You are currently offline, waiting for your internet to reconnect

SharePoint does not distinguish between single-byte and double-byte user account names in Japanese

Microsoft SharePoint does not distinguish between single-byte and double-byte user account names in Japanese.

Consider the following scenario. You have two user accounts:

contoso\testuser01 - hankaku (single-byte character set [SBCS]) and
contoso\testuser01- zenkaku (double-byte character set [DBCS])
You add both accounts to a SharePoint site. In this scenario, the user can log on to the SharePoint site by using either the single-byte or double-byte account name.

SharePoint makes use of the Security Identifier (SID) for determining user permissions. When a user accesses a SharePoint site, SharePoint queries Active Directory for the user credentials, and the SID of the user is returned in the query result. 

In the background, Active Directory does not discriminate between single-byte and double-byte user account names in Japanese. Users can log on to a computer as the same user by using either the single-byte or double-byte account name (for instance, contoso\testuser01 or contoso\testuser01).

Based on the this underlying behavior, users can access SharePoint sites by using either account name as long as appropriate permissions are granted on the sites by using the single-byte or double-byte account name.
SharePoint stores a part of user information, such as logon name, in the content databases in the following situations: 
  • Users are granted permissions directly and not through groups.
  • Permissions are granted to the security group to which the user belongs, and the user logs on to the SharePoint site.
When site administrators grant permissions to the user by using the "people picker" control, they can use a double-byte account name as a keyword for querying Active Directory.  

SharePoint uses the LookupAccountSid function to extract user information, including the SID. This function caches the result of the process so that it caches two-byte user account name and the SID if a double-byte account name is used in querying Active Directory. Therefore, SharePoint stores the user information, including the double-byte user account name in the content database. 

In this situation, users might see their user names displayed in double-byte characters, but it does not affect their access to the sites.  

Japanese has various kinds of characters including zenkaku (全角), full-width characters, and hankaku (半角), half-width characters. These characters look similar and have the same meaning, such as A (zenkaku) and A (hankaku), but their Unicode values are different. Active Directory does not distinguish between them.


The LookupAccountSid Function Returns the Wrong Name After You Rename Accounts:
[NT] Active Directory で濁音、半濁音、拗音、促音を区別しない (KB only available in Japanese):
Single-byte Character Sets:
Double-byte Character Sets:
Double-Byte Character Sets (DBCS) in Windows:
Single Byte Double Byte

Article ID: 2656984 - Last Review: 02/16/2012 17:33:00 - Revision: 7.0

Microsoft Windows SharePoint Services 3.0, Microsoft Office SharePoint Server, Microsoft Office SharePoint Server 2007, Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2010

  • KB2656984
;t=">rePV = 1; var varClickTracking = 1; var varCustomerTracking = 1; var Route = "76500"; var Ctrl = ""; document.write("