RE: [ActiveDir] Fun with Kerberos

2004-09-13 Thread Guy Teverovsky
From: [EMAIL PROTECTED] on behalf of Grillenmeier, Guido Sent: Fri 9/10/2004 6:10 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Fun with Kerberos Al, realize that the user accounts Guy is talking about are all in one forest - so the issue is not related to UPNs being unique

RE: [ActiveDir] Fun with Kerberos

2004-09-10 Thread Mulnick, Al
Title: RE: [ActiveDir] Fun with Kerberos No, that sounds about right. Across two forests? Be tough for any administrative program to enforce uniqueness unless it was authoritative for both forests. That said, that's something you want your admin processes to compensate for and ensure

RE: [ActiveDir] Fun with Kerberos

2004-09-10 Thread Michael B. Smith
Title: RE: [ActiveDir] Fun with Kerberos I thought this was a great article on the topic: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/fedffin2.mspx From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, AlSent

RE: [ActiveDir] Fun with Kerberos

2004-09-10 Thread Grillenmeier, Guido
Title: RE: [ActiveDir] Fun with Kerberos Al, realize that the user accounts Guy is talking about are all in one forest - so the issue is not related to UPNs being unique accross more than one forest. They're just logging in from a machine in a different forest. I've already discussed

RE: [ActiveDir] Fun with Kerberos

2004-09-10 Thread Mulnick, Al
Title: RE: [ActiveDir] Fun with Kerberos Thanks Guido. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, GuidoSent: Friday, September 10, 2004 11:10 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Fun with Kerberos Al, realize that the user accounts Guy

RE: [ActiveDir] Fun with Kerberos

2004-09-09 Thread Grillenmeier, Guido
for applications running on the other server. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Teverovsky Sent: Thursday, September 09, 2004 6:22 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Fun with Kerberos Stumbled upon an issue couple of days ago

RE: [ActiveDir] Fun with Kerberos

2004-09-09 Thread Guy Teverovsky
Kerberos trust with myad.com forest. Guy From: [EMAIL PROTECTED] on behalf of Grillenmeier, Guido Sent: Thu 9/9/2004 11:52 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Fun with Kerberos that's correct - even if you configure an additional UPN suffix

[ActiveDir] Fun with Kerberos

2004-09-08 Thread Guy Teverovsky
Stumbled upon an issue couple of days ago and wanted to hear what you guys think about it. Suppose that your AD is called myad.com and you also configure additional UPN suffix company.com. Now I create 2 users in child.myad.com child domain: 1) sAMAccountName: guy userPrincipalName: [EMAIL