avoid dublicate username across domains

M

Masoud

In senario of multiple domain environments and one
Exchange organization, how to maintain unique user
account across domains.
This is because when creating an account on one domain
and enable mailbox for it, if the same user account
existed on deferent domain it will create strange SMTP
alias obviously to avoid duplication.
How to enable administrator to avoid creating user with
alias already created on other domains.
 
A

Ace Fekay [MVP]

In
Masoud said:
In senario of multiple domain environments and one
Exchange organization, how to maintain unique user
account across domains.
This is because when creating an account on one domain
and enable mailbox for it, if the same user account
existed on deferent domain it will create strange SMTP
alias obviously to avoid duplication.
How to enable administrator to avoid creating user with
alias already created on other domains.
Click to expand...

That would probably be up to the administrators to coorelate efforts and
have some sort of policy in place defining how to handle duplicate users.

Are duplicate accounts always being created in different domains? Are they
for the same user or they are actually different users? Do you have a large
infrastructure?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
B

Brian Desmond [MVP]

MOM2005 does have a slick report to tlel you this, but, that doesn't really
help in the interim. I'd look into some sort of enterprise provisioning
system to handle account creation and have it generate the username.

--
--
Brian Desmond
Windows Server MVP
(e-mail address removed)12.il.us

Http://www.briandesmond.com
 
M

Masoud

Hi,

the duplicate aliases are meant for different users. On
my case I'm talking about larg organization senario,
where you can easly find people with identical first and
last name. So, if you have user account "Johnf" in domain
A and you want to create a new user account for a new
employee "John Flanagan" with alias "Johnf" in domain B.
What it the mechansim that enables you to avoid creating
user account if it is already exited on another domain of
the same forest?

Regards,
 
A

Ace Fekay [MVP]

In
Masoud said:
Hi,

the duplicate aliases are meant for different users. On
my case I'm talking about larg organization senario,
where you can easly find people with identical first and
last name. So, if you have user account "Johnf" in domain
A and you want to create a new user account for a new
employee "John Flanagan" with alias "Johnf" in domain B.
What it the mechansim that enables you to avoid creating
user account if it is already exited on another domain of
the same forest?

Regards,
Click to expand...

I see. For the UPN, that would be checked, but for the Pre-Windows 2000
Logon Name (as you refere to the Alias), that is checked by domain that
you're creating this in only, and not across the infrastructure. Assumingly
too, when a person with a "dupe" Pre-Windows 2000 Logon Name tries to logon
on a different domain where the dupe account exists, they won't be able to
due to a wrong password. Hopefully at least users are trained enough to know
what domain to log on to.

That MOM tool Brian mentioned is a pretty slick tool. Otherwise, as he
mentioned, I'm not sure of what 3rd party tools will accomplish this for you

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
J

Joe Richards [MVP]

You need to set up a provisioning system that handles all of that logic for you,
there is nothing in the native OS to prevent this because samaccountnames only
need to be unique per domain.

My recommendation is to disallow people (except your 2-3 forest/domain admins)
from having any rights to create users and make everyone do it through a web
site you create with the proper business rules.

joe
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to maintain unique aliases across multiple domains? 3
tool for adding multiple accounts across multiple domains 3
Migrating Multiple Account Domains into Single Active Directory Domain 1
Secure Remoting Across Domains/Workgroups 1
NT 4 Domain upgrade to Win2000 AD with BIND DNS 3
DSN ODBC Issues Across Domains 0
Can I have multiple domains on one machine? 3
Outlook 2003 sending via exchange instead of pop3 7

Top