-4

How can I assign multiple User login names to an AD user so he/she can authenticate seamlessly?

Here's an example:

  • User name 1: FJohnson
  • User name 2: domain\Fjohnson
  • User name 3: FJohnson@domain.com

Assuming that the machine is always connected to the domain.

A practical situation: when a password expires, the user needs to provide a new one and it affects services such as LYNC (Onsite) and Exchange (Onsite) and our users are confused which username to use.

I found this article Add User Principal Name Suffixes I followed the instructions and added domain.com as a new suffix, but I couldn't log in with the user name: FJohnson@domain.com. (Of course Fjohnson and domain/FJohnson works)

StackzOfZtuff
  • 1,754
  • 12
  • 21
IndieTech Solutions
  • 99
  • 1
  • 10

2 Answers2

8

What's the question?

  1. The first one is the user logon name.

  2. The second one is the pre-Windows 2000 user logon name.

  3. The third one is the User Principal Name.

All three are valid and exist by default for every user account. All three can be used to log in to the domain. You don't have to assign them at all.

Based on your edit, when you created the UPN did you set it as the UPN on the user account (from the Account tab of the user account properties pages)?

Further Reading

StackzOfZtuff
  • 1,754
  • 12
  • 21
joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • Thanks for the help it wasn't the right answer but a good guideline , Upvoted. I will post my answer for future reference. – IndieTech Solutions Apr 07 '15 at 19:31
  • 2
    What do you mean it wasn't the right answer? Of course it was the right answer. You didn't mention that you created an additional UPN suffix in your original question, you only mentioned that in your edit. Once you did, I amended my answer to include the relevant steps needed in order to use the new UPN suffix. – joeqwerty Apr 07 '15 at 19:40
  • the last one doesn't EXIST by default – IndieTech Solutions Apr 07 '15 at 19:41
  • 2
    an implicit UPN suffix **DOES** exist be default. Your new UPN suffix doesn't exist by default. An implicit UPN exists upon creation of the domain. Each user account has an implicit UPN. When you create an explicit UPN you have to assign it to the user account.- https://msdn.microsoft.com/en-us/library/windows/desktop/aa380525(v=vs.85).aspx – joeqwerty Apr 07 '15 at 19:44
  • You are not hearing me , i explisitly mentioned in my question that i need user@domain.com which is the UPN and that one doesn't exist by default you HAVE to add it – IndieTech Solutions Apr 07 '15 at 19:45
  • 1
    You're not understanding me. There was no way to know from your original question that user@domain.com or user@domain.org was your explicit UPN. Either one could have just as well been the implicit UPN, which **DOES** exist by default upon creation of the domain and **IS** a valid logon name for each user. It was only when you edited your question to mention that you were referring to an explicit UPN that it became clear what you were talking about. In any event, my original answer and my edit are correct. – joeqwerty Apr 07 '15 at 19:49
  • Here's another issue (Related of course) Outlook now accepts user , domain/user and user@domain.org but Lync doesn't accept the new UPN Suffix. any thoughts? – IndieTech Solutions Apr 07 '15 at 19:53
  • Lync uses the SIP username, which should match the UPN if you want that to work for login to Lync. If they don't match, you get prompted and have to use domain\username format. http://blog.insidelync.com/2013/06/anatomy-of-a-sip-domain-change/ – mfinni Apr 07 '15 at 20:55
  • 1
    And you should have posted that as a new question. Welcome to ServerFault. – mfinni Apr 07 '15 at 20:55
-3

After digging around and the help from @joeqwerty here's an answer for my question: it's a two parts process:

  1. Create a new UPN Suffix, in my case it's domain.com (Please do not use the @ before the dns name AD will add it automatically) Check this link for more info
  2. You need to go to:
  3. AD Users and computers
  4. Locate the account you want to update.
  5. Change the domain from domain.local to domain.com (The new created suffix)
  6. Option number 5 is next to User Logon Name

Bonus: You might create a script to update all the users on your domain.

IndieTech Solutions
  • 99
  • 1
  • 10