I don’t know about you, but I like simple. Simple as in beautifully easy and efficient. Simple as in not having to remember and type a crazy “domainname\username” to log in to systems. Instead just to remember a single, unified login name (and perhaps its password).
Imagine you could log into all the (Microsoft) systems in your organization with your email address – to your workstation, your email account… and what have you.
It isn’t all that hard to configure. I’ve outlined the (technical) steps you’ll need below.
Essentially you’ll set the UPN (userPrincipalName) to match the users email address. In my honored opinion, it doesn’t weaken the security of your environment; it does however help provide a seamless login experience.
The first step is Adding the UPN Suffixes (Email Domains) to your Active Directory Forest. You’ll need domain admin privileges to do so.
On one of your domain controllers (or from a computer with the Remote Server Administration Tools installed) open “Active Directory Domains and Trusts”.
Right-click on the root entry as shown below, and select “Properties”.
Enter your email domain (that’s the portion after the @ symbol of your email address), and click “Add”. If your organization uses more than one email domain, you probably want to enter those domains as well. When finished, click OK.
Wait for AD replication, depending on your environment that may be 15-30 minutes.
The next step is Adjusting the UPN for your users.
Open “Active Directory Users and Computers”.
Now you’ll probably want to create a test account; I’ve called mine “Heinz Ketchup” (because for my love for ketchup). Open the properties of the account, and navigate to the “Account” tab.
Notice that the domain the user logs in with is set to your Active Directory domain.
Click on the drop-down, and surprise or not, the newly added email domain is available for selection. Select it and click OK.
That’s pretty much it for the Active Directory portion of it.
I’ll recommend you test logging in with this user account. When you’re happy with the results, repeat the process for the remainder of your user accounts (and of course, you can automate it if you wish).
For your other AD-connected systems you’ll want to enable UPN login as well. For instance, in Exchange you’d configure the UPN logon format for forms-based authentication on the OWA virtual directory (I won’t detail that here; will reserve that for another time).
To wrap up, we’ve covered the Active Directory piece of the Email address login in this article. It’s the basis for providing the experience to your users of no longer having to know and remember what the Active Directory domain is called – it’s irrelevant to the users anyway. All they need to know for login is their email address (and the password).
P.S.: I had to add this. If you had the desire to you could still log in with “domainname\username” in addition to the email address login outlined above. Both are valid ways to authenticate.
***
Will Neumann a technical architect specializing on enterprise messaging. He and his team help their clients build and maintain enterprise-level features and services. To learn more, contact Will at +1-780-665-4948 (Mountain Time).