none
UPN Suffix for ActiveSync

    Question

  • Hello All,

                ActiveSync requires to provide Domain\User Name OR username@internaldomain.local for it to be configured successfully.  I am looking to not use both of these but use username@externaldomain.com.  I have worked around it by creating a UPN suffix and then assigning it to the target user, and it works.  My questions are:

    1-  What would be the impact of it on the end user from domain logon or anyother application point of few since UPN has changed from internaldomain.local to externaldomain.com?

    2-  When I leave the UPN Suffix to be default which is internaldomain.local, it does not work.  Is it necessary to select the externaldomain.com UPN from drop down menu?  Does not it mean that if UPN suffixes both internaldomain.local and externaldomain.com are showing in the drop down menu so both apply and user can use any of them?

    thanks in advance.

    Wednesday, March 14, 2012 9:21 AM

Answers

  • Hi Geek Seek,

    In my Opinion
    - for any user-object @ the AD, we have 2 options username, username@domain.com (UPN) and password

    - When any IIS based or Outlook clients trying to get authentication they have two options of using
    (a) either domainname\username,password
    or
    (b) username@domain.com (UPN),password

    Irrespective of the UPN Change, the "domain\username"+password should be able to authenticate and access the resource without any issues

    Note: The domain which is going to be constant is @ the "Use Logon name (Pre-Windows 2000)" @ the accounts tab of the user-account from the "Active Directory Users and computers"

    Note1: Please double-check from Outlook,OWA,browser mobile devices....before proceeding to the bulk modification.

    Cheers

    Aravind

    Wednesday, March 21, 2012 8:33 AM
  • Thanks for the replies.  I have tested and it is working so far.  Thanks .
    Saturday, March 24, 2012 3:30 PM

All replies

  • Hi,

    1.) It should have no negative impact of changing the UPN from the internaldomain to the externaldomain

    2.) There can only be one UPN for a user - you will therefore have to change this on all desired user accounts

    Leif

    Wednesday, March 14, 2012 10:24 AM
  • So, after changing the UPN to externaldomain, user would continue to login to domain as before without any change?

    Wednesday, March 14, 2012 10:40 AM
  • I would appreciate if someone could confirm.  It is kind of big deal doing it on all users and if issues can arise then I will not go through with it.  My only concern is that users should not face any logon problems (domain or applications) if i set the UPN suffix to externaldomain.com.  Thanks in advance.

    Thursday, March 15, 2012 9:44 PM
  • Hi, Users will still be able to logon normally (I assume that you mean using domain\username) Why don't you change this for just a few users to make sure? Leif
    Friday, March 16, 2012 9:08 AM
  • Thanks for the reply.  I have tried on few machines and it works on domain where I have to just provide username and password on the logon prompt.  I hope it will be the same for rest of the users.  I was thinking that I might be required to provide username@externaldomain.com and password at the logon prompt after changing the user account property of the user.  So, was just confirming from you.  Do you endorse it now? 


    And what about applications where DOMAIN\username is placed, would it still continue to work?
    • Edited by Geek Seek Sunday, March 18, 2012 6:28 PM
    Sunday, March 18, 2012 6:27 PM
  • Hi,

    I  have involved a support engineer in this thread. If you have any other findings, please don't hesitate to let us know.

    Wednesday, March 21, 2012 1:21 AM
  • Hi Geek Seek,

    In my Opinion
    - for any user-object @ the AD, we have 2 options username, username@domain.com (UPN) and password

    - When any IIS based or Outlook clients trying to get authentication they have two options of using
    (a) either domainname\username,password
    or
    (b) username@domain.com (UPN),password

    Irrespective of the UPN Change, the "domain\username"+password should be able to authenticate and access the resource without any issues

    Note: The domain which is going to be constant is @ the "Use Logon name (Pre-Windows 2000)" @ the accounts tab of the user-account from the "Active Directory Users and computers"

    Note1: Please double-check from Outlook,OWA,browser mobile devices....before proceeding to the bulk modification.

    Cheers

    Aravind

    Wednesday, March 21, 2012 8:33 AM
  • Thanks for the replies.  I have tested and it is working so far.  Thanks .
    Saturday, March 24, 2012 3:30 PM