I agree with Al that the process to get the trusted domains
list could possibly be wiping out the value you are tucking
in.
If you are trying to get away from "contexts", I think one
of the best things you could do is go to UPN logon then, then they don't have to
remember their domain for the most part, you could do something like [EMAIL PROTECTED] or [EMAIL PROTECTED] even.
Hmm your words of kindness towards IBM and their Tivoli
product is not the first I have heard for that. ;o) The rest of the info
is quite interesting to me, thanks for sharing.
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Glenn
Sent: Friday, May 05, 2006 3:04 PM
To: [email protected]
Subject: Re: [ActiveDir] Default Domain
On 5/5/06, joe <[EMAIL PROTECTED]> wrote:
Welcome.I am not sure if you can set a domain by default for the initial logon. If you could, I would expect it to be to some of the reg entries maintained in the HKLM\software\microsoft\windows nt\currentversion\winlogon portion of the registry.
That is exactly the key we have found what little information we
have. No matter what you set for defaultdomainname or altdefaultdomainname
it's the same thing.
You could step around that by telling people to use UPNs for logon instead of SAM Names. That would mean you would use something like [EMAIL PROTECTED] instead of something\PGlenn. That is the direction the auth is going so if you are starting fresh now, might as well start that way. Then the domain dropdown is a moot point. It also means you can dork with the domain's almost to your heart's content and never have to worry about telling the users their new domain, it will just work because the UPN does not have to match the Domain structure.
We would like, if possible, to stay away from this because of the way we
have the students logging on now. Currently they don't have to use any
context for their Netware logins. A far cry from the days they had to put
in .pglenn.uxx.student.usr.uky The direction our university is leaning is
to do everything via LDAP lookups. We are doing this because we have 2
major AD domains and on major eDirectory. Account information is handles
by Novell's Identity Manager.
I am curious about the direction to move as you state it as "the Novell business model", what specifically is pushing this change? With Novell embracing Open Source I would expect schools and the like to be more, not less, interested in it. Also I am curious why not a move to say BSD or Linux. If anywhere that stuff works well en masse it is in school environments because they are so closed and geographically small.
Going open source is great for many things. However, after many years
or struggling with different vendors and their lack of support for anything that
is not Windows, open source wasn't that appealing. Our vendors include
made dicipline specific software who don't want to support anything else and
hardware vendors that support others things when they get around to it - and
example of the latter being the horrible tech support from Tivoli after loosing
about 2 terabytes of data (took them 6 months to get it resolved). Using
Netware OES or eDirectory on SUsE were other options I had. After wieghing
several things - most importantly my learning curve for such a move to either
one given the time table - I chose AD. This will allow us to put out
images without a non-native client. This also pleases my VP, who really
wants me to move toward AD.
Paul
