The first attribute in a list acts as a "primary" in the sense that it will determine the name NSS lookups will return for all of the aliases. Below is shown the user_name_alt_attr_name token is described the moment in the uxauth.ini file
; Specifies Active Directory user name alternatives on the UNAB endpoint.
; By default, a user's name on Unix is set using the value of the sAMAccountName
; attribute of that user's entry in Active Directory. It can be changed to use
; a different attribute or even set to a list of attributes, in which case multiple
; user records for the same AD account will be created in UNAB's user datastore
; when user object in Active Directory has those attributes set. A list can
; contain up to 3 attributes. The order of attributes in a list is significant
; and will affect how data is retrieved by Unix/Linux NSS APIs and presented by
; native Unix commands like id, getent.
; Default value: sAMAccountName
user_name_alt_attr_name = extensionName sAMAccountName
In the example above, an AD user can log in via UNAB on the endpoint using either name contained in the extensionName or sAMAccountName attribute and the endpoint will "know" the user in Unix as the name contained in her extensionName attribute.
The feature comes with a helper utility called utmpfix, which can be used when it is required that the who command shows the same name for AD user as id -un. Otherwise, who -m will retrieve user name specified at logon (e.g., in ssh -l user hostname). In the example above, if a user logs in with sAMaccountName, who -m and id -un will show different names. The utility can be run from the user login script such as .profile, so that it "fixes" a corresponding entry in the utmp file.