You're reading from Active Directory Administration Cookbook, Second Edition Proven solutions to everyday identity and authentication challenges for both on-premises and the cloud

Product type Paperback

Published in Jul 2022

Publisher Packt

ISBN-13 9781803242507

Length 696 pages

Edition 2nd Edition

Languages

PowerShell

Tools

Azure

Concepts

Identity Management

Author (1):

Sander Berkouwer

View More author details

Table of Contents (18) Chapters

Preface

1. Chapter 1: Optimizing Forests, Domains, and Trusts

2. Chapter 2: Managing Domain Controllers FREE CHAPTER

3. Chapter 3: Managing Active Directory Roles and Features

4. Chapter 4: Managing Containers and Organizational Units

5. Chapter 5: Managing Active Directory Sites and Troubleshooting Replication

6. Chapter 6: Managing Active Directory Users

7. Chapter 7: Managing Active Directory Groups

8. Chapter 8: Managing Active Directory Computers

9. Chapter 9: Managing DNS

10. Chapter 10: Getting the Most Out of Group Policy

11. Chapter 11: Securing Active Directory

12. Chapter 12: Managing Certificates

13. Chapter 13: Managing Federation

14. Chapter 14: Handling Authentication in a Hybrid World (AD FS, PHS, PTA, and DSSO)

15. Chapter 15: Handling Synchronization in a Hybrid World (Azure AD Connect)

16. Chapter 16: Hardening Azure AD

17. Other Books You May Enjoy

Managing UPN suffixes

In Active Directory, users and services can sign in using their pre-Windows 2000 logon name (the value of the sAMAccountName attribute) or their Kerberos user principal name (the value of the userPrincipalName attribute). As Kerberos relies heavily on DNS, the user principal name features a userPrincipalName suffix, in the form of a DNS domain name.

These userPrincipalName suffixes can be added to the list of available UPN suffixes for each Active Directory forest.

By default, this list already contains the DNS domain names of the Active Directory domains in the forest.

UPN suffixes in on-premises Active Directory environments do not need to be publicly routable. Only if you intend to use them with federation and/or hybrid identity do they then need to be. In many organizations, a cloud journey begins with changing the UPN suffix on all the user objects that need to be cloud-enabled to a publicly routable UPN suffix. Some organizations have adopted .local...