Solved

What is the difference in AD Logons

Posted on 2009-06-30
3
226 Views
Last Modified: 2012-05-07
What is the difference in logging onto desktops in ether

usermame:johnd
domain:mydomain

or

username:JohnDoe@mydomain.ParentDomain.com

I have found that using the first method seems to yield more reliable results but I think that the second method is preferred post NT domains. What should we be using and is there any way of using the second method without having to type out @mydomain.ParentDomain.com whenever a different use logs on.
0
Comment
Question by:MattWilkinson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 14

Accepted Solution

by:
theras2000 earned 30 total points
ID: 24744084
There's about 4 ways to login (some available at different places):
1. username: johnd
    domain: mydomain
2. johnd.mydomain.parentdomain.com
3. mydomain\johnd
4. johnd@parentdomain.com

1, 2 & 3 are identical, and match directly to the AD account, in that the spelling and layout is predetermined/static.

Option 4 is configurable by the Domain Admin, and he can make it whatever he likes.  Generally he makes it johnd@parentdomain.com, because that would be the same as John's email address, which is easy to remember.  Quite useful in a multi-domain environment, so that all users in the forest can use the same type of login.
This is known as a UPN suffix, and can be confgured here in AD Domains & Trusts like this: http://support.microsoft.com/kb/243629
0
 
LVL 17

Assisted Solution

by:Nik
Nik earned 20 total points
ID: 24744148
Whichever way you use, you should get the same result when logging in.
mydomain\username - netbios login pre-2000 domain
username@domainname - Fully Qualified Domain Name login (FQDN)

username
password
domain

-same thing as FQDN.
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24745105
The first login is the older NT4 style login, using the domain NetBIOS name then the user sAMAccountName (e.g. DOMAIN\username)
The second is the newer UPN style login used by post NT4 systems. This uses the username together with the DNS domain name (e.g. username@domain.local).
Both result in exactly the same thing, as they both point to the same user account. They're just both available to provide backward compatibility.
For the UPN style login, if you want to shorten the second section for child domains, as this can start getting long as you have said, you can create a custom UPN suffix for the forest. For example, if you have a user in the domain child.parent.local, instead of them having to type in 'username@child.parent.local', you could create a custom UPN suffix, e.g. 'company', then assign this to the user, so the login would be 'username@company'.
How to create a new UPN suffix : http://support.microsoft.com/kb/243629
After you have created the new UPN suffix, it will be available to choose from the drop down box when you create a user, and you can assign it to existing users on the 'Account' tab of the user properties in ADUC.
Tony.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question