I'm working on a project which consist of accessing Intranet with Active directory user account which matches ADLDS UserProxy object.
1- The goal is ADLDS will hold unique users comming from different forest after it's been provisionned by FIM 2010.
2- Users will keep there Login and access Intranet without the need to use there credential
After they log on they just have to click Internet Explorer and taaaddddaaaa!!!!
1- FIM provision ADLDS with UserProxy accounts with a cn that looks like <Firstname>.Lastname> example: Jhon.cooper
2- Jhon AD Samaccount looks like <First letter of the first name><Lastname> Example: jcooper
3- jhon UserProxy object is bind to his AD account
1 - When Jhon authenticate to AD with his AD account (jcooper) he can not acces the intranet
2 - When i create an AD user account for jhon with the login that's looks like <Jhon.cooper> (Same as the UserProxy object cn in ADLDS)
Jhon can acces Intranet successfully!!!!!
3 - Obviousely Jhon can't autheticate on AD with his ADLDS cn (This is normal) and the goal is the user keep there actual AD login to access Intranet
I don't understand why with formal user AD account they can't access Intranet but when recreating another user account which match the ADLDS userproxy cn it works fine ????
NB: For testing reason we've exported all AD forest from Production environment in to a testing lab environment.