User machine without domain require domain\username authentication.

Hi,
When I try to connect in lync 2013 with machine unjoined domain the "domain\username" is required, however in another organization it´s not required. How can I set this?
Thanks.
Diego Riera | Linkedin |
Twitter |
diegoriera.wordpress.com
Por favor, lembre-se de clicar em "Marcar como Resposta" no post que o ajuda, e clique em "Desmarcar como resposta" se um post marcado na verdade não responder a sua pergunta. Isto pode ser benéfico para outros membros da comunidade. Esta
postagem é fornecida, sem garantias e sem direitos.

Diego,
if you set the users' UPN to match that of your SIP domain (sign-in name), then AD username should not be required. Check
http://support.microsoft.com/kb/243629
http://blog.schertz.name/2012/08/understanding-active-directory-naming-formats/
Alessio Giombini | Microsoft Solutions Architect | Twitter: @AlessioGiombini
Lync 2013 Detailed Design Calculator: try it at http://goo.gl/jU1hZR

Similar Messages

Crawl Log. User Profile path Domain/username instead of Domain\Username

We have a SharePoint 2013 Installation RTM with March 2013 CU installed.
During Profile, MySite Setup we found an interesting Issue. In the SPS3://mysite crawl log, the URL of the crawled Content is
http://MySite/Person.aspx?accountname=contoso/johndoe. As you can see, the Syntax for the Domain Name is wrong. If you click on this URL, the error is User can not be found.
So what is going on wrong in here?
Any idea?

This also shows in my crawl log like this. It has nothing to do with whether it was successful or not (shows like this for success or failure).
Normally, any crawl errors will have nothing to do with the site, but something about the properties or the UPS not working. No reason to navigate to the site itself. Why do you need to click on the link?
Chris Givens CEO, Architecting Connected Systems
Blog Twitter

Reporting Services - Content Manager shows all reports for all domain users even without permissions

I have installed
reporting services 2008 in: Site
Settings option / Security only 3 users
have added:
BUILTIN \ Administrators
System Manager
MYDOMAIN \ user1
System Manager, System User
MYDOMAIN \ user2
System Manager, System User
I have the same settings in the "start
up" folder and inside the folder
where are my reports, however if I authenticate
any user with different domain
to user1 and user2 can see all content
of the report manager can even
manage it.
Help me, greetings
Jenny

however if I
authenticate any user with
different domain to user1 and user2 can see
all content of the report manager can
even manage it.
Hello,
Did you means that other domain user account (Other-Domain\user3) can access reports on the Report Manager without grant any permission? As per my understanding, it is not possible. SQL Server Reporting Services uses Windows Authentication
defaultly to determine who can perform operations and access items on a report server.
Based on your description, you grant the local Administrators group and two domain users with system-level role: System Administrator.  System-level role assignments grant access to global tasks and permissions that apply to a report
server site, That's may cause the user can access and manage all contents on the Report Manager.
If you want to set permissions for accessing conntents on Report Manager, you can just specify itme-level role assignments.For example, if you grant user with Browser role on a report, the user can view report and report properties, but cannot edit
report properties.
Reference:
Lesson 1: Setting System-Level Permissions on a Report Server
Lesson 2: Setting Item-Level Permissions on a Report Server
Regards,
Fanny Liu
Fanny Liu
TechNet Community Support

Windows 2012 R2 - NPS in resource forest won't auteticate users in the user forest by UPN, only by DOMAIN\username

Hi there
I have recently setup a windows 2012 R2 NPS server (for WIFI auth) in our resource forest to replace an aging 2003 RADIUS server.
The problem I am having is users logging in with their UPNs.
To give some background our user forest and domains look like company.local and a few child domains department.company.local etc.
Our resource domain is companyresources.com
As we use office 365 we had to add UPNs to our users called company.com and set them.
The NPS cannot authenticate users when they use their [email protected] UPN.
From logs
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: NULL SID
Account Name: [email protected]
Account Domain: -
Fully Qualified Account Name: -
Followed by event ID 4402
There is no domain controller available for domain DOMAIN.
I believe its cannot translate the Account name into an Account domain when using the UPN we need for office 365 ([email protected]).
If I set a test user to a UPN of [email protected] it does (however we cannot do this because it will affect our office 365 users)
Network Policy Server granted access to a user.
User:
Security ID: DOMAIN\user1
Account Name: [email protected]
Account Domain: DOMAIN
Fully Qualified Account Name: DOMAIN\user1
or if I use DOMAIN\username
Network Policy Server granted full access to a user because the host met the defined health policy.
User:
Security ID: DOMAIN\user1
Account Name: DOMAIN\user1
Account Domain: DOMAIN
Fully Qualified Account Name: DOMAIN\user1
Is there any way I can get my UPN authentication working form the resource domain s I would prefer my users logging into WiFi with their UPNs as we have moved away from the DOMAIN\username method.
Thanks

