished name; you can set it as a different value from the operator name field. So my suggestion, get the DN of each one and set it on the operator level > security tab > DN field.. (just copy the user one)
    Let me know the result :)
    Good LUCK!
  • Thanks Breno,

    That's a solution for this. As your suggestion, I have to manually create an operator with name in syntax <domain>\<username> and map it with specific DN of user. Is there any way to do this automatically? Like, an user without an operator record log in SM with his user .e.g ho\falcon. Then SM will automatically create an operator record with name ho\falcon and DN field map with his DN in AD. And then the same for the his duplicate sAMAccountName user e.g. falcon.

    Thanks and Regards,

  • Hi Salah,

    My AD structure is a tree with 3 branches. On top is ABC.com, and the next level we have 3 subdomain (ho.ABC.com ; north.ABC.com; south.ABC.com). 

    Admin of 2 subdomain ho and north created 2 user with exactly same sAMAccountName .e.g falcon for ho and north. SM only use sAMAccountName falcon as the user to authorize with AD. So it only query with filter sAMAccountName = falcon, and AD only return 1 result. That's why only 1 user can login SM.

    I'm asking if there are any configuration that SM can use query syntax to AD like <domain>\<sAMAccountName> so both users can login SM normally as they do in Webmail (OWA).

    Thanks and Regards,