Joining a DC with SAM Account vs UPN

Question

I was wondering what would make UPN work versus using the Pre-Win2K samaccount name when joining a DC to an existing domain.

I’m setting up DC’s between sites. When adding a DC at the remote site the list of domains wouldn’t come up and got errors about server not available. I was using the Domain\admin samaccount name.

When I switched to UPN everything worked as it should.

I’m trying to explain this to myself but I’m not sure why UPN worked and not Samaccount.

Can anyone give me an idea why?

Answer 1

Hi @ComputerHabit ,

hard to tell, because this could depend on DNS settings (or how the down level logon name - domain\SamAccountName is resolved) or it could also depend on some NTLM settings (Group Policy or so). This could play a keyy role, especially in bigger envirtonments with multiple domains in the same forest.
This is a very intersting diuscssion on the topic, you might just find a some hints there:

Any difference between DOMAIN\username and username@keyman .local?
https://serverfault.com/questions/371150/any-difference-between-domain-username-and-usernamedomain-local

This one I would also recommend:

User principal name vs SAM account name
https://serverfault.com/questions/928115/user-principal-name-vs-sam-account-name

----------

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Stoyan Chalakov

Answer 2

Turns out that I was forgetting that other servers host different roles in the forest. Although I haven't tested, I had several servers I need to add to Firewall exceptions.