I would like to authenticate users across domains using UPN instead of UNC. We have successfully achieved this requirement if one of the domains is in Windows 2000 Native Mode. However, if both domains are in Windows 2000 mixed mode the DC's treat the UPN name (user@domain.com) as one long username without any domain information. This generated a security event 529 (invalid username or password). Can anyone confirm that Windows 2000 AD has to be in Native mode to authenticate UPN across forests/domains?
This is a limitation with mixed mode. As soon as you go to native mode in all Win2K domains, you should be able to do this, but not until... HTH Ozone "Jeff" wrote: > I would like to authenticate users across domains using UPN instead of UNC. > We have successfully achieved this requirement if one of the domains is in > Windows 2000 Native Mode. However, if both domains are in Windows 2000 mixed > mode the DC's treat the UPN name (user@domain.com) as one long username > without any domain information. This generated a security event 529 (invalid > username or password). Can anyone confirm that Windows 2000 AD has to be in > Native mode to authenticate UPN across forests/domains?
