RE: [ActiveDir] Logon types

[Mulnick, Al]

I think you have it.  But let me play this back to be sure I understand correctly.   Example 1, you get the logon dialog box and you enter the following: User Name: Jdoe Password : Mysupersecretpassword in the logon to drop down ('cause this is a member of the domain right?) you specify the domain.   In example 2, you specify a domain user credential, [EMAIL PROTECTED] (where domain is the same domain used in example 1) You enter the same password, since to you it's the same account. But in the logon to drop down, you specify the local machine vs. the domain.   Other than wondering why on earth you'd do that (silly users I'd guess)?  you're using domain creds against the local security context which should give you unpredictable results.  For that matter, why is it letting you logon that way at all unless it's translating that UPN to a sid and then using cached creds?  Then when you go to use Outlook, it wants a ticket which you have not necessarily received yet.  When creds are passed, it may be going to the wrong context at first giving you the effect you have.  I'm making this up as I go, so take it with a grain of salt :)   The correct behavior would be to have the user login with the same credentials each time to the same context whether off-line or not.  Try not to overthink it and it works pretty well, right?   My crazy story and I'm sticking to it for now. ;-)     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul van Geldrop Sent: Friday, September 10, 2004 11:50 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Logon types In the first example, you're logging in straight into the security context of the domain, authenticating you to the domain. In the second example, you're logging into the workstation's security context, which does not give you domain-wide authentication. And, oh yes, I might be wrong, just the first thing that popped into my head as I read this. :) Regards,   Paul.   ---- Original Message ----- From: Douglas M. Long To: [EMAIL PROTECTED] Sent: Friday, September 10, 2004 5:27 PM Subject: RE: [ActiveDir] Logon types Lol. This is why I am not a teacher, I cant explain worth a darn.   Example1:                     User name:       jdoe                                     Password:         ********                                      Log on to:          DOMAIN     Example2:                     User name:       [EMAIL PROTECTED]                                     Password:         *********                                     Log on to:          workstation (this computer)     How do these differ?   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Friday, September 10, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Logon types   Can you say that again with some examples?    Al   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Friday, September 10, 2004 10:43 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Logon types OK, this may be a stupid question, but here it goes.   If I login to a client machine with username and domain how does that differ from [EMAIL PROTECTED] and local machine. My suspicion is that when logging in locally with the UPN (is that the correct term) that a ticket is only granted at the time an application needs some credentials, whereas logging into the domain grabs a ticket immediately. Is this correct thinking?   The reason I ask is because a user has been logging on with the [EMAIL PROTECTED] and local machine and has been having problems with outlook (exchange), but when logged into the domain all is well. It makes sense to me, but not for a particular reason. Any info is much appreciated. Thanks