This procedure creates a new user within a specified
organization according to the policy name passed in as
<policyName>. The possible values of this tag are hosting,
reseller, customer, and default. The default policy creates only
the requested organization. The exact behaviors of these policies
are defined in the procedure GetPolicy in the Managed Active
When creating a user, it is necessary to also ensure that the
new user's sAMAccountName is unique within the domain. If it is
not, creation will fail. Therefore, when creating or renaming a
user or group, the sAMAccountName will be similar to the input name
(or Universal principal name), except that illegal sAMAccountName
characters are removed, and '@' characters are replaced with '_'.
If the sAMAccountName collides with an existing sAMAccountName,
then a random string of digits will be appended to the
sAMAccountName to ensure uniqueness.
The algorithm for generating a sAMAccountName from the seed name
(Universal Principal Name for a user, or cn if the object is a
group), is as follows:
Remove all of the following illegal characters from the seed
Trim the seed name to a maximum of 20 characters
If the last character is a '.', replace it with '_'
Attempt to create the object with the trial sAMAccountName
If there is a sAMAccountName collision in step 4, generate 3
trial names by limiting the seed name to 17 characters, then
appending a random 3-digit number to each. Generate 2 additional
trial names by limiting the seed name to 15 characters, then
appending a 5-digit random number to each. Attempt to create the
object using each of these 5 trial names in turn.