Monday, October 25, 2004

Hosting Multiple Domains on SBS 2003 (Part 3)

Now you are hosting multiple domains (by following Part 1 & Part 2), your users are all confused on how to log in, what their email address is and where to go. How do you seperate these things?

Well, you use UPN Suffixes.

UPN stands for User Principal Name, which is essentially a fancy computer-lingo'd way of saying: use your e-mail address to log in.

When you enable this, users will be able to go to the Remote Web Workplace and log in using their email address, instead of just their username. Might make it easier to give some users their email address instead of explaining the username versus email address idea.

How to set it up:

  1. Click on Start, Administrative Tools, Active Directory Domains and Trusts

  2. In the console that loads, right click on the root node called Active Directory Domains and Trusts and choose Properties

  3. Add your domain suffixes in in the format

Now your AD knows that it is the root domain controller responsible for these domains.

Close out this console and go back into Server Management. In the Users snap-in, we need to tell the AD what the primary suffix is for each user:

  1. Right-click a user and choose Properties

  2. On the Account tab, change the drop down box for the User logon name to be the suffix you want this user to have. Note it will add the '@' sign for you, if you see 2 '@' signs, you've done the first step wrong

  3. Choose OK for that user

You'll have to repeat this for all the users in your AD, but when you are finished, you can give your users an email address and a password, they won't need that funky "username".

It made life less confusing for my grandfather, that's for sure. :o)

One last thing. Since SBS shares the AD with all domains, you cannot have two aliases the same, so you should use combination usernames of first and last name, instead of just "dave" or "sean", otherwise user on domain1 might have the "cool" user name, while user on domain2 does not.

Read on to Part 4.


Anonymous said...


This doesn't work for me. I've followed the instructions but get the message "The user name or password is incorrect. Verify that CAPS LOCK is not on, and then retype the current user name and password. If you receive this message again, contact your system administrator to ensure that you have the correct permissions to use the Remote Web Workplace." when using the email address. The standard user name still works fine.

Any ideas?


Sean Daniel said...

Can you send me exact repro steps? It's hard to see what you did from just the error. thanks!

Anonymous said...


Sorry about the delay.

Here's what I did - I followed all of the instructions in parts 1, 2 & 3 of this series. All of the steps made sense and seemed to work OK. Sorry, I know this doesn't give you anything new to go on.

I have user id - ABC
with email address -
On the Accounts tab the user logon name is ABC and the suffix set to

I can logon the the SBS server with user id ABC and password. However, when I try to access remotely ( I can again use the user id ABC and password but I can't use either or - I get the error detailed above.

So, any thoughts?


Sean Daniel said...

Hi Andrew,
Can you log into using the (since that's the account tab you set)? That would help in troubleshooting the issue. thanks!

aleghart said...

Same problem with me. Userid is FLastname. E-mail is First@domain.tld

I can only login with domain\userid or userid, not with any combination of e-mail address or userid@domain.tld.

I have restored everything back to normal. Might this be a problem with the userid being different than the e-mail address assigned?


Anonymous said...

I'm having a similar problem. I log into my domain as Josetta, but I can also log in (remotely) as Administrator to see/troubleshoot server issues. Now, when I want to post something to the companyweb, it says it was created by Administrator. How can I change that back to my personal login (Josetta)? I have logged off and back on, but that didn't seem to work. What's going on here?

Sean Daniel said...

And you're 100% positive that the UPN is setup correctly? This seems strange to me.

Anonymous said...

Sean, no I'm not 100% positive, particularly since I'm not sure what the UPN is, but I will look into it. Thanks for the idea.

Sean Daniel said...

hopefully you will keep us informed. The UPN information is above as part of the main post.

Sean Daniel said...

Sure! It's a DNS record setting that you set on with the folks who host the name servers of your domain. You simply say that no host goes to a certain IP address, and then that works. You'd have to contact your registrar for specific instructions on how to set this up, it's not a setting you make specifically to your SBS server.

Dusk said...

Since I'm basically a year behind the times, I'm not sure you're going to get this. *crossing fingers*

I followed the steps you outlined here to create 3 websites on my SBS 2003 R2 server. It is a stand alone server out on my DMZ and it's only purpose is to host our 3 websites (3 different domains, one IP). I can hit all 3 sites so I know the host headers are correct. My problem is when I click on the site's description in the SharePoint Administrator I am prompted for a username & password. When I extended the site (FPSE 2002), I used the administrator account. That is the username & password I provide, but after 3 tries I get Error 401.1 - not authorized to view this page. Thus I cannot check or recalculate my server extensions. I created another administrator on the machine and used that username & password with the same results. If I'm typing in the password incorrectly then I've consistantly done it wrong at LEAST 50 times. Any suggestions?

Sean Daniel said...

Hi Dusk,

First of all, you shouldn't put SBS in the DMZ (I'm surprised you have one). you should simply forward port 80 from your edge firewall to your internal SBS box.

Second of all, it sounds like you're trying to run SharePoint on all of these websites. Before you try externally, do these websites work internally? Are you sure in global admin that you've granted the local administrator access? Just because the admin created the site, doesn't mean the admin has access.

Anonymous said...

I have the same problem as the poster above... UPN works, but not via RWW.

If I go to I can login with "user", "domain\user", and "".

HOWEVER, if I go through RWW, I can't use the syntax. Any thoughts??

Sean Daniel said...

Sorry, the RWW doesn't support UPN naming.

Anonymous said...

Hi guys
Need a bit of help please.
Do I need your 2 domain solution for sending from a single yahoo email address.
I have SBS2003 set up for my domain
and users can send from any user@mydomain when they are in out look. But we have a couple of single yahoo email address which we recieve ok, using IGETMAIL, but when the want to reply, they want the reply to come from the yahoo address and not the user@mydomain address. I may have made it sound more complicated than it is, by how do we do this. Do we need to add another domain or just set up another account in outlook on the loccal machine

Sean Daniel said...

Hi Mark,

Sorry the Exchange server can only "send-as" one domain name. So this solution won't work, the outbound domain name is always the primary domain name

You could configure Outlook client to have an additional mailbox for Yahoo and then the user could click on the "from" box and change it to the yahoo account.

Hope this helps,