• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 766
  • Last Modified:

Our users are unable to log into OWA without putting the domain name in front of their user name...

Our users are unable to log into OWA without putting the domain name in front of their user name...   We are not using FBA.  We are running Exchange 2003 SP2.  How do I set it up so that the users do not have to type the domain name before their user name?
0
anthonyca
Asked:
anthonyca
  • 5
  • 4
  • 2
1 Solution
 
SembeeCommented:
Any reason you aren't using forms based authentication?
If you were then you wouldn't need to put in the domain\ in front of the user name and you increase the security of OWA.

Otherwise you have to set the default domain and default realm on the Exchange virtual directory in IIS Manager, but the best option is to use FBA.

Simon.
0
 
redseatechnologiesCommented:
You can mess with IIS, or you can just enable FBA.

http://exchange.mvps.org/owa_default_search_domain.htm

-red
0
 
anthonycaAuthor Commented:
For some reason, some key Personnel do not want to use FBA at this time...     In the 'otherwise' portion of your response you mentioned 'set default domain and default realm on the Exchange virtual Directory...'  set it how?  Is there a document to follow?  I know that even the smallest click will affect the functionality so I need explicit intructions...  
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
anthonycaAuthor Commented:
I went into IIS 6 to reset the realm and domain, checked of basic authentication, etc... and I get a pop up window that says "Inheritance Overrides" and then says "The followin child nodes also define the value of the "FefaultLogonDomain" property, which overrides the value you have just set.  Please select from the list below those nodes which should use the new value.   ... then in the box in the window it lists: Child Nodes: Exadmin, Exchange exchange-oma, ExchWeb, ExchWeb/bin, Microsoft-Server-ActiveSync, OMA, Public    Choices are OK or Cancel or Help      What should I select?
0
 
redseatechnologiesCommented:
Hmmm, none really.  I don't know why that guide tells you to force it on the default web site (sorry, late here).

Here is an MS guide for 2000, which does it on the child nodes directly, which is a safer route -> http://support.microsoft.com/kb/267906

Failing that, I am sure that Sembee can clarify

-red
0
 
SembeeCommented:
When I do it, I usually do NOT set it on the child nodes. So when the prompt comes up, pressing cancel.

Simon.
0
 
SembeeCommented:
Oh and the best method to get someone to agree to use FBA is to login as them, then ask them to log out and then press "Home".  When they have logged out, simply press Back and get back in to their mailbox. FBA wouldn't allow that.

I really cannot understand why people don't want to use FBA as it goes down very well with the users and provides the security that you don't get without it being enabled.

Simon.
0
 
anthonycaAuthor Commented:
I made the changes and the user still has to put "domain\username" to get in...   What are the IIS Settings for the following Virtual Directories [I am not using FBA and I don't want to have to type in the domain name first]  [As it stands right now...  I try to type in just my username and it comes back with "mail.domain.com\username" ] Default Web Site, Exchange, exchange-oma, Exchweb, Bin, Public,
0
 
anthonycaAuthor Commented:
My OWA was working fine for some time and the user didn't have to type in the domain name... then all of a sudden it changes... is there any reason why the IIS setting would revert back?  This has been happening sporadically for the past few months...  
0
 
anthonycaAuthor Commented:
I read this from another posting:  Dave_Dietz:
"Easy right?  Just go into Properties of \exchange in IIS, Directory Security tab, Edit Authentication and Access Control, put domain name in Default Domain."

This would work for a brief period of time until Exchange overwrote the value.

You need to make this change through the Exchange System Manager.  Every now and then Exchange kicks of the DS2MB process where it pushes it's configuration information from AD into the Metabase.  Most setting for the Exchange directories in IIS get reset when this happens - including the Default Logon Domain setting for Basic auth.

Try changing it in the ESM and it will get proagated from there and should work, unless you are forcing users to authenticate at ISA.

Dave Dietz

"Is there a way that I can prevent the settings from being overwritten by Exchange?"
0
 
SembeeCommented:
You need to make the change, then after making the change drop in to a command prompt and type iisreset. That write the changes to the metabase.
However, Exchange is designed that the username is required in the format of domain\username and it will change back on its own. The only 100% reliable method is forms based authentication as the change was made to the code to remove the requirement for the domain\ part.

Simon.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now