|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
nt4 domain to W2k3 ADWe recently upgraded out nt4 domain to 2k3 AD. We upgraded the pdc and
then added new 2k3 servers, transferred fmso roles and removed the original server. I have since noticed that the 1500+ users which existed prior to the upgrade have no ad username. They only have the pre-windows2000 username. This hasn't seemed to effect anything, but I'm concerned that it may in the future. I am currently planning on upgrading the functionality level from compatibility to 2k3. Does anyone know how this user account issue effect this? Thanks in advance... This is normal, it is used for backward compatibility. You will be able to
continue forward. -- Show quoteHide quotePaul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA This posting is provided "AS IS" with no warranties, and confers no rights. "Don" <donhollis***@adelphia.net> wrote in message news:9bWdnSTyM8Dc_XPeRVn-gA@adelphia.com... > We recently upgraded out nt4 domain to 2k3 AD. We upgraded the pdc and > then added new 2k3 servers, transferred fmso roles and removed the > original server. I have since noticed that the 1500+ users which existed > prior to the upgrade have no ad username. They only have the > pre-windows2000 username. This hasn't seemed to effect anything, but I'm > concerned that it may in the future. I am currently planning on upgrading > the functionality level from compatibility to 2k3. Does anyone know how > this user account issue effect this? > > Thanks in advance... I should have noted, in order to use upn names this field will need to be
populated. -- Show quoteHide quotePaul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA This posting is provided "AS IS" with no warranties, and confers no rights. "Paul Bergson" <pberg***@allete.com> wrote in message news:%23lDb1K5LGHA.1124@TK2MSFTNGP15.phx.gbl... > This is normal, it is used for backward compatibility. You will be able > to continue forward. > > -- > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > "Don" <donhollis***@adelphia.net> wrote in message > news:9bWdnSTyM8Dc_XPeRVn-gA@adelphia.com... >> We recently upgraded out nt4 domain to 2k3 AD. We upgraded the pdc and >> then added new 2k3 servers, transferred fmso roles and removed the >> original server. I have since noticed that the 1500+ users which existed >> prior to the upgrade have no ad username. They only have the >> pre-windows2000 username. This hasn't seemed to effect anything, but I'm >> concerned that it may in the future. I am currently planning on >> upgrading the functionality level from compatibility to 2k3. Does anyone >> know how this user account issue effect this? >> >> Thanks in advance... > > Don wrote:
> We recently upgraded out nt4 domain to 2k3 AD. We upgraded the pdc and Hi,> then added new 2k3 servers, transferred fmso roles and removed the > original server. I have since noticed that the 1500+ users which existed > prior to the upgrade have no ad username. They only have the > pre-windows2000 username. This hasn't seemed to effect anything, but I'm > concerned that it may in the future. I am currently planning on upgrading > the functionality level from compatibility to 2k3. Does anyone know how > this user account issue effect this? This issue shouldn't affect upgrading the level. Every user account in AD has at least two "name" attributes. The "Pre-Windows 2000 logon name", also called the NT name, corrsponds to the sAMAccountName attribute of the user object. This is a mandatory attribute, must be unique in the domain, and is limited to 20 characters. Also, each user must have a Common Name (the value of the cn attribute), which is the "Relative Distinguished Name". It must be unique in the container/OU where the user object resides. In ADUC, the column labeled name is the Common Name. There are other "name" attributes, so one of these must be missing for your users. The userPrincipalName is generally in the form NTN***@MyDomain.com, where NTName is the sAMAccountName. In ADUC this name is on the Account tab and is called User Logon Name. I have seen the value be blank. The value must be unique in the domain. Users can logon with their userPrincipalName. On the General tab in ADUC is a field called "Display Name" (value of the displayName attribute), which was called "FullName" in NT. This can also be missing. Each user object has a distinguishedName attribute, which uniquely identifies the object in AD. This is constructed from the Common Name (cn, which is the Relative Distinguished Name) and components representing where in the heirarchy of AD the object resides (that is the Distinguished Name of the parent container). No need to worry about this. Every object in AD has it. Other "name" attributes of less importance are givenName (first name), sn (surname or last name), and initials (middle initial or name). The whole issue of the "name" of an object in AD can be confusing. Bottom line, your users must have values for cn and sAMAccountName (and distinguishedName). The others are optional. 
Other interesting topics
server in wrong site
Automatically disable expired user accounts Adding Windows Server 2003 R2 machine to existing W2k3AD How to exclude ADAM user from AD domain lockout policy?? Domain Controllers not talking to each other How to restore Domain Controllers that have been down for a long t GPO not working. CSVDE export fields ordering restore a windows 2000 domain controller Issue DHCP IP's only to computers in AD? |
|||||||||||||||||||||||
