Article ID: 942223 - View products that this article applies to.
Consider the following scenario. A Windows Server 2003 forest trusts another Windows Server 2003 forest. However, a user in the trusted forest cannot use a user principal name (UPN) to log on to the trusting forest.
This problem may occur if a UPN suffix that is created in the "Active Directory Domain and Trusts" Microsoft Management Console (MMC) snap-in is not a DNS-compliant name. Typical UPN suffixes that are not DNS-compliant include, but are not limited to, the following:
This problem occurs when UPN suffixes that are not DNS-compliant are not routed across a forest trust.
To enable users to log on to the trusting forest, change the UPN suffixes so that they are DNS-compliant.
To prevent UPN suffixes that are not DNS-compliant from being created, you can change the UPN suffixes in the "Active Directory Domain and Trusts" MMC snap-in. Make sure that all the specified UPN suffixes are DNS-compliant.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Article ID: 942223 - Last Review: October 11, 2007 - Revision: 1.2