Users Can Log in Using User Name or User Principle Name

ID: Q243280

The information in this article applies to:
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Server

SUMMARY

Users can logon to a Windows 2000 domain using two different logon names. For example, you can use your down-level user logon name (such as my_name) or your User Principle Name (UPN) such as my_name@my_domain_name.

Your User Logon Name

This is the User Principal Name (UPN) to log on to a Windows 2000 domain. The UPN is comprised of a logon name and the UPN suffix that must be appended to the name (the text following the @ symbol). The UPN must be unique within the forest.

By default, the user has a UPN suffix of "@domain_name". If multiple UPN suffixes are available, you can choose the desired UPN suffix from the list of UPN suffixes.

Example A - One User in One Domain

Joe S. User is a user in the domain named mydomain.com. The down-level name of mydomain.com is mydomain.
First name: Joe
Middle initial: S
Last name: User

The logon name portion of the user logon name is joeuser.
The UPN for this user is joeuser@mydomain.com.
The down-level logon name for this user is MYDOMAIN\joeuser.

Example B - Two Users in Two Different Domains in the Same Forest

Joe S. User is a user in the domain named mydomain.com. The down-level name of mydomain.com is mydomain.
First name: Joe
Middle initial: S
Last name: User

There is another user named Joe S. User. However, he is a user in the domain named childdomain.mydomain.com. Childdomain.mydomain.com is a child domain of mydomain.com, and both domains are in the same forest.
The down-level name of childdomain.com is childdomain.


First name: Joe
Middle initial: S
Last name: User

The logon name portion of the user logon name is joeuser.
The UPN for this user is joeuser@childdomain.mydomain.com.
The user's down-level logon name is CHILDDOMAIN\joeuser.

Your Down-Level User Logon Name

The user logon name is comprised of the down-level name of the domain and a logon name. Generally, the logon name portion of the UPN is the same as the logon name portion of the down-level name. However, if the user is going to use a different name to logon from computers running Microsoft Windows NT or Microsoft Windows 98/95, the logon name portion of the UPN must be unique.

Down-level user names must be unique within the forest. However, there could be multiple users with the same logon name portion of the down-level name, but with different domain names. For example, BIGDOMAIN\joeuser, OTHERDOMAIN\joeuser, NEWDOMAIN\joeuser, and so on.

Example A - One User in One Domain

Joe S. User is a user in the domain named mydomain.com. The down-level name of mydomain.com is mydomain.
First name: Joe
Middle initial: S
Last name: User
The logon name portion of the user logon name is joeuser.
The UPN for this user is joeuser@mydomain.com.
The user's down-level logon name is MYDOMAIN\joeuser.

NOTE: The logon name portion of the down-level name does not have to be the same as the logon name portion of the UPN.

Example B - Two Users in Two Different Domains in the Same Forest

Joe S. User is a user in the domain named mydomain.com. The down-level name of mydomain.com is mydomain.
First name: Joe
Middle initial: S
Last name: User
The logon name portion of the user logon name is joeuser.
The UPN for this user is joeuser@mydomain.com.
The user's down-level logon name is MYDOMAIN\joeuser.

There is another user named Joe S. User. However, he is a user in the domain named childdomain.mydomain.com. Childdomain.mydomain.com is a child domain of mydomain.com, and both domains are in the same forest.

First name: Joe
Initial: S
Last name: User
The logon name portion of the user logon name is joeuser.
The UPN for this user is joeuser@childdomain.mydomain.com.
The user's down-level logon name is CHILDDOMAIN\joeuser.
There is no conflict between the two user logon names because each user is a member of a separate domain.

Example C - Two Users with the Same Name in the Same Domain in the Same Forest

Red is an Organizational Unit (OU) in mydomain.com
Joe User is a user in the OU Red.
First name: Joe
Initial: S
Last name: User
The logon name portion of the user's logon name is joeuser
The user's UPN logon name is joeuser@mydomain.com
The user's down-level logon name is MYDOMAIN\joeuser

There is another user named Joe User. However, he is a user in the OU Blue. Blue is an OU in mydomain.com.
First name: Joe
Initial: S
Last name: User

The second Joe User's UPN cannot equal joeuser@mydomain.com because all UPNs must be unique with the forest. Also, the second Joe User's down-level logon name cannot be MYDOMAIN\joeuser, because all down-level logon names must also be unique with the forest. To permit this user to logon, a different logon name must be selected to create a unique UPN with the suffix @mydomain.

Additional query words: down level

Keywords : kbnetwork
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbinfo


Last Reviewed: December 29, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.