active-directoryuser-accountswindows
I'm trying to troubleshoot an obscure authentication error and need some background information.
Is there any difference between how Windows (and programs like Outlook) process DOMAIN\username and username@domain.local?
What are the proper terms for these two username formats?
Edit: In particular, are there any differences in how Windows authenticates the two username formats?
I've only used Windows SFU on Windows 2008 before, but I believe that's based on Interix. I've played with cygwin on occasion, but not a huge amount, so someone please correct me if I say something obviously wrong here.
ps and df work fine.If you have a copy of a Windows OS that will support Interix (as you said, an Enterprise edition, an Ultimate edition, or a Server edition), it's no harm giving it a go. It is a very complete feeling environment. Cygwin, as you said, runs on everything, and is better known and better supported, but feels a bit like a dirty hack to me. Some people use it regularly though.
Best Answer
Assuming you have an Active Directory environment:
I believe the backslash format DOMAIN\USERNAME will search domain DOMAIN for a user object whose SAM Account Name is USERNAME.
The UPN format username@domain will search the forest for a user object whose User Principle Name is username@domain.
Now, normally a user account with a SAM Account Name of USERNAME has a UPN of USERNAME@DOMAIN, so either format should locate the same account, at least provided the AD is fully functional. If there are replication issues or you can't reach a global catalog, the backslash format might work in cases where the UPN format will fail. There may also be (abnormal) conditions under which the reverse applies - perhaps if no domain controllers can be reached for the target domain, for example.
However: you can also explicitly configure a user account to have a UPN whose username component is different from the SAM Account Name and whose domain component is different from the name of the domain.
The Account tab in Active Directory Users and Computers shows the UPN under the heading "User logon name" and the SAM Account Name under the heading "User logon name (pre-Windows 2000)". So if you are having trouble with particular users I would check that there aren't any discrepancies between these two values.
Note: it is possible that additional searches are done if the search I describe above doesn't find the user account. For example, perhaps the specified username is converted into the other format (in the obvious way) to see if that produces a match. There must also be some procedure for finding accounts in trusted domains that are not in the forest. I don't know where/whether the exact behaviour is documented.
Just to further complicate troubleshooting, Windows clients will by default cache information about successful interactive logons, so that you may be able to log into the same client even if your user account information in the Active Directory is inaccessible.