Hi,
According to your description, my understanding is that client using UPN can’t be authenticated by NPS server, event ID 4402.
In general, when NPS is configured as a RADIUS server with the default connection request policy, NPS processes connection requests for the domain in which the NPS server is a member and for trusted domains.
You may try to use realm names configured in connection request policies to ensure that connection requests are routed from RADIUS clients to RADIUS servers that can authenticate and authorize the connection request.
You may reference the link below for detailed information:
Realm Names
https://technet.microsoft.com/en-us/library/cc731342(v=ws.10).aspx
Using Pattern-Matching Syntax in NPS
https://technet.microsoft.com/en-us/library/dd197583%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

How to Use 'uid' for AD Users Without Domain Name For User Log in OAM

How to Use 'uid' for synchronized Active Directory (AD) Users into Oracle Internet Directory (OID) Without Domain Name For User Logins in OIDDAS and OAM
We successfully integrated OAM 11g with EBS R12.1.3 Now all the AD user id's stored in fnd_users table as [email protected]
How can we remove @abc.com
We are using OID 11g and OAM 11g
Found the similar note for OID 10G: How to Use 'uid' for AD Users Without Domain Name For User Logins in OIDDAS and SSO [ID 580480.1]
We are in OID 11g.
Any help on this greatly appreciated.

I couldn't find any reference that could be helpful -- Please log a SR and see if this is supported and if the steps are available.
Thanks,
Hussein

Cannot delegate Reporting Services Web access to domain user / group, User does not have required permissions

Hi
I have an SCCM 2012 SP1 CU3 installation on a Server 2008 R2 + SQL 2008 R2.
I'm having trouble delegating Reporting Services Web Access to a standard domain user.
I have followed the instructions from these blogs:
http://blog.coretech.dk/kea/creating-the-reporting-user-role-in-configmgr-2012/
http://www.wolffhaven45.com/blog/sccm/assigning-users-to-configmgr-reportusers-group-in-sccm-2012/
No matter how I try, I cannot get the reports to show for a standard domain user. In the console no reports are showing and in the web access I get
"User domain\user does not have required permissions........"
The only thing that is consistenly working when I test is to put the AD Group on the Security Role "Full Administrator".
Then everything will show up.
Any ideas on how to troubleshoot this?

Thanks everyone for helping me with tips. I have now solved the problem. It was the permissions from SCCM that did not replicate to the Reporting Server.
In srsrp.log I got these error messages:
Could not retrieve the reporting service name for instance 'MSSQLSERVER'
Invalid class
Could not stop the reporting serviceAfter googling a litte I found these 2 sites with similiar problems:http://social.technet.microsoft.com/Forums/en-US/d4a7f93a-506f-4e3f-b5fc-bd2b087277da/ssrs-permissions-do-not-add?forum=configmanagergeneral
http://www.microtom.net/microsoft-system-center/software-distribution/sccm-2012-reporting-services-do-not-install
So I ran the command for SQL 2008 R2: mofcomp.exe C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqlmgmproviderxpsp2up.mof
and BAAM, everything started to work =)
/ALX

"The permissions granted to user 'domain\username' are insufficient for performing this operation. (rsAccessDenied)

HI,
I am working on SharePoint 2013 and using Report Viewer webpart (imported from RSWebpart.cab file from SQL server 2008 R2) for showing SSRS reports. I have added Report Viewer webpart in page and done all configuration related to it like set Report
Manager Url and Report Path in the webpart properties. But when i browse that page it is giving the below error -
The permissions granted to user 'domain\username' are insufficient for performing this operation. (rsAccessDenied)"
But when i run IE as 'Run as Administrator' and open the same page which contains the Report Viewer webpart, now i am able to view the report on the page and the error gone away.
I am not sure what is happening here, what can be the reason for such unpredicable behaviour and what can be the work around for this. Every user can't open the IE in 'Run as Administrator' mode. So what can be the possible solution for this.
Thanks in advance for the help!

