Different Pre-Windows 2000 domain and FQDC.

I have a SBS 2003 box that was originally migrated from SBS2000. i just finished install new 2012 standard server and installed AD service on it, but when i trying promote to DC, it won't do it until functional level raise to least 2003 level.
My question is following:
when user login, user uses pre-windows 2000 login name.  
For example, DC11\user but FQDC is DC1.local.  we have no DC11 exist. 
When user trying login as DC1\user, it won't able to login. even Administrator has to login as DC11\administrator not DC1\administrator. 
 When i look user properties account login name user @dc1.local and pre-Windows 2000 name DC11\ user are listed. 
if i raised to Windows 2003 function level, did user can't login? or any effect? 
Thanks

DC11 is the NetBIOS name of your domain and it can be changed using Active Directory Domain rename tools -
http://technet.microsoft.com/en-us/windowsserver/bb405948.aspx - if you don't want to use DC11 in your environment. However, this could have impact other applications like Exchange,
as Exchange doesn't support domain rename.
Another option for you would be to deploy a new Forest or domain with the names that you desire and migrate stuff - Users/Workstations/Servers/Application and get rid of old domain.
UPNs ([email protected]) is easy to change but changing NetBIOS is a complex process and needs to be done with extreme care.
- Sarvesh Goel - Enterprise Messaging Administrator

Similar Messages

  • ISE with per-windows 2000 domain

    Hi
    I am experiencing a problem with AD authentication.
    I have joined the ISE appliance to the windows AD and I can browse the groups and attributes.
    But the problem I am experincing is that the users logon to the domain using the pre-windows 2000 domain name.
    FQDN format : ab.cdef.com       - ISE is joined to this
    pre-windows 2000 name : abcd  - Users logon with this
    So wen the users authenticate I get the following error : 22056 Subject not found in the applicable identity store.
    Also tried to logon with [email protected] with no luck.
    Does someone have any suggestions?
    Thanks

    The 802.11 Mac Layer is a bit longer than the ethernet mac layer. This sometimes cause problem with domain login because they are done using UDP by default. The frame are sometime drop. To test if this is your problem, I recomand changing the MTU on the 2000server(DC) and the host to something lesser than the actuel MTU on the interface. (configure the DC and host @1300 leaving the network @1500)
    A Windows 2003 server as a default mtu of 13?? something to get around this problem. I usaully tell my users to install the cisco vpn client if they want to use domain in wireless because the installation of this client lower the MTU of every interface to 1300.
    Another path you can look into is forcing kerberos to use TCP insted of UDP. (look on MS TechNet for method)

  • User Logon Name (pre-Windows 2000) and Domain Name Don't have the same Value

    Hi
    is it possible to have User Logon Name (pre-Windows 2000) and Domain Name with different value?
    Exemple:
    domain name domain1.com
    and User Logon Name (pre-Windows 2000) Domain2\user

    If you have trust in place, then also you can use trusted domain name to login from trustee domain. Also, UPN suffix can be added.
    http://technet.microsoft.com/en-us/library/cc773178%28v=ws.10%29.aspx
    Awinish Vishwakarma - MVP
    My Blog: awinish.wordpress.com
    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

  • ACS External Windows Authentication: Pre-Windows 2000 name only works

    Hello. I have attempted to map ACS to Windows AD 2003 as an External Database. That works, but only if I authenticate using the Pre-Windows 2000 name (sometimes called the "down-level" name).
    If I use the Windows 2003 login name, I get a 529 error in the event viewer, stating the username/password is incorrect. This error appears on the Windows 2003 SP1 server running ACS.
    Curiously, if I authenticate using the down-level name, the successful event shows the same authentication package (MICROSOFT_AUTHENTICATION_PACKAGE_V1_0) and "Workstation" and "Login Process" name (CISCO).
    I cannot determine if this is an ACS or Windows problem. Any one have a clue?

