Last Updated on January 20, 2015 by Dishan M. Francis
Today infrastructure/network setup are becoming more complex with the business needs. The time with single-domain, single-forest model almost over. When we look in to single-forest multiple domains setup or multi-forest, multi-domain model it’s obvious the login process to the domain should properly plan.
When user login in to as computer or any other service which is integrated with active directory services user have to use correct domain, user name and password. As an example let’s assume we are using contoso.com as the company domain. So User A in the domain uses contoso\usera as the user name and associated password to log in to his pc. So current setup is work as single-domain, single-forest. Company recently starting new business and management wants to add another domain xyz.net to same forest. So users in xyz company wants to use there domain to log in to active directory integrated services/solutions. The answer to this is user principle name (UPN). UPN is works like and email address to log in to active directory. By default UPN suffix is the name of the forest root domain. So in our example its by default contoso.com. By adding xyz.net as new UPN suffix to the domain, users under Xyz.net Company can use xyz.net as their login domain. So User A from contoso will need to use usera@contoso.com as the user name to log in to the domain and User B from XYZ will need to use userb@xyz.net to log in to domain.
This is very useful option if you are using exchange services in your organization. So users always can use their own email address as the login user name and they no need to worry remembering the domain they belongs to. Especially if users using web interface based authentications.
Let’s look how we can do this.
1) Log in to the domain controller as administrator
2) Then load up the Server Manager > Tools > Active Directory Domain and Trusts
3) Then it will load up the MMC and right click on “Active Directory Domain and Trusts” and select properties.
4) In next window, type the UPN suffix which you like to add and then press add button.
5) Then click “OK” to exit.
Now when you go to add new user to the domain you can select which UPN suffix he supposed to use.
Also we can change UPN suffix for already setup user account. To do that you need to go to properties of the relevant user account > Account > and then select suffix from the drop down. Once done click ok to apply changes.
if any questions about the post feel free to contact me on rebeladm@live.com
thanks for the steps you provided. We are having problems when using the same logon names and different UPN. In our situation, to generate logon names, we get the 1st charater of the 1st name and the other name eg John Smith will be generated as jsmith. so when we try to enter James Smith, it pops up a problem even if am using a different UPN. how can i solve this?