REG ADD has a disadvantage b/c it runs every time (thus adding to startup delay) but of course has one big advantage... it runs every time. Unless you configure the registry client side extension otherwise, it doesn't refresh (b/c the GPO itself hasn't changed)... so you could still have a user from another domain change the domain, then the next user is logging on to the wrong domain... A startup script is useful to "enforce" that setting.
However, I agree that educating users to log on with the upn is a much more viable answer for multidomain environments.... I would try to aim for that. Dan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, July 19, 2005 3:37 PM To: [email protected] Cc: [email protected]; [EMAIL PROTECTED] Subject: RE: [ActiveDir] Default Domain We are using a startup script that has two reg add commands reg add "HKLM\software\microsoft\windows nt\currentversion\winlogon" /v altdefaultdomainname /t REG_SZ /d DOMAINAME /f reg add "HKLM\software\microsoft\windows nt\currentversion\winlogon" /v defaultdomainname /t REG_SZ /d DOMAINAME /f This has worked very well for us during and post migration. Most of our users came from small NT domains and we only finished the 1000 NT domains to 9 AD domains over the last 6 months. Where this does not work is if I choose to logon, then hit escape - for some reason when I hit ctrl alt del the second time the last domain I logged into shows up instead of the specified DOMAINAME above. This might have been specific to one machine or may be a problem with one of the entries - I only saw it the once and have not had time to go back and investigate. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service [EMAIL PROTECTED] "Grillenmeier, Guido" <[EMAIL PROTECTED] To: <[email protected]> com> cc: (bcc: James Day/Contractor/NPS) Sent by: Subject: RE: [ActiveDir] Default Domain [EMAIL PROTECTED] tivedir.org 07/19/2005 11:59 PM ZE2 Please respond to ActiveDir got ya - makes sense in this case. however, you could also edjucate users to logon via UPN thus not requiring the selection of a domain at all, regardless of the domain-affiliation of the PC used during logon... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Dienstag, 19. Juli 2005 23:54 To: [email protected] Subject: RE: [ActiveDir] Default Domain I am actually thinking of using it since I have 7 domains in one forest, if someone from a different domain uses someones computer, on reboot the domain that is selected in the drop down list is the proper domain for that computer. Similar to when my helpdesk people login to the local machine, the user doesn't try to then login to the local machine using their domain username, hence reducing phone calls to the helpdesk. Justin A. Salandra MCSE Windows 2000 & 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Tuesday, July 19, 2005 5:51 PM To: [email protected] Subject: RE: [ActiveDir] Default Domain should work just like setting any other registry key on the client. The question is, if you really need it/want it. Most computer migration tools can set that value during the migration of the PC from source to target. But you might very well not want to change this value at the time of the computer-migration => you'll typically want to change it during migration/activation of the user accounts. This is often not done at the same time, so changing the value via GPO with the computer migration could actually be counter-productive. Further, it's not enough if you're implementing a new naming conventions for user-accounts or simply need to change logon-names due to duplicates during a domain-migration that consolidates multiple source domains to one AD domain. In this case you'll no only want to generically update the "DefaulDomainName" value to help your users, but at the same time you might want to update the "DefaultUserName" value with the new accountname for the target domain. Hardly doable with a GPO - I typically do this with custom scripts triggered centrally during account activation (quite independently from the computer migration). But nothing goes over edjucating your users about the changes in the infrastructure and specifically those related to their domain logon - otherwise they potentially stare at another machine and wonder why they can't logon to this one, causing an increase in helpdesk calls... /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Dienstag, 19. Juli 2005 22:03 To: [email protected] Subject: [ActiveDir] Default Domain Has anyone tried this? I got it off of another list I am a part of. The default domain name is stored in the DefaultDomainName registry value, but no built-in Group Policy setting to control its value. You can easily create a custom .adm file that will let you configure the default domain for computers that have the GPO applied. To do so, save this code as defaultdomain.adm in the C:\windows\inf folder. CATEGORY "Logon Settings" KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" POLICY "Default Domain" PART "Default Domain" EDITTEXT VALUENAME "DefaultDomainName" END PART END POLICY END CATEGORY You can then add this template to an existing or new GPO's Computer Configuration section. To do so, select Add/Remove Templates. Click Add and select the defaultdomain.adm file. Because this registry subkey isn't in a standard, managed portion of the registry, you won't see it until you select Filtering under the View menu and clear the "Only show policy settings that can be fully managed" check box, as the figure at http://list.windowsitpro.com/t?ctl=EA05:2C262 shows. The new policy will be available under Computer Configuration, Administrative Templates, Logon Settings, Default Domain. The policy sets the specified domain on computers that receive the policy, as the figure at http://list.windowsitpro.com/t?ctl=EA08:2C262 shows. During migrations between domains, this policy saves users from having to select a new domain from the drop-down list Justin A. Salandra MCSE Windows 2000 & 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