    Win2003 logon name: [email protected]
    A Pre-Windows2000 name: [email protected]
    Interestingly, the down-level name will authenticate, but the "up-level" name will not.
    Here are excerpts from AUTH.log:
    Failed up-level name:
    AUTH 01/19/2006 07:52:04 I 4817 3604 Attempting authentication for Unknown User '[email protected]'
    AUTH 01/19/2006 07:52:04 I 0365 3604 External DB [NTAuthenDLL.dll]: Starting authentication for user [[email protected]]
    AUTH 01/19/2006 07:52:04 I 0365 3604 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user bob.smith
    AUTH 01/19/2006 07:52:04 E 0365 3604 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)
    AUTH 01/19/2006 07:52:04 I 0365 3604 External DB [NTAuthenDLL.dll]: Reattempting authentication at domain COMPANY
    AUTH 01/19/2006 07:52:04 I 0365 3604 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user bob.smith
    AUTH 01/19/2006 07:52:04 E 0365 3604 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)
    AUTH 01/19/2006 07:52:04 I 2124 3604 Unknown User '[email protected]' was not authenticated
    Passed down-level name:
    AUTH 01/19/2006 07:52:23 I 0365 3604 External DB [NTAuthenDLL.dll]: Starting authentication for user [[email protected]]
    AUTH 01/19/2006 07:52:23 I 0365 3604 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user bsmith
    AUTH 01/19/2006 07:52:23 I 0365 3604 External DB [NTAuthenDLL.dll]: Windows authentication SUCCESSFUL (by WINDC02)
    AUTH 01/19/2006 07:52:23 I 0365 3604 External DB [NTAuthenDLL.dll]: Obtaining RAS information for user bsmith from WINDC02

  • Information about logon name pre-windows 2000

    Hi,
    In active directory while creating users we have two fields like logon name and logon name (pre-windows 2000). In windows2008R2 server I created new user (Test user) and 1 new group. I mapped new user to the group. While creating user I have given 123456789
    for logon name field and user.test for logon name pre-windows 2000.
    But with this user while doing LDAP search user is not listing from the server and also getting error as No groups found for the new user. So can you please let me know whether we need to give same name for logon name and logon name pre-windows 2000 fields?
    If possible brief me about those fields.
    Appreciate your earlier response.
    Thanks & Regards,
    Sitaramaiah

    Hi,
    Please go through the link which will clear your doubts.
    http://technet.microsoft.com/en-in/library/cc739093%28v=ws.10%29.aspx
    Biswajeet

  • Adding mac in Windows 2000 domain

    Hello, I need add a mac OS 10.3.9 in a windows 2000 domain,
    for sharing files and printers. Is possible??
    Thanks, Diego

    Hi dbeihswingert try these documents
    http://www.wazmac.com/wazza/networking/networkpages/basic_sharing/networkintegration.html
    especially
    Macs to a Win Domain (pdf - 250k)
    Configure OSX 10.3.3 so Macs can authenticate with Active Directory, and store their home folders on a Windows 2000/3 server.
    I have found this to be a good resource.
    Cheers.

  • Joining a Windows 2000 domain

    Can I join my Sun Solaris 8 server running Samba to a Windows 2000 domain so that all the users that logon or use shares will authenticate thru the domain controllers with their Win accounts?
    I dont want to create 1500 Solaris accounts.

    there is a sun product called Sun PC Net Link that could help you
    synchronazing user accounts in Windows env. and Solaris
    you can map the accounts from one env. to the other.
    we use this product since many years and have migrate fm
    windows NT to Windows 2000 Terminal Server without major
    problems, including user maps.
    good luck ...
    [email protected]

  • EAP with Windows 2000 client and IAS server

    Several messages on this site point to peole using EAP on a Windows 2000 client and authenticating against an IAS server. I am running an Aironet 350 AP and trying to setup my Windows 2000 clients to use EAP only and authenticate against a Windows 2000 AD forest via IAS. The access point and client are on the latest firmware and drivers (12.0 for AP). I have two basic questions.
    1. It is my understanding that by enabling Network-EAP as the only authenticaiton type that users will authenticate and then dynamic WEP keys will be used, greatly reducing the risks of compromised WEP keys while at the same time keeping the data encrypted.
    2. Does anyone have a quick HOW-TO or point-by-point list of how to configure the Windows 2000 client to authentication using the Network-EAP method? I am currently running into a situation where no matter what I configure on the client, the IAS server reports and error with "Reason: The authentication type is not supported on this system." I also noticed that the "Authentication-Type" and "EAP-Type" fields shown in the IAS messages in the Windows 2000 Event Viewer log have the value "<undetermined>". Has anyone else run into this?

