We currently have a Windows Server 2008 R2 set up with the domain, for example "abc.co.uk"
We have recently purchased a .co domain name for example "abc.co"
How do we go about having some kind of alias for users logging on to the network.
So for example the current username is…first.last@abc.co.uk but if the user enters first.last@abc.co, it logs on to to the same account under the .co.uk domain name?
What will be the best way of going about this?
Many thanks
Best Answer
Each user account in an Active Directory domain has a single "samAccountName" and a single "userPrincipalName". The "samAccountName" is the old-style NT 4.0 username-- "bob", "alice", etc. The "userPrincipalName" is a name that looks like an email address "alice@company.com" (but isn't an email address).
"userPrincipalNames", or UPN's, have an account name part (before the "@" sign) and a suffix part (after the "@" sign). An arbitrary number of suffixes, which bear no relationship whatsover to the names of any domains in the Active Directory forest, can be created in an Active Directory forest. After you've created a UPN suffix it can be assigned to users. The relationship of UPN suffixes to each user's "userPrincipalName" is configured on a user-for-user basis. You can have a single Active Directory domain in a forest with 3 UPN suffixes configured, and users in that domain can have their individual UPN suffix set, arbitrarily, to any of the forest-wide UPN suffixes w/o affecting any other users.
The limitations are that each user can have a single UPN suffix applied at a time, and no two users can have the same UPN (account name + suffix) even if they're in different domains in the forest (because UPNs must be unique forest-wide).
"userPrincipalNames" bear a resemblence to email addresses but have nothing to do with email addresses. Typically, though, you'll want to choose a suffix and account naming convention such that the user's UPN matches their email address. This makes things very convenient and less confusing for the users.
For your application, it sounds like you should create an "@abc.co" UPN suffix in your forest (using the "Active Directory Domains and Trusts" tool) and then assign that UPN suffix to users who you want to be able to logon with a "user@abc.co" UPN.