Solved. In IE I went to the RS Home page, selected Detail View, put a check in front of every folder, went to Folder Settings and then added my domain user as a Browser in New Role Assignment. Reports work fine now.
André

Cannot join Server 2012 machine to domain

I am trying to join a clean Server 2012 machine configured with Active Directory Domain Services and DNS features enabled to a domain (alekatest.com) which I have purchased. The Active Directory Domain Services option in Server Manager advises me that
the server requires promotion to a Domain Controller, but if I select "Add a domain controller to an existing domain" and enter "alekatest.com", and supply Domain Admin credentials I get a message "Encountered an error contacting
domain alekatest.com. The server is not operational". The DNS server has address 10.0.0.2.
When I try and change from workgroup to new domain alekatest.com, it fails with the message "No records found for given DNS query. The query was for the SRV record for _ldap._tcp.dc._msdcs.alekatest.com". The server is connected by Ethernet to
a wireless router in a home network.
The ipconfig/all data from the server is:
Windows IP Configuration
   Host Name . . . . . . . . . . . . : SERVER2012
   Primary Dns Suffix . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet:
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Intel(R) 82567LM-3 Gigabit Network Connecti
   Physical Address. . . . . . . . . : 00-26-B9-82-D5-76
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.0.138
   DNS Servers . . . . . . . . . . . : 10.0.0.2
   NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:386b:2023:f5ff:fffd(Prefer
   Link-local IPv6 Address . . . . . : fe80::386b:2023:f5ff:fffd%14(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 335544320
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-FC-79-E8-00-26-B9-82-D5-76
   NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{6945E26E-B530-4271-8CF1-AD4BC13AF147}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Reusable ISATAP Interface {74B5ED96-D12C-413B-9ED4-5B6270328AE0}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Reusable ISATAP Interface {A9E91CEE-5350-4ACA-934D-D2AA5188B694}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
I can ping alekatest.com from the server:
Pinging alekatest.com [203.170.87.12] with 32 bytes of data:
Reply from 203.170.87.12: bytes=32 time=86ms TTL=50
Reply from 203.170.87.12: bytes=32 time=109ms TTL=50
Reply from 203.170.87.12: bytes=32 time=106ms TTL=50
Reply from 203.170.87.12: bytes=32 time=81ms TTL=50
and nslookup alekatest.com returns
Server: UnKnown
Address: 10.0.0.2
Non-authoritative answer:
Name:    alekatest.com
Address: 203.170.87.12
if I try to return srv records from alekatest.com as follows, no records are returned
PS C:\Users\Administrator> nslookup
Default Server: UnKnown
Address: 10.0.0.2
> set q=srv
> _ldap._tcp.dc._msdcs.alekatest.com
Server: UnKnown
Address: 10.0.0.2
_ldap._tcp.dc._msdcs.alekatest.com
        primary name server = ns1.crazydomains.com
        responsible mail addr = dns.crazydomains.com
        serial = 2010010101
        refresh = 7200 (2 hours)
        retry   = 120 (2 mins)
        expire = 1209600 (14 days)
        default TTL = 3600 (1 hour)
In order to add an srv record I would appear to need to access the server ns1.crazydomains.com, which I doubt is possible.
Any help would be much appreciated

You're confusing DNS Domains and Active Directory Domains. While there are similarities the two are and do completely different things.
A DNS domain, in your case alekatest.com hosted by crazydomains.com is used to direct people to resources, for instance on the internet, to get to things like your website, email etc. It's not specific to Windows, and generally speaking after purchasing
it from a 3rd party you control what the DNS records are through that 3rd party.
An Active Directory domain is what you're referring to when you talk about joining a machine to a domain, setting up users on a domain, controlling access to resources on your network etc. This doesn't require you to purchase a domain from a 3rd party, and
could potentially be called anything you like.
So, in terms of your AD server, assuming you don't already have an AD domain configured on another AD controller on the network, when you do the setup you'll need to select the option to create a new domain. You could then set it to use alekatest.com, but
that isn't recommended as you can get into all kinds of issues with your local and public DNS records conflicting, so unless you know what you're doing and why you're doing it I'd suggest avoiding that. A better idea would be to set the AD domain to something
like alekatest.local. That would then become the local domain, so for instance your users would login as akekatest\<username> on the domain, and your local machines can then be joined to that domain.
Once all that is done, if you did need to have local records for alekatest.com pointing to local resources, there's nothing stopping you from adding that zone into DNS Manager on the AD server and configuring the records accordingly, however be aware that
once you did that your server would assume that it has all the records for the domain. So if you had a website configured on
www.alekatest.com and had the DNS records for that pointing to your website hosted somewhere else via your domain provider, if you didn't re-create that same record on your local copy of the domain then you'll be unable
to reach that website from your local network (since your users will be trying to find it locally rather than on the internet).
Hope that makes sense.