    I'm having a similar problem. I'm trying to do PEAP and it appears that IAS is not handling the request properly. It keeps trying to log the user PEAP-##### in instead of setting up the TLS and then asking for Username, Pass, Domain. The IAS error message I'm getting is:
    User PEAP-00097CFCD901 was denied access.
    Fully-Qualified-User-Name = APPLY\PEAP-00097CFCD901
    NAS-IP-Address = 172.16.200.31
    NAS-Identifier = AP1
    Called-Station-Identifier = 004096570d87
    Calling-Station-Identifier = 00097cfcd901
    Client-Friendly-Name = WirelessAP
    Client-IP-Address = 172.16.200.31
    NAS-Port-Type = 19
    NAS-Port = 37
    Policy-Name =
    Authentication-Type = EAP
    EAP-Type =
    Reason-Code = 8
    Reason = The specified user does not exist.
    So if anybody has the needed settings for Win2k (SP3 and 802.1x patch) IAS it would be much appreciated.
    Ben
    Note: if I had PEAP-####### as a user in Win2k I get:
    User PEAP-00097CFCD901 was denied access.
    Fully-Qualified-User-Name = apply.org/Users/PEAP TEST
    NAS-IP-Address = 172.16.200.31
    NAS-Identifier = AP1
    Called-Station-Identifier = 004096570d87
    Calling-Station-Identifier = 00097cfcd901
    Client-Friendly-Name = WirelessAP
    Client-IP-Address = 172.16.200.31
    NAS-Port-Type = 19
    NAS-Port = 37
    Policy-Name = Wireless Policy
    Authentication-Type = EAP
    EAP-Type =
    Reason-Code = 16
    Reason = There was an authentication failure because of an unknown user name or a bad password.

  • How do I get firefox to display images clearly? I've got Windows 2000 Pro and Firefox 3.6.6. Internet Explorer shows images clearly, so I'm sure I have the correct graphics driver. Do I need a plugin or add-on of some sort? When I go to "updates", it

    When I use Firefox the images and logos don't show up clearly/correctly. I'm using Windows 2000 Pro. and just installed Firefox 3.6.6. I'm sure I have the right graphics driver as I'm able to see the images and logos clearly in Internet Explorer. I only have the "default plugin 1.0.0.15" installed. I'm thinking that I'm missing a plugin or add-on of some sort, but I'm not sure which one(s). When I go to "updates" it says there were no updates available. When I go to "Add-ons" it gives a list of Add-ons but I'm not sure which would help my issue. Any help would be appreciated.:)
    == This happened ==
    Every time Firefox opened
    == I decided to Download and Use Firefox on this computer. I was using IE before, and it works fine. ==
    == User Agent ==
    Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4

    Firefox works fine on Windows 2000 SP4 for me.
    Any chance you have a dial-up connection that uses a web accelerator to speed the loading of content?

  • Installing Oracle8i (EE) and Oracle9iAS (EE) on different machines (Windows 2000)

    Hi, All:
    Greetings! We are new to Oracle9iAS and we need your help.
    We want to try all of the Oracle9iAS components for our Oracle8i (8.1.7) data warehouse, so we use two Windows 2000 server machines to do the test. One is for the Oracle8i database (8.1.7) and another is for the Oracle9iAS. However, we have not found the installation guide on the Oracle sites for installing Oracle8i (EE) and Oracle9iAS (EE) on different machines. We have no problem installing the Oracle8i (EE). Our questions are:
    1. Is there any installation guide for installing Oracle8i (EE) and Oracle9iAS (EE) on different machines (Windows NT/2000)?
    2. Should we follow the steps in the Oracle9i Application Server Installation Guide for Windows NT/2000?
    3. Is there anything or tips for the installation we should know?
    Please help us if you know anything about the installation. Thanks for your time and kindness!
    Rong Bi
    [email protected]

