FQDN logons

  • Thread starter Thread starter Roberto Carraro
  • Start date Start date
R

Roberto Carraro

Hi,
I got a test installation with 2 DC's Win2k servers, one with a
Primary DNS zone, the other with a Secondary zone of the example.com
domain.
I got also a Win2k3 DC , running a Primary zone child1.example.com.

Everything seems to run smoothly, so far; what I want to achieve is to
have "Fully Qualified Domain Name logons", that is when I logon to
those servers, as admin, I'd like to have the domain name, under User
and Password, shown with "example.com" or "child1.example.com", not
"EXAMPLE" or "CHILD1".

I disabled NetBT on all the 3 DC's and they are all in Native mode.

How can I do that above?

Thanks,
Roberto
 
In
Roberto Carraro said:
Hi,
I got a test installation with 2 DC's Win2k servers, one with a
Primary DNS zone, the other with a Secondary zone of the example.com
domain.
I got also a Win2k3 DC , running a Primary zone child1.example.com.

Everything seems to run smoothly, so far; what I want to achieve is to
have "Fully Qualified Domain Name logons", that is when I logon to
those servers, as admin, I'd like to have the domain name, under User
and Password, shown with "example.com" or "child1.example.com", not
"EXAMPLE" or "CHILD1".

I disabled NetBT on all the 3 DC's and they are all in Native mode.

How can I do that above?

Thanks,
Roberto
Click to expand...

You cannot. That's the way the GINA works and it's not modifiable.

The other alternative is to logon using the UPN:
(e-mail address removed)
(e-mail address removed)

When using the UPN, the domain name section at the bottom will gray out.




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
You cannot. That's the way the GINA works and it's not modifiable.

The other alternative is to logon using the UPN:
(e-mail address removed)
(e-mail address removed)

When using the UPN, the domain name section at the bottom will gray out.
Click to expand...

And how come I'm sure I once saw a FQDN logon on a Win2k server, as
the one I want to achieve? ;-)

Roberto
 
In
Roberto Carraro said:
And how come I'm sure I once saw a FQDN logon on a Win2k server, as
the one I want to achieve? ;-)

Roberto
Click to expand...

Sorry, that's not possible. The bottom box shows the NetBIOS domain name and
is there for the legacy (Pre-W2k) logon method.

Matter of fact, in AD user's properties, there are two fields, one is for
the UPN logon the other is for the Pre-W2k logon. If you leave one or the
other blank, then loggin on with that method that is blanked out won't also
be possible.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
What Ace told you is correct (but maybe not completely
what you were hoping to ask).

You asked for one thing, and then indicated you saw "it" work;
chance are you two are really discussing two different ideas:

1) The NetBIOS names appear in the drop down
(that's the way it works as Ace told you.)

2) You CAN -- and may have seen someone -- log on using the DNS
name but you have to type it.

3) (another thing) You can also logon with the UPN -- user principle name,
which looks like the users "email address".

Also note: You would (likely) be using the DNS name; FQDN is a technical
term, commonly misused by many people to mean "DNS name" even when it
isn't "fully qualified" -- It's not fully qualified unless you TERMINATE it
with a
DOT: "."

This misuse of terminology is a peeve of mine but just this last week there
was
an instance of someone having trouble due to the confusion about what
actually constitutes a FQDN in DNS.
 
In

Sorry, that's not possible. The bottom box shows the NetBIOS domain name and
is there for the legacy (Pre-W2k) logon method.

Matter of fact, in AD user's properties, there are two fields, one is for
the UPN logon the other is for the Pre-W2k logon. If you leave one or the
other blank, then loggin on with that method that is blanked out won't also
be possible.
Click to expand...

Ok, I trust you ;-)

I think I have to buy a new pair of glasses!

Thanks.
Bye,

Roberto
 
In
Roberto Carraro said:
Ok, I trust you ;-)

I think I have to buy a new pair of glasses!

Thanks.
Bye,

Roberto
Click to expand...


Have a great weekend, what's left of it!

Cheers!
:-)

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
What Ace told you is correct (but maybe not completely
what you were hoping to ask).

You asked for one thing, and then indicated you saw "it" work;
chance are you two are really discussing two different ideas:
Click to expand...

No, actually I perfectly got Ace's point; I was just 'sure' I once saw
it...
1) The NetBIOS names appear in the drop down
(that's the way it works as Ace told you.)
Ok.

2) You CAN -- and may have seen someone -- log on using the DNS
name but you have to type it.
Click to expand...

Hey, wait a sec: do you mean in the drop down? Instead of the Netbios
name I can manually type the DNS name and maybe in future logons
that's what will be presented to me: is that what you're saying here?
3) (another thing) You can also logon with the UPN -- user principle name,
which looks like the users "email address".
Click to expand...

Ok, I tried that. I works, but that's not what I wanted.
Also note: You would (likely) be using the DNS name; FQDN is a technical
term, commonly misused by many people to mean "DNS name" even when it
isn't "fully qualified" -- It's not fully qualified unless you TERMINATE it
with a
DOT: "."

This misuse of terminology is a peeve of mine but just this last week there
was
an instance of someone having trouble due to the confusion about what
actually constitutes a FQDN in DNS.
Click to expand...

Yes, you're right, the "." is missing, so we cannot speak of a FQDN
here.

Thanks,
Roberto
 
Hey, wait a sec: do you mean in the drop down? Instead of the Netbios
name I can manually type the DNS name and maybe in future logons
that's what will be presented to me: is that what you're saying here?
Click to expand...

Yes, that's why I got involved (but it didn't occur to me that the next
logon
default was important to you.)
Ok, I tried that. I works, but that's not what I wanted.
Click to expand...

Just another choice.
Yes, you're right, the "." is missing, so we cannot speak of a FQDN
here.
Click to expand...

You can, but it's technically incorrect even though many people do this.

I just say, "DNS name". In fact, on Win2003/XP (maybe 2000) you might
be logging on with a DNS name ANYTIME you don't add a ".". The default
name resolution for these systems is DNS but maybe it doesn't apply to the
GINA (Graphical Identification aNd Authentication) which is running the
logon.
 
Hey, wait a sec: do you mean in the drop down? Instead of the Netbios
Yes, that's why I got involved (but it didn't occur to me that the next
logon
default was important to you.)
Click to expand...

Herb,
I didn't manage to manually type the DNS name (child1.example.com) in
the Log on to: combo box, I only have the choice between CHILD1 and
EXAMPLE, but I can't type anything.

Did I misunderstand what you said, maybe?

Roberto
 
No, maybe I misremembered and confused two things.

First you cannot -- you are correct -- type anything in the DOMAIN
box. You can only choose from the offered drop down since only the
MACHINE, the Machine's Domain, and trusted Domain's are choices.

That is the way that the GINA works and I should have remember that
because I have WRITTEN some of that code when I worked at MS.
(a custom deployment for a large client not for general release.)

You can however type in the UPN which LOOKS like a DNS name
(really it looks like an email address.)

I somehow conflated these two and made a mistake. Sorry about that.

If you want the DNS name, settle for the UPN.
 
In
Roberto Carraro said:
Ok, Herb and Ace,
thanks a lot for the support you gave to me!

Roberto
Click to expand...

:-)

Cheers!


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top