Paul
Sun Jun 22 20:41:38 PDT 2008
I didn't realize it is implicititly there.
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Jorge de Almeida Pinto [MVP - DS]"
<SubstituteThisWithMyFullNameSeparatedByDots@gmail.com> wrote in message
news:%23kcSL6u0IHA.2188@TK2MSFTNGP04.phx.gbl...
> nope, you could still use the IMPLICIT UPN which is there
> automatically....
>
> lets say your AD domain is called: AD.MYCOMPANY.COM
> lets say yout SMTP domain is called: MYCOOLCOMPANY.COM
> lets say the user has the samaccountname: MYUSER
> lets say the users' mail is: MY.SPECIAL.USER@MYCOOLCOMPANY.COM
>
> the IMPLICIT upn = MYUSER@AD.MYCOMPANY.COM (this is just there under the
> covers)
>
> the explicit UPN COULD BE: MY.SPECIAL.USER@MYCOOLCOMPANY.COM (the same as
> the mail address, IF YOU WANT TO!)
>
> What can you do configure explicit UPNs:
> (1) Use some LDAP write tool and populate the userPrincipalName attribute
> with whatever you want
> (2) Configure a UPN suffix at forest level (done with DOMAIN.MSC and it is
> just an administrative thing, nothing special) which then will show up in
> ADUC or when creating a user using ADUC
> (3) Configure a UPN suffix at OU level (done with ADSIEDIT.MSC and it is
> just an administrative thing, nothing special) which then will show up in
> ADUC or when creating a user using ADUC
> (4) A combination of 2 and 3
>
> also read the multiple forests whitepaper which contains more info about
> this
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/mtfstwp.mspx
> --
>
> Cheers,
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>
> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
>
> BLOG (WEB-BASED)-->
http://blogs.dirteam.com/blogs/jorge/default.aspx
> BLOG (RSS-FEEDS)-->
http://blogs.dirteam.com/blogs/jorge/rss.aspx
> ------------------------------------------------------------------------------------------
> * How to ask a question -->
http://support.microsoft.com/?id=555375
> ------------------------------------------------------------------------------------------
> * This posting is provided "AS IS" with no warranties and confers no
> rights!
> * Always test ANY suggestion in a test environment before implementing!
> ------------------------------------------------------------------------------------------
> #################################################
> #################################################
> ------------------------------------------------------------------------------------------
> "vap0rtranz" <justin4dti@hotmail.com.> wrote in message
> news:41943AED-FD3A-4F24-8CAF-6C8DA792F8E9@microsoft.com...
>> Good info Jorge. So these old NT users need a UPN before we can expect
>> logons to always work correctly across trusted domains?
>>
>> Justin
>> --
>> AIM/YIM/ICQ: vap0rtranz
>> Homepage:
http://appstate.edu/~jp59031/
>>
>> "Here on the moon, our weekends are so advanced, they encompass the
>> entire
>> week." - Ignignokt
>>
>>
>> "Jorge de Almeida Pinto [MVP - DS]" wrote:
>>
>>> some explanation here:
>>>
>>> A user principal name (UPN) is a variation of a user account name that
>>> looks
>>> like an e-mail name but can be used to log on to a domain. The syntax is
>>> <username>@<string>. UPNs allow you to use the same logon name across
>>> different domains in the same forest or in different forests.
>>>
>>> Two types of UPNs exist:
>>> . Implicit UPN: Has the form "username@FQDNDomainName". The implicit UPN
>>> is
>>> always associated with the user's account, regardless of whether an
>>> explicit
>>> UPN is defined.
>>> . Explicit UPN: Has the form "userIDstring@FQDNstring". Both
>>> "userIDstring"
>>> and "FQDNstring" (UPN suffix) are explicitly defined by the
>>> administrator.
>>> That information is stored in the userPrincipalName attribute
>>>
>>> configuring the explicit UPN is a manual configuration and does not
>>> occur
>>> automagically ;-)
>>>
>>> --
>>>
>>> Cheers,
>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>>
>>> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
>>>
>>> BLOG (WEB-BASED)-->
http://blogs.dirteam.com/blogs/jorge/default.aspx
>>> BLOG (RSS-FEEDS)-->
http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>> ------------------------------------------------------------------------------------------
>>> * How to ask a question -->
http://support.microsoft.com/?id=555375
>>> ------------------------------------------------------------------------------------------
>>> * This posting is provided "AS IS" with no warranties and confers no
>>> rights!
>>> * Always test ANY suggestion in a test environment before implementing!
>>> ------------------------------------------------------------------------------------------
>>> #################################################
>>> #################################################
>>> ------------------------------------------------------------------------------------------
>>> "vap0rtranz" <justin4dti@hotmail.com.> wrote in message
>>> news:E7D8F117-640B-4B7C-B541-219B6BB07D23@microsoft.com...
>>> > We inherited an NT domain that had been upgraded directly to 2003.
>>> > Users
>>> > that have been added since the upgrade get the new username@domain
>>> > fields
>>> > populated under Users & Computers; the old NT users only have the
>>> > pre-Windows
>>> > 2000 domain\username fields populated. Will bumpting the
>>> > domain/forest
>>> > functional level up from 2003 Interim fix this? I bumped into some odd
>>> > ACLs
>>> > needed by a NAS box that allow only the new AD nomenclature ...
>>> >
>>> > Justin
>>> > --
>>> > AIM/YIM/ICQ: vap0rtranz
>>> > Homepage:
http://appstate.edu/~jp59031/
>>> >
>>> > "Here on the moon, our weekends are so advanced, they encompass the
>>> > entire
>>> > week." - Ignignokt
>>>
>>>
>