Mark Minasi's Tech Forum
Sign up Calendar Latest Topics
 
 
 


Reply
  Author   Comment  
spam spam bacon spam

Avatar / Picture

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 24
Reply with quote  #1 
Okay, that sounds dumb, and it probably is, but hey!  That's why blondes have more fun!  Just logging in is a trek into the unknown for us!  Hahhaha.

Ahem.  Okay.  Seriously.  This has always been a "gray" area for me, and something that's been on my list of "things I want to know more about*," but I'm now working on a small project where I really need to know this better!! 

Although I'm asking some specific questions here, I'm really wanting to be more competent in this area overall.  Therefore, I'd be grateful for anything you might add to this topic.  (Even if it doesn't answer a specific question.)

I'm going to explain my current project, because it will show you where I need help.

I'm working for Dell, and going to corp client sites where I decommission their Win 7 PCs and install Win 10 PCs.  I know.  ZZZZZZZZZZzzzzzzzzzzzzzzzzzzzzz.

The current client (I'll call them "KN") has provided 4(?) different admin accounts for me to use, plus, I also get the primary user's login info.  The local admin accounts are (supposed to be) the same for all machines.

The AD domain is "usa.domain.all.kn"
(not really, but it's just like the real one)

Some actions require me to login as a local admin and some as a domain admin. 

When I'm logging in, I sometimes see "You are logging in to usa" and sometimes "You are logging in to "usa.domain.all.kn".  As I write that, I'm thinking Win 10 is displaying the full domain name, but I don't remember exactly.

If it's showing just "usa", do I need to add the full domain name, or is it going to use the full domain name, even though it's displaying only the top level portion?

Sometimes, there is no domain listed at all.  Nothing.  No hostname, either.  The username is already shown, "Administrator" and there's just a box for the password with the right arrow.

When this is the case, I'm not sure if the admin account is the local or domain one.  Is there only one it could be, and if not, is there some way to tell which it is, or do I always have to add the hostname or domain to be certain?

Sometimes, I end up having to just bang away at the keyboard until some combination of administrator name, with or without domain name, with or without hostname, and some random password works.  (I hear you shuddering [crazy])

Also, when needing to specify the domain or hostname, I've always used the DOMAIN_NAME\account_name or HOSTNAME\account_name format. 

However, some of the documents show "account_name@DOMAIN_NAME" and I've had to use that format on this project. 

I *THINK* (yeah, yeah... that's how I get in all this trouble!) this format has worked when the first format hasn't, but again, I didn't specifically confirm this.  However, my question is: is there any difference between the two formats or is it just preference?  


I've got (waaaaaaaaaaay!) more questions, but that's enough for now.  Muhahahahahaha!!

Cheers,

Spammy


* yeah, mon.... I really do have a list of things I want to learn.  Sadly, I seem to add more crap to it, than I get to check off. 

__________________
If at first you don't succeed, destroy all evidence that you tried.

0
Pieter

Avatar / Picture

Senior Member
Registered:
Posts: 247
Reply with quote  #2 
1. to logon locally on a Windows device (PC or server) use :
- username
or
- COMPUTERNAME\username
or
.\username
Username is created in the local SAM database on the computer.

2. to logon to a domain use :
- DOMAIN\username, ex. USA\YourAccount, that's the pre-windows 2000 logonname
or
- UPN, User principal name, looks like username@usa.domain.all.kn but could be anything that looks like an email address, well not everything. You can find the correct UPN and pre-windows 2000 name in AD Users and Computers.
minasi.jpg
Username is created in the AD database on the Domain Controller.

There is no much difference between the two formats. I think UPN uses the GC to look for the accoutname, but I'm not sure.  In any case on the client the Access Token will be generated and filled with the user SID and the SIDs of the groups he/she is member of, and other stuff.  The result will (and should) be the same.


 


__________________
Pieter Demeulemeester
0
spam spam bacon spam

Avatar / Picture

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 24
Reply with quote  #3 
Quote:
Originally Posted by Pieter
1. to logon locally on a Windows device (PC or server) use :
- username
or
- COMPUTERNAME\username
or
.\username
Username is created in the local SAM database on the computer.
 


Cool!  I never knew about the third method and I really appreciate you telling me about it, because it seems I always end up working for people who've created host names solely to punish whoever must type them in.   (Ask me about the "domain" (<cough>...if you could call it that...) where 'someone' was a massive fan of poisonous snakes (servers) and poisonous insects (PCs))
 
Quote:
Originally Posted by Pieter

2. to logon to a domain use :
- DOMAIN\username, ex. USA\YourAccount, that's the pre-windows 2000 logonname


Okay, that shows something that I don't understand yet...  So, I know about DOMAIN\username, but up until recently, I'd only worked on domains that had just a single "level"... without any separating periods.  (I use "levels" because that how the Internet refers to it's domain names, but I don't know what they would be called here.)

So I'm bugged out that you can type in just the "USA" in "usa.domain.all.kn" and it would work.  You just made my world tilt.  Thanks.  Now I gotta go get un-sober so things are normal again.


 
Quote:

- UPN, User principal name, looks like username@usa.domain.all.kn but could be anything that looks like an email address, well not everything. You can find the correct UPN and pre-windows 2000 name in AD Users and Computers.

Username is created in the AD database on the Domain Controller.

There is no much difference between the two formats. I think UPN uses the GC to look for the accoutname, but I'm not sure.  In any case on the client the Access Token will be generated and filled with the user SID and the SIDs of the groups he/she is member of, and other stuff.  The result will (and should) be the same.

 


Okay.  So just to make sure I understand... if I wanted to log on to the domain, I would be able to use either the USA\name or name@usa.domain.all.kn format?   

Thanks for the education!  You have no idea how much I love learning about this stuff!!

Cheers,
spams

__________________
If at first you don't succeed, destroy all evidence that you tried.

0
Pieter

Avatar / Picture

Senior Member
Registered:
Posts: 247
Reply with quote  #4 
>> So just to make sure I understand... if I wanted to log on to the domain, I would be able to use either the USA\name or name@usa.domain.all.kn format?  

That's correct.

Well, maybe I'm a little too fast. 
You can login to your domain with either the User Principal Name (AD attribute userPrincipalName) or the pre-windows 2000 Logon name (attribute sAMAccountName) preceded by the Netbios domainname. See screenshot in previous post.

I assumed that your UPN is @usa.domain.all.kn and that your Netbios domainname is USA.

see also : http://smallcitydesign.com/netbios-name/ or type "set" at the command prompt and look for the variables USERDOMAIN and USERDNSDOMAIN.


__________________
Pieter Demeulemeester
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.