    Hello,
    You can install oracle databaes and oracle 9ias on seperate machines which will have less problems indeed.
    All the documentation you get in technet is the latest !!!
    It is better you have 1.0.2.2 which is the latest release for Oracle 9IAS.
    The steps to install Oracle 9IAS in brief are as follows !!!
    > Install 8i database (which is not necessary in your case), but notedown the hostname, port, sid etc
    > Install 9IAS which requires the info of database which you have noted in step 1
    Follow the Installation documentation provided with Oracle 9IAS 1.0.2.2 which has screen shots !!!
    Also in technet a new folder 'Oracle9i by Example: Tutorial' has been added which has installation instructions !!!
    Hope this helps !!!
    A.Kishore

  • Windows 2000 Server, and 2TB volume

    Hey there.
    So we recently racked a 7TB Xserve RAID, and plugged it into our Cisco FC switch, and Windows isn't playing nice.
    I have a 2.2TB RAID5 volume that I have made available to this Windows 2000 Server (SP4) which Disk Management sees, but says in "unreadable". If I split the volume into two LUNs, it sees both 1.1TB volumes just fine.
    Is there a 2TB upper limit to Windows 2000, or is there some cocktail of patches I need to install? I'd rather not have to split the LUNs just do use dynamic disks to make a continuous volume on the server...
    Oh, and the volume shows up just fine to the OS X 10.3.9 server which is also plugged into the FC switch...
    Oh, and a side question - is there a way to force Mac OS X 10.3.9 server to rescan the SCSI bus (Fiber Channel fabric) for disks without rebooting? I find it annoying to have to call up users and tell them to save / logout when I just want to bring a new disk online...

    Then I'd recommend 2003 SP 1
    Note, if you do have to slice and then re-assemble the volumes on your 2K server, be sure to do concatenated sets, NOT striped sets, from within Disk Administrator. If you stripe slices on the same RAID set, you're going to cause TONS of extra head seeking, as it tries to read from stripes on different sections of the SAME disk. There will be no performance penalty with concatenated slices, because it will always be reading off all 7 spindles.

  • WIndows 2000 Workstation and OS 10.4.4 networking

    How do I set up networking between my G5 local network and a Windows 2000 Workstation network? I seem to be stopped by the Mac local network being on a different subnet mask than the Windows network. There is an ethernet switch controlling the Windows net (Netgear GS-116) and a GS-108 controlling the Mac network. How do I change the Mac subnet address, if I need to?
    Thanks,
    rtucker
    G5 DUal 2 GHz   Mac OS X (10.4.4)   Windows 2000 Workstation
    G5 DUal 2 GHz   Mac OS X (10.4.4)   Windows 2000 Workstation

    Hi Stu,
    Have you tried logging into the Mac from the PC with the Mac's Username & the Mac's Password?

  • JAAS - Kerberos - windows 2000 domain - groups

    I need to find out if a user is in 2 different groups. If they are in group a, I display results a.m. If they are in group b, I display results b.n. If they are in a and b, then I display a.m union b.n. Any ideas?
    I am validating the user through kerberos already. Windows NT domain says they are valid if correct username/domain/password are enterted. Now I need to find out if they are part of a group on a domain. Any ideas? Am I making sense. Mail me at perry2of5 at yahoo.com if you need clarification or have ideas and don't want to post here.
    I suspect i need to use the subject from the original login and ask for access to the group, but I don't know how to do this. Help!

