Why can a and o in samAccountName be replaced with danish å and ø?

Solution 1:

This is by design. In short, Active Directory maps the accented/diacritical characters to their "simple" form. Please see the following Microsoft Support article.

Windows logon behavior if your user name contains characters that have accents or other diacritical marks (Dead link) (Live version archived here):

If your user name in the Active Directory directory service contains one or more characters that have accents or other diacritical marks, you may find that you do not have to use the diacritical mark as you type your user name to log on to Windows. You can log on by using the simple form of the character or characters. For example, if your user name in Active Directory is jésush, you can type jesush in the User name box in the Log On to Windows dialog box to log on to Windows.

This behavior occurs so that in situations when you have to log on to Windows from a computer where the preferred keyboard mapping is not installed, you can still log on to Windows by using your user name without the diacritical marks.

Solution 2:

This is the result of "Collation"

In addition to @jscott's reference (+1) and slightly too long for a comment:
something similar is done with the case, as although the username is stored in the correct case, you can log on with a username in all small, upper and even mixed case. HBruijn = hbruijn = HbRuIjN, AD is case aware but not case-sensitive in some of the fields.

The correct term (in IT most often seen in database configuration) is Collation and is what governs ordering, matching and canonical equivalence. Collation rules typically also depend on the locale.

Of interest may be

  • MS Dev Center, "Handling Sorting in Your Applications", https://msdn.microsoft.com/en-us/library/windows/desktop/dd318144(v=vs.85).aspx
  • Unicode Consortium, "UNICODE COLLATION ALGORITHM", section "Collation Order and Code Chart Order", http://www.unicode.org/reports/tr10/#Collation_And_Code_Chart_Order