Why do my firewalls only use the domain username and password for login and enable passwords, not a different enable password like my switches do? The RADIUS config looks the same...

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Issue:
Cisco firewalls require only one level of password i.e. the domain username and password are used for both logging in as well as reaching global configuration mode.
Background:
We have multiple Cisco network devices set up which authenticate to our Windows domain controller using NPS (Windows 2008 R2). The switches we have set up all function exactly as we would hope as they require your domain username and password to login to the device. They then require a separate password when you use the enable command, this is stored in Active Directory:
Switches:
Username:domain-username
Password:domain-password
SWITCH>enable
Password:enable-password-in-Active-Directory
SWITCH#
Firewalls (as they currently are):
Username:domain-username
Password:domain-password
FIREWALL>enable
Password:domain-password
FIREWALL #
With the firewalls however, they require your domain username and password first, and then your domain password again when using the enable command. I want the firewalls to use the enable level password that the switches currently use instead of the domain password again. The current configuration look like the following:
Current switch configuration:
aaa new-model
aaa authentication login default group radius local
aaa authentication enable default group radius enable
aaa authorization exec default group radius local
aaa session-id common
radius-server host 192.168.0.1 auth-port 1645 acct-port 1646
radius-server source-ports 1645-1646
radius-server key 7 1234abcd
Current firewall configuration:
aaa-server DC01 protocol radius
aaa-server DC01 (outside) host 192.168.0.1
aaa authentication ssh console DC01 LOCAL
aaa authentication enable console DC01 LOCAL
key 1234abcd
Any help would be great, thanks!

Cisco ASA works that way by design. You could remove "aaa authentication enable" and then you could use the "enable password" command to set your enable password.
But if you do that, then ASA would change your username to "enable_15". That would break Authorization and Accounting if you're using them. Let me clarify with an example
Firewalls :
Username:domain-username
Password:domain-password
FIREWALL>show curpriv
Username : domain-username
Current privilege level : 1
Current Mode/s : P_UNPR
FIREWALL>enable
Password:enable-password-from-running-config
FIREWALL #show curpriv
Username : enable_15
Current privilege level : 15
Current Mode/s : P_PRIV
If you're using Authorization and Accounting it's recommended to stick with your current behavior.

