• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 239
  • Last Modified:

What is the difference in AD Logons

What is the difference in logging onto desktops in ether

usermame:johnd
domain:mydomain

or

username:JohnDoe@mydomain.ParentDomain.com

I have found that using the first method seems to yield more reliable results but I think that the second method is preferred post NT domains. What should we be using and is there any way of using the second method without having to type out @mydomain.ParentDomain.com whenever a different use logs on.
0
MattWilkinson
Asked:
MattWilkinson
2 Solutions
 
theras2000Commented:
There's about 4 ways to login (some available at different places):
1. username: johnd
    domain: mydomain
2. johnd.mydomain.parentdomain.com
3. mydomain\johnd
4. johnd@parentdomain.com

1, 2 & 3 are identical, and match directly to the AD account, in that the spelling and layout is predetermined/static.

Option 4 is configurable by the Domain Admin, and he can make it whatever he likes.  Generally he makes it johnd@parentdomain.com, because that would be the same as John's email address, which is easy to remember.  Quite useful in a multi-domain environment, so that all users in the forest can use the same type of login.
This is known as a UPN suffix, and can be confgured here in AD Domains & Trusts like this: http://support.microsoft.com/kb/243629
0
 
NikSystems SpecialistCommented:
Whichever way you use, you should get the same result when logging in.
mydomain\username - netbios login pre-2000 domain
username@domainname - Fully Qualified Domain Name login (FQDN)

username
password
domain

-same thing as FQDN.
0
 
bluntTonyCommented:
The first login is the older NT4 style login, using the domain NetBIOS name then the user sAMAccountName (e.g. DOMAIN\username)
The second is the newer UPN style login used by post NT4 systems. This uses the username together with the DNS domain name (e.g. username@domain.local).
Both result in exactly the same thing, as they both point to the same user account. They're just both available to provide backward compatibility.
For the UPN style login, if you want to shorten the second section for child domains, as this can start getting long as you have said, you can create a custom UPN suffix for the forest. For example, if you have a user in the domain child.parent.local, instead of them having to type in 'username@child.parent.local', you could create a custom UPN suffix, e.g. 'company', then assign this to the user, so the login would be 'username@company'.
How to create a new UPN suffix : http://support.microsoft.com/kb/243629
After you have created the new UPN suffix, it will be available to choose from the drop down box when you create a user, and you can assign it to existing users on the 'Account' tab of the user properties in ADUC.
Tony.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now