9

I've just created a simple AD on our Windows 2008 r2 server. I've added a few employees into that directory.

Now, is it possible to create some aliases for a single account.

eg.

name = foo.bar@contoso.internal / contoso\foo.bar

but the user can also log in as

contoso\pewpew

Is this possible?

Pure.Krome
  • 6,508
  • 18
  • 73
  • 87
  • 4
    Not posting as an answer because I'm not 100% sure, but I am 95% sure that Active Directory does not support aliases for AD logins. – Mark Henderson Mar 30 '11 at 04:06
  • 1
    Thanks for all the answers, folks. That said, *I'm absolutely FLOORED that AD doesn't allow this* WTF?! Sorry to be so rude, but I'm so upset :( Something so simple, yet overlooked (or probably considered a security issue .. but one I would have been happy to accept). *massive sigh* – Pure.Krome Mar 30 '11 at 23:14
  • How many LDAP or other centralized authentication schemes have you worked with that had this? – mfinni Mar 31 '11 at 00:09
  • And what's your need for this? You can delegate and assign rights and do all kinds of flexible things; under what circumstance would you need multiple valid usernames for a single account? – mfinni Mar 31 '11 at 14:38
  • 1
    @mfinni - generally to authenticate (log in) to a system. eg. we have the policy of firstname.surname@foo.intenal. But of course, some people don't want to log in with their long verbose name, so if we could add an alias, then it would be easier and quicker. Secondly, we occasioanlly have to log into a system or service using another account's credentials. So this would be another quicker way for us to trouble shoot. – Pure.Krome Apr 08 '11 at 04:25
  • Well then, if you have their long name as their UPN, and a shorter SAM account name, you've done it. I pointed that out in my answer. Now, if for some reason you make the SAM account name very long as well, then it's your planning that's deficient. – mfinni Apr 18 '11 at 15:01

3 Answers3

7

Mark's right, to the best of my knowledge. You can login with your SAM username in your domain, and you can login with your UPN. You've already identified those in your question. There's nothing that I've ever read that indicates any support for additional username formats or aliases.

mfinni
  • 36,144
  • 4
  • 53
  • 86
3

Mark and mfinni are both correct, the only type alias truly come into play in MS environments is for MS Exchange, Outlook Web Access, and MS Office Communicator, as these technologies allow users to log into their email accounts in OWA/webmail via their email/exchange alias if one is configured.

Eli
  • 372
  • 2
  • 8
3

While I don't think it's possible to have multiple aliases or user logon names, it certainly is possible to have multiple User Principal Names (suffixes to be precise), so a user could have a UPN of johndoe@domain.com and johndoe@domain.net. Only one can be used though, not both as far as I know.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172