Admin Console - Admin user requires valid username and password

I am running FMIS4.5 on CentOS5.5
FMIS is running and I can connect via Flash Media Encoder.
Web displays and admin console :1111 gives xml output, however
When using the user & password in my xml files to login (testing with ping), I get the "Admin user requires valid username and password" error.
conf/fms.ini:
# fms.ini contains substitution variables for Flash Media Server          #
# configuration files. Lines beginning with '#' are considered comments. #
# A substitution variable is in the form <name>=<value>. Everything up to #
# the first '=' is considered the name of the substitution variable, and #
# everything after the first '=' is considered the substitution value. If #
# you want a substitution variable to have leading or trailing spaces,    #
# enclose the value around double quotes. For example, foo=" bar "        #
# This section contains configurable parameters in Server.xml #
# Username for server admin
# For example:
#    SERVER.ADMIN_USERNAME = foo
SERVER.ADMIN_USERNAME = Admin
SERVER.ADMIN_PASSWORD = str34m1ng
# IP address and port Flash Media Admin Server should listen on
# For example:
#    SERVER.ADMINSERVER_HOSTPORT = :1111
SERVER.ADMINSERVER_HOSTPORT = :1111
# User id in which to run the process (Linux Only)
# For example:
#    SERVER.PROCESS_UID = 500
SERVER.PROCESS_UID = 500
# Group id in which to run the process (Linux Only)
# For example:
#    SERVER.PROCESS_GID = 500
SERVER.PROCESS_GID = 500
# License key for Flash Media Server
# For example:
#    SERVER.LICENSEINFO = XXXX-XXXX-XXXX-XXXX-XXXX-XXXX
SERVER.LICENSEINFO = #SORRY YOU DON'T GET TO SEE THIS#
# LIVE_DIR denotes the full path of sample "Live" application's
# folder for storing any live stream recorded by server.
# For example:
#    LIVE_DIR = <FMS_Installation_Dir>\applications\live
LIVE_DIR = /opt/adobe/fms/applications/live
# VOD_COMMON_DIR denotes the full path of sample "VOD" application's
# folder for storing onDemand and Progressive Download .flv/.mp3 files.
# File stored in this folder can be streamed and are also PD-able.
# Note : If you are using the default installation of Apache as a webserver,
# and if you modify VOD_COMMON_DIR, please change the document root
# accordingly in httpd.conf.
# For example:
#    VOD_COMMON_DIR = <FMS_Installation_Dir>\webroot\vod
VOD_COMMON_DIR = /opt/adobe/fms/webroot/vod
# VOD_DIR denotes the full path of sample "VOD" application's
# folder for storing onDemand only .flv/.mp3 files. Files stored in
# this folder are not PD-able
# For example:
#    VOD_DIR = <FMS_Installation_Dir>\applications\vod\media
VOD_DIR = /opt/adobe/fms/applications/vod/media
# The maximum size of the FLV cache, in megabytes.
# The default is 500MB.
SERVER.FLVCACHE_MAXSIZE=500
# Whether to start and stop the included HTTP server along
# with FMS.
SERVER.HTTPD_ENABLED = true
# This section contains configurable parameters in Adaptor.xml #
# Application directory for the virtual host
# For example:
#    VHOST.APPSDIR = C:\myapps
VHOST.APPSDIR = /opt/adobe/fms/applications
VHOST.ALLOW = all
# This section contains configurable parameters in Application.xml #
# List of semi-colon delimited paths in which to search for script to load
# For example:
#    APP.JS_SCRIPTLIBPATH = C:\scripts;C:\Program Files\Foo\scripts
APP.JS_SCRIPTLIBPATH = /opt/adobe/fms/scriptlib
# This section contains configurable parameters in Logger.xml #
LOGGER.LOGDIR =
# This section contains configurable parameters in Users.xml #
# Enable or disable using HTTP requests to execute admin commands.
# Set to "true" to enable, otherwise it will be disabled. The
# actual commands permitted for server admin and virtual host admin
# users can be set in Users.xml.
USERS.HTTPCOMMAND_ALLOW = true
Users.xml:
<Root>
    <UserList>
        
        <User name="${SERVER.ADMIN_USERNAME}">
            
            <Password encrypt="false">${SERVER.ADMIN_PASSWORD}</Password>
            
            
            
            
            
            <Allow>All</Allow>
            
            
            
            
            
            <Deny></Deny>
            
            
            
            
            <Order>Allow,Deny</Order>
        </User>
        <User name="janedoe">
                <Password encrypt="false">S4mpl3P4ss</Password>
                <Allow></Allow>
                <Deny></Deny>
                <Order>Allow,Deny</Order>
        </User>
    </UserList>
    <AdminServer>
        <HTTPCommands>
            
            
            
            
            
            
            
            <Allow>ping</Allow>
            
            
            
            <Deny>All</Deny>
            
            
            
            
            
            <Order>Deny,Allow</Order>
        </HTTPCommands>
    </AdminServer>
</Root>
Output on :1111/admin/ping?auser=Admin&apswd=str34m1ng :
<result>
<level>error</level>
     <code>NetConnection.Connect.Rejected</code>
     <description>Admin user requires valid username and password.</description>
     <timestamp>Thu 17 May 2012 11:33:43 AM EDT</timestamp>
</result>
Connections do not work from both localhost and external connections and the fms_adminConsole.htm (.swf) fails as well.
Any assistance is appreciated!