    I've a very simular problem (maybe even simpler).
    My webapp (Struts) is running on a Tomcat and the user login has to be proofen against a Win2000 active directory server. If login is successfull I'll need the users roles from the W2k ADS. That's it.
    What I know till know:
    - authentication uses Kerberos
    - communication with ADS uses LDAP
    Has anybody an easy solution (example). I've already read all the JAAS stuff from Sun, but I'm still not sure how to implement it.
    Thx, Chrise

  • Windows 2000 server and j2sdkee1.3.1_01

    Hi,
    Hope this isn't redundant. I couldn't find any reference to this error.
    I just did a fresh install of J2EE 1.3.1_01 on Win2K server. When I try to start the J2EE server for the first time after a reboot (and all subsequent attempts) I get the following error:
    J2EE server listen port: 1050
    java.lang.RuntimeException: Could not initialize j2ee server. Possible cause cou
    ld be another instance of the server already running.
    at com.sun.enterprise.iiop.POAProtocolMgr.initializeNaming(POAProtocolMg
    r.java:134)
    at com.sun.enterprise.server.J2EEServer.run(J2EEServer.java:222)
    at com.sun.enterprise.server.J2EEServer.main(J2EEServer.java:913)
    java.lang.RuntimeException: Could not initialize j2ee server. Possible cause cou
    ld be another instance of the server already running.
    at com.sun.enterprise.iiop.POAProtocolMgr.initializeNaming(POAProtocolMg
    r.java:134)
    at com.sun.enterprise.server.J2EEServer.run(J2EEServer.java:222)
    at com.sun.enterprise.server.J2EEServer.main(J2EEServer.java:913)
    java.lang.RuntimeException: Could not initialize j2ee server. Possible cause cou
    ld be another instance of the server already running.
    at com.sun.enterprise.server.J2EEServer.run(J2EEServer.java:350)
    at com.sun.enterprise.server.J2EEServer.main(J2EEServer.java:913)
    J2EE server reported the following error: Could not initialize j2ee server. Poss
    ible cause could be another instance of the server already running.
    Error executing J2EE server ...
    attempts to stop the server result in this:
    javax.naming.CommunicationException: Can't find SerialContextProvider
    at com.sun.enterprise.naming.SerialContext.getProvider(SerialContext.jav
    a:66)
    at com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:154
    at javax.naming.InitialContext.lookup(InitialContext.java:350)
    at com.sun.enterprise.util.Utility.lookupObject(Utility.java:122)
    at com.sun.enterprise.server.J2EEServer.shutdown(J2EEServer.java:788)
    at com.sun.enterprise.server.J2EEServer.main(J2EEServer.java:876)
    javax.naming.CommunicationException: Can't find SerialContextProvider
    at com.sun.enterprise.naming.SerialContext.getProvider(SerialContext.jav
    a:66)
    at com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:154
    at javax.naming.InitialContext.lookup(InitialContext.java:350)
    at com.sun.enterprise.util.Utility.lookupObject(Utility.java:122)
    at com.sun.enterprise.server.J2EEServer.shutdown(J2EEServer.java:788)
    at com.sun.enterprise.server.J2EEServer.main(J2EEServer.java:876)
    Unable to shutdown the J2EE server.
    Does anyone have any suggestions, aside from changing my OS :-)
    Regards,
    jpkara

