Re: UPN suffixes with joint NT 4 & AD domain

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

In news:O0TcYflsHHA.1208@xxxxxxxxxxxxxxxxxxxx,
Rob Nicholson <informed@xxxxxxxxxxxxxxxx> typed:
We're currently planning/piloting our migration from NT 4 to AD. The
trusts are in place and therefore when a user opens up the login
dialog on a PC in the old NT 4 domain, they can see the new domain in
the drop down list. They can also successfully log on using an
account in the new AD domain by selecting the AD domain (TESTCOMPANY)
from the drop down list.
On a PC that has it's account in the new domain, they can also logon
using the username@xxxxxxxxxxxxxxx format.

However, they can't do the same thing from a PC that has it's account
in the old domain. They can type username@xxxxxxxxxxxxxxx but it says
"The system could not log you on".

I'm assuming that this can't be got around as NT 4 is effectively
doing the authentication for the user and it knows nothing about UPN
suffixes?
Thanks, Rob.

That's correct. NT4 does not use DNS, and the UPN suffix is DNS based. The
NT4 DC is the primary authenticator and cannot offer pass-through
authentication for UPNs. You are seeing default and expected behavior.


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Having difficulty reading or finding responses to your post?
Instead of the website you're using, try using OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. Anonymous access. It's free - no username or password
required nor do you need a Newsgroup Usenet account with your ISP. It
connects directly to the Microsoft Public Newsgroups. OEx allows you
o easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject. It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

"Quitting smoking is easy. I've done it a thousand times." - Mark Twain


.

Relevant Pages

  • Re: Adding a computer to a domain
    ... Manually Joining a Windows Domain: ... account, pointing to news.microsoft.com. ... Microsoft Public Newsgroups, and it is FREE and DOES NOT require a Usenet ... With OEx, you can easily find your post and watch & ...
    (microsoft.public.win2000.dns)
  • Re: fail on logon
    ... How did you revert to the default security policy? ... Microsoft MVP - Directory Services ... Instead of the website you're using, I suggest to use OEx (Outlook Express ... or any other newsreader), and configure a news account, pointing to ...
    (microsoft.public.windows.server.active_directory)
  • Re: UF_PASSWD_NOTREQD Flag Set in DCs userAccountControl
    ... admin account to have a NULL password. ... Microsoft MVP - Directory Services ... Instead of the website you're using, try using OEx (Outlook Express ... o easily find, track threads, cross-post, sort by date, poster's name, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Translate bytes in IP address
    ... I have a problem in my server, another device has the same name than ... group name, workgroup name, domain name and/or logon user account name ... Microsoft MVP - Directory Services ... Instead of the website you're using, try using OEx (Outlook Express ...
    (microsoft.public.windows.server.networking)
  • Re: Why is e-mail being rejected when sending to an external domain?
    ... We are able to send e-mail to most external domains except two or ... IMAP account, or using OUtlook Express, or a handheld (Windows Mobile, Palm ... Microsoft MVP - Directory Services ... Instead of the website you're using, try using OEx (Outlook Express ...
    (microsoft.public.windows.server.dns)