When adding a directory, you must choose whether to use the SAM Account Name and the User Principal Name (UPN) as an Active Directory attribute that contains the user name, and there are implications to either choice that users should consider.
The following list outlines impotant issues that you should understand regarding synching multiple domains with Active Directory.
- When an Active Directory is synced by SAM Account Name, usernames are in the format "USERNAME"
- When an Active Directory is synced by User Principal Name (UPN), the usernames are in the format “USERNAME@DOMAIN”. A UPN consists of a UPN prefix (the user account name) and an UPN suffix (a DNS domain name). The prefix is joined with the suffix using the @ symbol. For example, [email protected].
- By convention, User Principal Name (UPN) matches the email of the user, but there might be exceptions: The UPN might be [email protected] but the email field can be [email protected]. The username and email fields are mapped to different attributes from the Active Directory.
No matter what format you choose, the same account is specified.
Consider the following isues when choosing the SAM Account Name as the attribute for the username: It is possible to explicitly configure a user in different domains with the same SAM Account Name, but with a different User Principal Name (UPN) name. As a consequence, in order to ensure that the SAM Account Name is working in a multi-domain environment, you must ensure that the attribute is unique within all of the domains (and not just unique in the specific domain). On the other side, a configuration having a User Principal Name (UPN) will support a multi-domain environment without any issues.