We want to have one password for their local accounts and Microsoft Outlook accounts. This works fine in the abc.com location because the server is in abc.com. It does not need to authenticate to the server manually, and they can change their own passwords for Windows and Exchange Server. We would like to do the same for our child domains. Do you have any suggestions?
There is a tool that can help you out here; it is called the Active Directory Account Cleanup Wizard. It is included with the Exchange System Tools on the Exchange Server 2003 CD. When you run this tool, it will help you identify duplicate accounts and then let you merge them together into one account. Be careful that the target account is the one in the user's domain. Once the two accounts are merged, then you can use a single username and password.
It is possible to change the User Principal Name (UPN) suffix of you child domains' user accounts to be the same as the root domain. In fact, you can change it to be whatever you like. However, it will not change the actual domain they are in. If your users log on using their UPN (what looks like their email address), then the Domain field should be grayed out. In fact, Windows XP Professional doesn't even have a Domain field with its logon so the domain can be transparent to the end user.
Do you have comments on this Ask the Expert Q&A? Let us know.
Related information from SearchExchange.com:
This was first published in August 2006