Join Log in
Score:1
avatar Server

DNS record for UPN alias?

in flag
Virsacer

I have a active directory domain ad.example.com and I configured an UPN alias example.com

When a user tries to logon as user@example.com how does it know the domain is actually ad.example.com?

Don't I need a SRV record or something in the parent zone to hint to the AD?

63
0 + 0
upn
Score:0
avatar Server
cn flag
Greg Askew

The account's UPN is unique within the forest and is replicated to all DC's in the forest. When the authenticating DC locates the account, it locates the domain.

0 + 0
Score:0
user1686 avatar Server
fr flag
user1686

From what I've read elsewhere:

As a domain member Windows doesn't try to figure out what realm you're in – it always talks to the KDCs for its default realm (the one that it was joined to), and the initial Kerberos AS-REQ sends the whole UPN as an enterprise name, allowing the KDC to do that job instead.

So the Kerberos principal in AS-REQ looks like user\@example.com@AD.EXAMPLE.COM, and it becomes your KDC's job to figure out where that user actually is (I assume by searching the forest's Global Catalog for a user with matching userPrincipalName attribute).

But as a standalone (workgroup) client connecting to an AD-member server, however, Windows wouldn't have a "default realm" yet – in that situation it would indeed make queries for AD-specific _msdcs SRV records at the UPN suffix.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.