Smartcard logon in different domains

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Let's assume that one user has the same UPN in differents Active Directories.
If this user tries to logon using smartcard, ¿which AD is used?, ¿does it
possible to configure this behavior to make logon using some order or
priority?, Could this configuration be different for each active directory?

Thanks,
 
If you are talking about forest trusts then that will not work. See the link
below for more details on forest trusts and in particular the section on
Using the User Principal Name to Log On Across Forests. If you have further
questions you may also want to post in the active_directory newsgroup. ---
Steve

http://www.microsoft.com/technet/pr...logies/directory/activedirectory/mtfstwp.mspx

UPNs are used primarily for interactive logons across domains. With multiple
forests, UPN logons are available across forests under some conditions and
not others. Under either of the following conditions, UPNs cannot be used to
log on to a domain in a different forest:

. Shared UPN suffix: If two or more forests use the same UPN suffix,
users cannot use UPNs to log on to a domain in the trusting forest. They can
use the UPN only for logons within their own forest.
 
Thanks a lot for the reply.

So I understand that we are using shared UPN suffixes (different forest are
using the same UPN suffix) and we have External trust relationship between
domains in different forests (not forest trust relationship).

According to that, it's not possible to use UPNs to log on across forests
but we have made the following tests:
The scenario: Two domains (A.es and B.NET) with the same UPN ([email protected]) for a
test user, different forests, one bidirectional trust relationship between
A.es and B.NETdomains.

When we use the smartcard to logon, the system connect to the A.es domain.
If we use (e-mail address removed) and the password (not use the smartcard) the system
connect to the B.NET domain.

So, I'm a little confising about what's happening.
Thanks,
 
Offhand I don't know what is going on either. I suggest you post in the
server.active_directory newsgroup to see if anyone there can help. ---
Steve
 
OK, thanks.



"Steven L Umbach" escribió:
Offhand I don't know what is going on either. I suggest you post in the
server.active_directory newsgroup to see if anyone there can help. ---
Steve
Click to expand...
 
Back
Top