4

A buddy asked me this question - and I quite honestly don't know enough about Active Directory and how to operate/configure AD to answer this.

A customer of my buddy has an AD domain DomainA and that's what's they use to sign on to Active Directory now - users sign in with their user name in the form of DomainA\John Doe.

For whatever reasons (don't ask me for those reasons!), they know what to logon with a different domain name (which is not a subdomain of the first domain) - let's say OtherDomain. So the idea is: the Active Directory still runs on DomainA, but the users log in using OtherDomain\John Doe.

Any chance this is even possible? If so: how do you set this up / configure such a scenario?

Thanks for any hints!

marc_s
  • 1,132
  • 4
  • 21
  • 35

1 Answers1

4

This is possible. It's called a UPN and can be whatever you want.

In Active Directory Domains and Trusts you can define a new UPN for your forest. It then becomes select-able on the Account tab of a user account in ADUC. So if your domain is Domain1 and you define domain2.whatever as a UPN suffix for a user, that user can log in as user@domain2.whatever

MDMarra
  • 100,183
  • 32
  • 195
  • 326
  • 1
    OK - but can they log on as `domain2\user` (NetBIOS-style), too? Or only using the UPN name `user@domain2.whatever` ?? – marc_s Oct 17 '12 at 14:41
  • That, I'm not 100% user about. You can change the NetBIOS name for a whole domain, but I don't believe that changing the UPN for a user will allow that specific format to work. – MDMarra Oct 17 '12 at 14:42
  • 2
    UPN only affects the "@" style name. You can't change the NetBIOS style login. – Chris S Oct 17 '12 at 14:56
  • @ChrisS: OK thanks - what if I had a second domain `OtherDomain` and established full, two-way trust between both domains. Could users log on to `DomainA` using `OtherDomain` accounts? – marc_s Oct 17 '12 at 20:28
  • 1
    If you had two domains DomainA and DomainB, with trusts, users from the trusted domain can log-in to the trusting domain. But users still can't use the "wrong" domain in their login credentials. So if users exist in DomainA, they *can not* login using "DomainB\User" as they still don't exist in DomainB. – Chris S Oct 18 '12 at 19:16