Home / server / Questions / 262185
Accepted
Belmin Fernandez
Asked: 2011-04-22 06:19:48 +0800 CST

Terminology for Windows domain

  • 772

I am a system administrator in a Linux shop. We are in the initial steps of inheriting a Windows Domain. I have some terminology questions:

  1. The usernames are WORKPAC\johndoe. What is the bolded portion called in the username?

  2. The domain name of the Windows Domain is workpac.local. Am I using the correct terminology for that?

windows-server-2008 windows-server-2003 active-directory

4 Answers

  1. Best Answer

    Yes, the WORKPAC is the domain name. The workpac.local is the fully qualified domain name of the windows domain.

    In that domain the PCs would be named something like: PC1.workpac.local

    As JoeQwerty pointed out the NETBIOS name does not have to match. The NETBIOS name being the "WORKPAC" part of "WORKPAC\user".

    As an example you could have a windows forest like this: 

                              /\
                         /_ \ - WORKPAC.local (forest root/ domain) = Top level

                        /
                       /
                      /
                   /\
                  /_ \  - CHILD.WORKPAC.local (child domain)

    These would be two separate windows domains within the same logical forest. The NETBIOS name for the child domain would be CHILD whereas the FQDN would be CHILD.WORKPAC.local.

    For more information on domain structures check out: Active Directory Domain Hierarchy. The article is in reference to Windows 2000 but the same design concepts apply to newer versions. Also check out Active Directory Domain Names. These should get you in the right direction.

    • 13

  2. WORKPAC and workpac.local are both names for the domain. The first one is the pre-Windows 2000 (or NetBIOS) domain name and the other is the DNS (or FQDN) domain name.

    http://technet.microsoft.com/en-us/library/cc739093(WS.10).aspx

    • 8

  3. Sometimes when logging into a server, you have to specify the domain with the username. You do this by typing WORKPAC\johndoe or johndoe@WORKPAC.

    • 0

  4. Maybe this can clear things up for you. In windows DOMAIN refers to three things:

    1.) The Domain naming context in the Active Directory ldap store. (DC=child,DC=root,DC=top.com) --- This follows RFC rfc2247

    2.) The kerberos realm that uses the the ldap store. -- realm name is something like @domain.com...user principal name is [email protected]

    3.) The DNS domain domain.com -- DNS resords for domain.com in the typical fashion.

    It's best practice (and the default with the GUI based tools) for all of these to match. They don't actually have to. You could add any number of different UPN/SPN suffixes for user/service accounts. The DNS needs to work, meaning that it could be different from all three as long as the SRV records actually resolve correctly.

    Anyway, I have found that breaking it down this way usually helps when discussing AD with my UNIX'y brethren.

    • 0