0

Is it possible to share a UPN between a root and child AD domains? We're considering our options around how to structure an Active Directory domain with the option of splitting off the child domain should the business be sold down the line.

Ideally if they could sit in separate domains but share a UPN this would greatly speed up how quickly we can respond and carve out the environment should the need arise.

user2909236
  • 85
  • 1
  • 4
  • 10

1 Answers1

1

No.

A UPN must be unique among all security principal objects within a directory forest.

https://docs.microsoft.com/en-us/windows/win32/ad/naming-properties#userprincipalname

twconnell
  • 764
  • 4
  • 12
  • To my that implies that you can't have two objects (i.e. user accounts) with the same UPN. Could you have the UPN in two domains if there was no naming overlap. – user2909236 May 11 '20 at 05:48
  • @user2909236 correct, the user principal name (UPN) of user objects must be unique within the forest. If you have 2 domains from the same forest, there can be no duplicate UPN values (username@xyz.com). The pre-Win2k SamAccountName on the other hand can be reused in each domain. – twconnell May 11 '20 at 21:19