UPN Name Routing over an External, Two-Way, Non-Transitive Trust

-

hi all,

i have issue domain has alternate upn suffix in place works correctly within domain a. when logging in trusted domain b, alternate upn not work. 

the trust has been validated both sides , working correctly.

with forest trusts there number of tools available check , toggle upn suffix (netdom /trust /namesuffixes) these don't appear apply external trusts.

i cant see upn name routing tab in ad domains , trusts console (i assume visible in forest trusts) although have required permissions.

i'm thinking may dns related alternate upn name have no entry??

any appreciated technet / goggling has yet yield definitive.

ps windows 8.1 clients (x64)

domain windows 2012 r2 dc's

domain b windows 2008 sp2 dc's

thanks


hi,
far know, not use explicit upn suffixes across multiple forests external trusts. please see more details explicit/implicit upn from:
user name formats https://msdn.microsoft.com/en-us/library/windows/desktop/aa380525%28v=vs.85%29.aspx?f=255&mspperror=-2147217396
also, here article regarding conditions kerberos used on external trust, take look:
https://blogs.technet.microsoft.com/activedirectoryua/2010/08/04/conditions-for-kerberos-to-be-used-over-an-external-trust/
regards,
wendy

please remember mark replies answers if , un-mark them if provide no help. if have feedback technet subscriber support, contact tnmff@microsoft.com.



Windows Server  >  Windows Server 2012 General



Comments

Post a Comment

Popular posts from this blog

NDES - Reusing a password for multiple devices

-
hi there, i have requirement use ndes issue certificates new blackberry 10 fleet via scep. appears blackberry server assumes challenge returned ndes never change. consequently have followed steps outlined in following article  to reuse same challenge password multiple devices.... doesn't work: configure service function in single-password mode creating reg_dword value usesinglepassword , setting 0x1. give full control permission account used run ndes hkey_local_machine\microsoft\cryptography\mscep registry key. step required if have installed kb959193 hotfix. in iis manager snap-in, navigate scep application pool , in advanced settings set load user profile true. if you’ve configured ndes run under user account, logon interactively user account onto machine ndes installed force creation of user profile account. one-time operation, user doesn’t need stay interactively logged on while ndes running. prepare ndes service account profile: on ndes server, open in...
Read more

Can no longer user MS Update - Files required to use Microsoft Update are no longer registered

-
hi, i'm new server 2003.  installed it.  removed enhanced ie security.  proceed download , install windows server 2003 sp1, of dot net (1.1, 2.0, 3.0, 3.5, , updates), , sp2. after downloaded , installed of above, tried windows update menu option in ie.  (ie 8 windows server 2003) , sits there "done" in lower left hand corner.  never brings in window. so try www.microsoft.com -> download , trails -> update.  received error message "files required use microsoft update no longer registered or installed on computer".  click on register or reinstall files me now.  window changes , "check latest version of windows updating software .... ".   sits there (last time sat there on hour). i went on internet , found instructions: regsvr32 wuapi.dll regsvr32 wups.dll regsvr32 wuaueng.dll regsvr32 wucltui.dll regsvr32 atl.dll regsvr32 msxml3.dll did not work either.  have other suggestions?...
Read more

CDPUserSvc_xxxxx has stopped working

-
since last patch kb4041688 message on every windows 2016 server. any idea? seems number xxxxx changes on every boot. says: <failed read description. error code: 15100 > hi, had confirmed relate department, , edited reply in order provide appropriate explanation.   working on problem, testing, confirmation , relate processes may need period of time. appreciate patience. if there update it, update , let know. also, can pay attention microsoft product blog, official website, newly released update in order obtain newest information. workaround, can disable via registry - change start value from 2 4 (hexadecimal or decimal) , re-start system: hklm\system\currentcontrolset\services\cdpusersvc_ xxxxx best regards, eve wang please remember mark replies answers if help. if have feedback technet subscriber support, contact tnmff@microsoft.com . Windows Serv...
Read more