Active Directory Object Naming

When a user logs on to an Active Directory domain, two types of names can be provided. The first is the traditional NetBIOS name, referred to in Windows 2000 as the downlevel logon name. This exists for the purpose of backwards compatibility with versions of Windows that rely on NetBIOS for logon functions (such as NT 4, Windows 9x, etc). When using a downlevel logon name (‘User logon name – pre-Windows 2000’ in the interface) to log on, the user must provide a username, password, and choose the appropriate domain name that they wish to log in to. The second option and new in Windows 2000 is the ability to log on using what is referred to as a User Principal Name, or UPN. A UPN follows the format (in the interface it is referred to as the User logon name). When this convention is used, a user no longer needs to specify the domain that they wish to log in to. In fact, under Windows 2000, the domain portion of the login box is grayed out when a UPN is used to sign in.

A first look requires that we also discuss both the logical and physical elements of Active Directory. The logical part of Active Directory includes some ideas that you may have already heard of, including terms like forest, trees, domains, and OUs. The physical part of Active Directory relates to sites and domain controllers. The distinction between the logical and physical elements is important and you must recognize and understand the differences.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.