Adding the UPN suffixes to the list of alternate UPNs will
enable configuration of TLN restrictions (Top-Level Name restrictions) for
forest trusts (i.e. transitive trust between two 2003 forests). The UI lists the
available UPN suffixes of the trusted forest incl. the stored alternate UPNs
and allows you to configure which ones you allow to be used "accross the
trust" for authentication. This is a must, if your UPN isn't a subordinate
of the top level name of your root (e.g. TLN of root = "mycompany.net", but your
alternative UPN suffix is "othercompany.net").
Alternative UPNs which are subordinates (e.g.
"otherOrg.mycompany.net") can be added manually within the wizard by adding
exceptions for your existing root-UPN suffix.
/Guido
From: joe [mailto:[EMAIL PROTECTED]
Sent: Freitag, 19. M�rz 2004 01:10
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Do I really need to add UPNs?
Crap I knew the answer to this at one point... I must have
reached the end of my event log and am now overwriting...
It is for the GUI but there is something else that looks at
that and if it isn't populated it doesn't know to take that UPN Suffix into
account.... I want to say it has something to with Forest Trusts but I could be
way out in left field. Basically *something* looks at the possible UPN Suffixes
and that is all that will be allowed for this or that. Sorry to be so vague but
I can't recall what *it* is. If I recall I will come back and post but I did
want to get something up here to say I had seen *something* at one point
concerning this. Maybe Eric or Guido or Dean has something they can think of
really quick...
-------------
http://www.joeware.net (download joeware)
http://www.cafeshops.com/joewarenet (wear joeware)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith
Sent: Thursday, March 18, 2004 5:03 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Do I really need to add UPNs?
Using the GUI, I can
add a new UPN by opening "AD Domains and Trusts", right clicking on the top item
in the left pane and selecting properties. If I want to add it via script,
I use Robbie's recipe 6.32.
But I can create all
the users I want programmatically with any UPN I want without putting that
UPN into the uPNSuffixes attribute.
Is the only purpose
for this attribute to make it easier in ADU&C to pick a UPN
value?
