The use of multiple accounts, to handle separation of roles and responsibilities for a single person, has resulted in the increased use of special characters in usernames. However, it's important to note that the use of creative account naming conventions can create additional issues. Although Microsoft allows the use of some special characters in a username, there are definitely gotchas worth being aware of. Microsoft supports the use of special characters in user names with the exception of:
, : ; | = + ? < > * and “.
Let's take a closer look at the issues:
Q: Are user names going to be passed in the query string of a URL?
A: The ampersand and hash/pound characters will need to be replaced with %26 and %23, respectively.
Q: Are user names going to be passed to an XML-based web service?
A: The ampersand character needs special attention and must be replaced with the string ‘&'.
Q: Are user names going to be placed in SQL database queries?
A: The underscore and percent characters require special handling. In SQL database queries, the underscore and percent characters are used as wildcard characters in pattern strings. Before processing a database query, the underscore and percent characters need to be escaped.
Q: Are user names being placed in LDAP directory queries?
A: The back-slash, forward-slash, asterisk and hash/pound symbols, and leading or trailing required spaces, must be escaped with a back-slash. The back-slash is the escape character, the forward-slash indicates the following pair of characters is a hex formatted byte, the asterisk and hash/pound characters are wild cards in directory searches. In addition, for directory pathnames, the comma must also be escaped with a back-slash.
Q: Are X.509 certificates being requested?
A: The carrot, ampersand, hyphen, right brace, and left brace characters require special handling. When comparing the user name in the certificate request and the requesting user name, the escaped characters in the user name from the certificate request must be replaced with their corresponding special character (e.g. %5E with ^).
In conclusion, it probably makes better sense to avoid the special characters that are particularly problematic (,), &, %, {, and } . By using special characters, organizations may be creating new problems rather than solving existing ones.
View All 
