Force unique usernames in a forest??

G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Is it possible to force unique usernames in the forest versus in each child
domain?

I have an application server that only authenticates based on username but
authenticates against each domain controller (using LDAP). So, if
csmith@domain1.com signs in, he could actually get the same permissions as
csmith@domain2.com, since the username "csmith" was correctly identified.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

1. Fix that app
2. No you can't enforce uniqueness through native mechanisms. You would need to
disable everyone's ability to create/modify user objects and have them go
through some enterprise management tool, either off the shelf or custom made.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Neelixx wrote:
> Is it possible to force unique usernames in the forest versus in each child
> domain?
>
> I have an application server that only authenticates based on username but
> authenticates against each domain controller (using LDAP). So, if
> csmith@domain1.com signs in, he could actually get the same permissions as
> csmith@domain2.com, since the username "csmith" was correctly identified.