Solved

What is the difference in AD Logons

Posted on 2009-06-30
3
218 Views
Last Modified: 2012-05-07
What is the difference in logging onto desktops in ether

usermame:johnd
domain:mydomain

or

username:JohnDoe@mydomain.ParentDomain.com

I have found that using the first method seems to yield more reliable results but I think that the second method is preferred post NT domains. What should we be using and is there any way of using the second method without having to type out @mydomain.ParentDomain.com whenever a different use logs on.
0
Comment
Question by:MattWilkinson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 14

Accepted Solution

by:
theras2000 earned 30 total points
ID: 24744084
There's about 4 ways to login (some available at different places):
1. username: johnd
    domain: mydomain
2. johnd.mydomain.parentdomain.com
3. mydomain\johnd
4. johnd@parentdomain.com

1, 2 & 3 are identical, and match directly to the AD account, in that the spelling and layout is predetermined/static.

Option 4 is configurable by the Domain Admin, and he can make it whatever he likes.  Generally he makes it johnd@parentdomain.com, because that would be the same as John's email address, which is easy to remember.  Quite useful in a multi-domain environment, so that all users in the forest can use the same type of login.
This is known as a UPN suffix, and can be confgured here in AD Domains & Trusts like this: http://support.microsoft.com/kb/243629
0
 
LVL 17

Assisted Solution

by:Nik
Nik earned 20 total points
ID: 24744148
Whichever way you use, you should get the same result when logging in.
mydomain\username - netbios login pre-2000 domain
username@domainname - Fully Qualified Domain Name login (FQDN)

username
password
domain

-same thing as FQDN.
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24745105
The first login is the older NT4 style login, using the domain NetBIOS name then the user sAMAccountName (e.g. DOMAIN\username)
The second is the newer UPN style login used by post NT4 systems. This uses the username together with the DNS domain name (e.g. username@domain.local).
Both result in exactly the same thing, as they both point to the same user account. They're just both available to provide backward compatibility.
For the UPN style login, if you want to shorten the second section for child domains, as this can start getting long as you have said, you can create a custom UPN suffix for the forest. For example, if you have a user in the domain child.parent.local, instead of them having to type in 'username@child.parent.local', you could create a custom UPN suffix, e.g. 'company', then assign this to the user, so the login would be 'username@company'.
How to create a new UPN suffix : http://support.microsoft.com/kb/243629
After you have created the new UPN suffix, it will be available to choose from the drop down box when you create a user, and you can assign it to existing users on the 'Account' tab of the user properties in ADUC.
Tony.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question