Hi,
FMIS 4.5 does not accept plain text password. Encrypt=false is no longer supported. See here for more information : http://help.adobe.com/en_US/flashmediaserver/configadmin/WS5b3ccc516d4fbf351e63e3d119f2926 bcf-7fed.html#WS5b3ccc516d4fbf351e63e3d119f2926bcf-7e91
The value for SERVER.ADMIN_PASSWORD needs to be the encrypted string for your password. That should solve your problem.
Hope this helps.
Thanks,
Apurva

IPhone Configuration Utility - Changing Domain/Username to Email Address?

Hi All,
I can't find anything on this so am hoping someone can help...
Here are the details:
My company is a Google Apps for Business customer. When setting up an iOS device, we must use the ActiveSync/Exchange method because we have POP/iMAP disabled on our domain. We point it to m.google.com
When using the ActiveSync/Exchange method, our manual setup instructions are that the DOMAIN field gets left blank and the USERNAME field must be your full email address. Using your actual domain and domain username do not work.
We now want to create a configuration profile that will be available on our intranet so we can cutdown on calls to the help desk/make things easier for the user.
When creating the profile in the config utility, under Exchange Activesync, our only option is to leave the Domain and User field blank so the user is prompted to enter the required information.
now the issue:
When the user installs the profile and is prompted to enter this information, it asks for DOMAIN\USERNAME. The words "DOMAIN\USERNAME" are hard-coded into the XML -- We cannot find a way to change this to read ENTER FULL EMAIL ADDRESS.
We do not want to deploy it like this because users will enter their domain information, get an error and call the help desk...no one ever reads instructions so posting this information along with the config profile on the intranet is a waste of time...
We have thought about creating our own webpage that will populate this information but I don't want to assign any resources to this yet, I'm hoping there's a quick workaround.
Thanks in advance for any suggestions.

Hi,
Let’s check the answer in the following thread:
http://social.technet.microsoft.com/Forums/exchange/en-US/8ecae470-e4c3-41ee-b9fc-c339b1e27aaa/exchange-2013-server-outlook-login-with-user-principal-name?forum=exchangesvradmin
“If you want to use the user principal name when connecting to users with outlook, the email domain need to be the same as the Windows domain.
If your email domain name is not the same as windows domain, there is a work around that adding the email domain as a UPN suffix in Active Directory, then changing the user's UPN suffix to match email.”
When the client tries to connect to your messaging environment, the client locates the Autodiscover service on the Internet by using the right side of the user's email address that was entered. Notice that, for the Autodiscover service to function correctly,
this must be the user's primary SMTP address.
For more information, you can refer to the following article:
http://technet.microsoft.com/en-us/library/jj591328(v=exchg.141).aspx
Thanks,
Angela Shi
TechNet Community Support

Is it possible to set up ADFS without domain admin rights in Windows 2012 R2?

I've set up Windows 2012 R2 on my development box and want to enable the ADFS feature to test claims based authN. In ADFS 2.0, you could opt to install standalone and local admin privileges would be enough to install ADFS and authenticate against the domain
AD.
However, with the new ADFS, after installing the feature it asks to enter the credentials for an account that is a domain admin. Is it still possible to configure ADFS without domain admin privileges?

Hi,
According to my research, if you want to set up AD FS in Windows server 2012 R2, each computer
that functions as a federation server must be joined to an Active Directory domain.
Besides, AD FS requires a certificate for SSL server authentication on each federation server in your federation server farm. Furthermore, you need a membership in
Administrators on the local computer to install the AD FS role service.
For more detailed information, please refer to the links below:
How to deploy AD FS in Windows Server 2012 R2
http://technet.microsoft.com/en-us/library/dn303423.aspx
Best regards,
Susie

How to give full access to mailbox to users in trusted domain?

Hi,
I am working on a migration-project where we migrate all users from one domain to a new domain. I have Exchange in both domains, and migrates mailoboxes from the old to the new domain. In the old domain I have a number of mailboxes that are used for common
calendars for the departments. My problem is: How can I give the users who has been migrated to the new domain full access to the existing calendar-mailboxex in the old domain? I have given the accounts in the new domain full access to the mailboxes
in the old domain by using to following command: get-mailbox mailboxname | add-mailboxpermission -accessrights FullAccess,ExternalAccount -user newdomain\username
After the command has completed I can see the account listed in the "Manage Full Access Permission"-dialog, but still the new useraccount cannot create appointments etc in the original calendar from Outlook.
Any tips on this?
Thor-Egil

