2

In Active Directory, I have a domain (dc=ABC,dc=DEF). I expect the domain to be ABC.DEF

However, if I use the command

nltest /dsgetdc:ABC

Sometimes I get ERROR_NO_SUCH_DOMAIN (the expected answer), sometimes I get the returned domain as ABC and sometimes I get the return domain as ABC.DEF

Can you AD experts please indicate how this request for a partially qualified domain should respond.

The reason I ask is that sometimes SQL Server will report a login failure for ABC\SomeUser and sometimes it works fine. I would expect that it would always fail and that the user must be ABC.DEC\SomeUser or SomeUser@ABC.DEF

Any insights here please?

Anders R. Bystrup
  • 127
Dave
  • 121

1 Answers1

1

When running nltest: /dsgetdc: you can specify the NetBIOS name of the domain or you can use the FQDN of the domain. Both are perfectly valid. The AD domain has both a NetBIOS name (ABC) and an FQDN (ABC.DEF). Both are perfectly valid. Part of the problem is that you don't have enough knowledge of AD to understand when you're seeing a problem and when you're not. You'll need to do some reading and learning.

A user may authenticate as either ABC\SomeUser or as SomeUser@domain.tld.

Seeing the authentication to SQL Server as NetBIOSdomainName\Username is perfectly valid.

You're problem isn't with AD. At least not based on the reasons you think it is.

joeqwerty
  • 111,849