Can someone figure out why the Administrator account (even for a 2003 Domain
controler) by default has no UPN ("User logon name:") defined?
Every other new user will have a UPN set up, but not the Administrator.
Why is that?
Thanks I.A
--
Tal.
> Can someone figure out why the Administrator account (even for a 2003
> Domain
> controler) by default has no UPN ("User logon name:") defined?
>
> Every other new user will have a UPN set up, but not the Administrator.
>
> Why is that?
Hi,
The userPrincipalName attribute is not mandatory. I have created many users
with no value assigned. If no value is assigned, the user can still logon
with the name in the form sAMAcco...@domain.com, where domain.com is the
DNS name of the domain (the UPN suffix). sAMAccountName is the NT name of
the user, called the "pre-Windows 2000 logon name" in ADUC. Administrator
can logon as Admini...@domain.com.
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
When I try to convert "Domain\User" to UPN using TranslateName() API, it
fails with error 0x534. Only after I fill the "User logon name" and @domain
suffix, it works.
So I still wonder why can't TranslateName() figure out automaticly the __
assumed __ UPN.
Is there a diffrent API I can use?
Thanks I.A
--
Tal.
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
"Tal" <T...@newsgroups.nospam> wrote in message
news:EA9E480A-31B4-4C64...@microsoft.com...
I don't think I can assume the defult UPN == sAMAcco...@domain.com
since domain suffic for UPN is (most of the times) diffrent than the
Domain\sAMAccountName.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
You are right, as long as I know bob's external domain name is 'hello.com' .
But if bob internal domain name is "hello.lan" (or "HELLO-AAA"), and the
external domain name is "hello.net", how can I figure out "HELLO-AAA\bob"
default UPN is "b...@hello.net" ?
The TranslateName API fails, do you know of a diffrent API that can do the
same?
Thanks.
--
Tal.
There is no such thing as external/internal domain name. The domain name is the
DNS domain name of the domain. So if bob is in the domain hello.lan, his default
UPN is b...@hello.lan. If bob in hello.lan has a UPN of b...@hello.net, the
userPrincipalName is populated.
I don't often use the layers above the LDAP API because you have to depend on
the stuff being done right which in this case seems not to be the case for you.
If I needed to work out the UPN of a user I would write my own function to do
it, the first thing I would do is look up the DNS name of the NetBIOS name
specified from the partitions of the forest. Then I would search the appropriate
domain for the sAMAccountName, look at the UPN, if it isn't populated then I
would use the default UPN which again is <sAMAccountName>@<domain DNS Name>
joe