Solved

Active Directory Fields used to login

Posted on 2014-01-17
4
340 Views
Last Modified: 2014-01-21
We are trying to set up a single sign-on solution and I was asked if there is another field we can use in Active Directory for login Authentication. Basically they want a user to be given two different ways they can log into the AD domain. We currently log in with First Initial Last name and the password. They want to also use firstname.lastname. So use either JDOE or John.Doe as the user name for the same account. Is that possible in Active Directory?
0
Comment
Question by:JohnMantsch
4 Comments
 
LVL 39

Accepted Solution

by:
footech earned 200 total points
ID: 39790016
No (but let me qualify that).
You have two possible formats for providing the user logon name.  One is the pre-Windows 2000, in the form of DOMAIN\username (in many cases you can omit the DOMAIN\ portion as it is used automatically).  The second is the UserPrincipalName (UPN), in the form of username@domain.com.  The username portion between does not have to be the same between the pre-Windows 2000 and UPN forms (but it's usually a good idea to keep these the same).  The suffix portion of the UPN (@domain.com) can vary (i.e. you can have multiple UPN suffixes within a domain), but only one can be valid for a particular user.
So you could have both of the following be valid:
DOMAIN\jdoe
john.doe@domain.com (but it's more typical for this to be jdoe@domain.com)
0
 
LVL 5

Expert Comment

by:alicain
ID: 39790043
I'll second the "No" answer...it'd be a nice new feature request.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39791099
If I can understand your requirement, this is requirement for Microsoft O365 Suite or some thing like that.

What you need to do, just change upper user logon name (UPN) on account tab of user properties in AD to Firstname.Lastname (Which is equal to Email Alias hopefully).
Also you need to specify UPN Suffix that is registered in O365 portal. If its already not there you need to create one through domains and trust.

When user logon to workstation \ network shares, he actually use User logon name (Pre windows 2000) for that.
You can check on client computers the name of his profile folder, you will find it is same as pre windows 2000 logon name

Mahesh
0
 

Author Closing Comment

by:JohnMantsch
ID: 39797201
Thank you
0

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now