    Hi,
    Hope this isn't redundant. I couldn't find any
    reference to this error.
    I just did a fresh install of J2EE 1.3.1_01 on Win2K
    server. When I try to start the J2EE server for the
    first time after a reboot (and all subsequent
    attempts) I get the following error:
    J2EE server listen port: 1050
    java.lang.RuntimeException: Could not initialize j2ee
    server. Possible cause cou
    ld be another instance of the server already running.
    at
    at
    at
    t
    com.sun.enterprise.iiop.POAProtocolMgr.initializeNaming
    POAProtocolMg
    r.java:134)
    at
    at
    at
    t
    com.sun.enterprise.server.J2EEServer.run(J2EEServer.jav
    :222)
    at
    at
    at
    t
    com.sun.enterprise.server.J2EEServer.main(J2EEServer.ja
    a:913)
    java.lang.RuntimeException: Could not initialize j2ee
    server. Possible cause cou
    ld be another instance of the server already running.
    at
    at
    at
    t
    com.sun.enterprise.iiop.POAProtocolMgr.initializeNaming
    POAProtocolMg
    r.java:134)
    at
    at
    at
    t
    com.sun.enterprise.server.J2EEServer.run(J2EEServer.jav
    :222)
    at
    at
    at
    t
    com.sun.enterprise.server.J2EEServer.main(J2EEServer.ja
    a:913)
    java.lang.RuntimeException: Could not initialize j2ee
    server. Possible cause cou
    ld be another instance of the server already running.
    at
    at
    at
    t
    com.sun.enterprise.server.J2EEServer.run(J2EEServer.jav
    :350)
    at
    at
    at
    t
    com.sun.enterprise.server.J2EEServer.main(J2EEServer.ja
    a:913)
    J2EE server reported the following error: Could not
    initialize j2ee server. Poss
    ible cause could be another instance of the server
    already running.
    Error executing J2EE server ...
    attempts to stop the server result in this:
    javax.naming.CommunicationException: Can't find
    SerialContextProvider
    at
    at
    at
    t
    com.sun.enterprise.naming.SerialContext.getProvider(Ser
    alContext.jav
    a:66)
    at
    at
    at
    t
    com.sun.enterprise.naming.SerialContext.lookup(SerialCo
    text.java:154
    at
    at
    at
    t
    javax.naming.InitialContext.lookup(InitialContext.java:
    50)
    at
    at
    at
    t
    com.sun.enterprise.util.Utility.lookupObject(Utility.ja
    a:122)
    at
    at
    at
    t
    com.sun.enterprise.server.J2EEServer.shutdown(J2EEServe
    .java:788)
    at
    at
    at
    t
    com.sun.enterprise.server.J2EEServer.main(J2EEServer.ja
    a:876)
    javax.naming.CommunicationException: Can't find
    SerialContextProvider
    at
    at
    at
    t
    com.sun.enterprise.naming.SerialContext.getProvider(Ser
    alContext.jav
    a:66)
    at
    at
    at
    t
    com.sun.enterprise.naming.SerialContext.lookup(SerialCo
    text.java:154
    at
    at
    at
    t
    javax.naming.InitialContext.lookup(InitialContext.java:
    50)
    at
    at
    at
    t
    com.sun.enterprise.util.Utility.lookupObject(Utility.ja
    a:122)
    at
    at
    at
    t
    com.sun.enterprise.server.J2EEServer.shutdown(J2EEServe
    .java:788)
    at
    at
    at
    t
    com.sun.enterprise.server.J2EEServer.main(J2EEServer.ja
    a:876)
    Unable to shutdown the J2EE server.
    Does anyone have any suggestions, aside from changing
    my OS :-)
    Regards,
    jpkara
    Try changing the port 1050 to another values .The corresponding config file is org.properties. It worked for me on windows 2000( Apparently, some service is using 1050 by default)

  • BOXI R2 SP4 on Windows 2000 SP4 and Internet Explorer 6 Service Pack 2

    Hi
    I have a customer that has BOXI R2 SP4 installed on Windows 2000 SP4.  He is aware that Internet Explorer 6 Service Pack 1 is not supported for BOXI R2 SP4 but he is not able to find I.E SP2 for Windows 2000 SP4.  What can he do as he is experiencing some inconsistencies in Webintelligence?
    I have suggested already to:
    downgrade BOXI R2 to SP3 and use the line 3 of code as this supports I.E. SP1
    upgrade the O/S to XP and use BOXI R2 SP4 and I.E. SP2
    Thank you in advance.
    Regards,
    Federica

    I don't see any reason to downgrade BOXi R2 to SP3.
    While Microsoft will continue to support Windows 2000 till 2010, BO advises recommends that customers be on the latest SP. In your customer's case, this will not be possible. Also tech support will require one to be on the latest SP before they will troubleshoot any issues. ADAPT resolution also requires on to be on the latest SP.
    I think it prudent to upgrade the OS (on the clients) to XP.

Maybe you are looking for