Solved

What is the difference in AD Logons

Posted on 2009-06-30
3
184 Views
Last Modified: 2012-05-07
What is the difference in logging onto desktops in ether

usermame:johnd
domain:mydomain

or

username:JohnDoe@mydomain.ParentDomain.com

I have found that using the first method seems to yield more reliable results but I think that the second method is preferred post NT domains. What should we be using and is there any way of using the second method without having to type out @mydomain.ParentDomain.com whenever a different use logs on.
0
Comment
Question by:MattWilkinson
3 Comments
 
LVL 14

Accepted Solution

by:
theras2000 earned 30 total points
Comment Utility
There's about 4 ways to login (some available at different places):
1. username: johnd
    domain: mydomain
2. johnd.mydomain.parentdomain.com
3. mydomain\johnd
4. johnd@parentdomain.com

1, 2 & 3 are identical, and match directly to the AD account, in that the spelling and layout is predetermined/static.

Option 4 is configurable by the Domain Admin, and he can make it whatever he likes.  Generally he makes it johnd@parentdomain.com, because that would be the same as John's email address, which is easy to remember.  Quite useful in a multi-domain environment, so that all users in the forest can use the same type of login.
This is known as a UPN suffix, and can be confgured here in AD Domains & Trusts like this: http://support.microsoft.com/kb/243629
0
 
LVL 17

Assisted Solution

by:Nik
Nik earned 20 total points
Comment Utility
Whichever way you use, you should get the same result when logging in.
mydomain\username - netbios login pre-2000 domain
username@domainname - Fully Qualified Domain Name login (FQDN)

username
password
domain

-same thing as FQDN.
0
 
LVL 27

Expert Comment

by:bluntTony
Comment Utility
The first login is the older NT4 style login, using the domain NetBIOS name then the user sAMAccountName (e.g. DOMAIN\username)
The second is the newer UPN style login used by post NT4 systems. This uses the username together with the DNS domain name (e.g. username@domain.local).
Both result in exactly the same thing, as they both point to the same user account. They're just both available to provide backward compatibility.
For the UPN style login, if you want to shorten the second section for child domains, as this can start getting long as you have said, you can create a custom UPN suffix for the forest. For example, if you have a user in the domain child.parent.local, instead of them having to type in 'username@child.parent.local', you could create a custom UPN suffix, e.g. 'company', then assign this to the user, so the login would be 'username@company'.
How to create a new UPN suffix : http://support.microsoft.com/kb/243629
After you have created the new UPN suffix, it will be available to choose from the drop down box when you create a user, and you can assign it to existing users on the 'Account' tab of the user properties in ADUC.
Tony.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now