Learn AD in 15 Minutes a Week: Active Directory Domains and Trusts MMC, Part 2 Page 3

By Jason Zandri (Send Email)
Posted May 16, 2003


By setting other optional UPN suffixes you allow users from different domains in the same forest to logon on with one simple logon naming convention.

Let's say for example your domain looks like it does in the diagram below:

In order for JUSER3 to log into southamerica.gunderville.com using a UPN name they would have to enter JUSER3@southamerica.gunderville.com. JUSER6 from the northamerica domain would have to enter JUSER6@northamerica.gunderville.com.

If UPN names had been set up so that all users in the gunderville domain and the two child domains could use @gunderville.com logins would be simpler as all users would only have to enter @gunderville.com after inputting their username.

[NOTES FROM THE FIELD] - Users in gunderville.com are already going to be logging in with JUSER@gunderville.com as that is where their actual user accounts exist.

User accounts in the two respective child domains are not located in gunderville.com but by using UPN suffixes they would be able to log into the domain where their user account existed by simply entering @gunderville.com.

UPN names must be unique in the forest.

If there is an actual user account named "Jason" in gunderville.com there can also be a user account of "Jason" in northamerica.gunderville.com, however, Jason@gunderville.com would most likely be used by the "Jason" user account in gunderville.com.

The user of the "Jason" account in northamerica.gunderville.com would have to use some other @gunderville.com log on name (for example Jasonz@gunderville.com) in order to make the UPN name unique in the forest.

Well, that wraps up this section of "Learn Active Directory Design and Administration in 15 Minutes a Week." I hope you found it informative and will return for the next installment. If you have any questions, comments or even constructive criticism, please feel free to drop me a note. I want to write good, solid technical articles that appeal to a large range of readers and skill levels and I can only be sure of that through your feedback.

Until then, best of luck in your studies and remember,

I used to think that "Legally Drunk" was the funniest oxymoron I had heard until I heard someone mention something about "Business Ethics."


Jason Zandri, MCT, MCSE, Security+ Certified Professional, Certified Information Systems Security Professional (CISSP), currently holds the position of Technical Account Manager at Microsoft Corporation and has worked as a technical trainer and consultant for a variety of corporate clients in Connecticut over the past six years. He is available to work on an independent contract basis for technical authoring and editing, including books, articles, and whitepapers as well as customized corporate training and Microsoft CTEC training.

Page 3 of 3


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.