Hi Thor,
Thank you for your question.
Did the issue occur when we use OWA?
Are there any errors when they cannot create appointments?
We could enable “Support cross forest delegation” on FIM(Forefront Identity Manager) to check if the issue persist.
There is an article for us to how to enable “Support cross forest delegation” by the following link:
http://blogs.technet.com/b/neiljohn/archive/2011/10/12/exchange-server-2010-cross-forest-delegation.aspx
If there are any questions regarding this issue, please be free to let me know.
Best Regard,
Jim
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Jim Xu
TechNet Community Support

Error while creating user for a domain

i am developing a web-application which is hosted on tomcat server.
it is creating domains and users at another remote domain server.
localy it is working fine..
but when i test it online..
the problem is,
sometimes it works fine ,the domains are being creted at remote server..
but sometimes it delivers error that domain at remote server can not be created.
Is it due to fact that theat some errornous code in the buffer of application have older versions of applications causing the error ?
Code::
if(strPlanId.equalsIgnoreCase("3")) {
                //Create domain account for planid=3 plantype=Cp
                blnOK=false;
passwordGS comes from database
strUrl="http://sosync.net/sosync/admin?pwd="+passwordGS+"&action=user_createdomain&domain="+strSubDomain+".gosync.net&adminpassword=aspire3002&diskquota="+longdk;
                u=new URL(strUrl);
                uc=(HttpURLConnection)u.openConnection();
                code=uc.getResponseCode();
                if(code == 200) {
                    rUrl="/TransCompleteServlet";
                    blnOK=true;
                    uc.disconnect();
                } else {
                    rUrl="/GSView.jsp?page=GSError.jsp?REQ=Unknown";
                if(blnOK) {
                    String strUrlUser="http://gosyncdesk.net/gosync/admin?pwd="+passwordGS+"&action=user_createuser&username="+strEmailId+"&password="+strPassword+"&domain="+strSubDomain+".gosync.net&communityname=Default&firstname="+user.getFirstName()+"&lastname="+user.getLastName();
                   URL u1=new URL(strUrlUser);
                HttpURLConnection   uc1=(HttpURLConnection)u1.openConnection();
                    code=uc1.getResponseCode();
                    response1=uc1.getResponseMessage();
                    if(code == 200) {
                        rUrl="/TransCompleteServlet";
                        String strUrlTZ="http://gosyncdesk.net/gosync/admin?pwd="+passwordGS+"&action=user_setuserpreference&username="+strEmailId+"&domain="+strSubDomain+".gosync.net&name=web_timezone&value='"+timeZone+"'";
                        u=new URL(strUrlTZ);
                        uc=(HttpURLConnection)u.openConnection();
                        code=uc.getResponseCode();
                          if(code != 200) {
                           rUrl="/GSView.jsp?page=GSError.jsp?REQ=Unknown";
                    } else {
                        rUrl="/GSView.jsp?page=GSError.jsp?REQ=Unknown";
                        mailUtil.sendMail_admin("Error In Creating User for the Domain","While creating domain for "+user.getEmail()+" user could not be created due to following reason: <BR> "+response1+"<br>GoSync UserName:"+strEmailId+"<br>GoSync Password:"+strPassword+"<br>GoSync Domain :"+strSubDomain+".gosync.net and URl String was :"+strUrlUser+"");
            }

if the problem is caching try setting the useChasses to false
uc.setUseCaches(false);

Migrating users from one domain to another(Interforest)

Scenario- Two Domains A & B in two different forests.
A - holds exchange server in DMZ and 2 domain controllers in A used by exchange also in DMZ
B holds all users and computers and 2 Domain controllers used for authentication .
Now I want to migrate all users and computers in B domain to A domain using ADMT
My question here is
1. Can I use the DCs used by exchange to authenticate if I migrate users and computers from B to A.
2. If not what is the work around here. I want to build an action plan on this.

After the migration users will be in Domain A. Authentication will happen locally in Domain A using Domain A DCs. Make sure you have correct DNS server (DNS from domain A) for these workstations.
Santhosh Sivarajan | Houston, TX | www.sivarajan.com
ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
Blogs: Blogs
Twitter: Twitter
LinkedIn: LinkedIn
Facebook: Facebook
Microsoft Virtual Academy:
Microsoft Virtual Academy
This posting is provided AS IS with no warranties, and confers no rights.

User machine without domain require domain\username authentication.

Similar Messages

Maybe you are looking for