Troubleshooter: Using UPNs in OWA

I want users to use their Windows 2000 user principal names (UPNs) for logon. Can I set up Outlook Web Access (OWA) to recognize UPN credentials, too?

The UPN credential format combines the user's domain and username in something that looks like—and might be—an Internet Engineering Task Force (IETF) Request for Comments (RFC) 822­style email address. For example, [email protected] is the UPN that I use to log on. The Microsoft article "Users Can Log in Using User Name or User Principal Name" ( support/kb/articles/q243/2/80.asp) describes what UPNs are, how they work, and how you pick the right UPN domain suffix. Allowing the use of UPNs with OWA is particularly valuable when you have multiple domains served by a front-end/back-end configuration, as you would at an ISP or application service provider (ASP).

Setting up OWA to use UPNs is fairly straightforward. You must configure the front-end and back-end servers to accept Basic authentication, which means you need to require Secure Sockets Layer (SSL), too, to protect the otherwise-unencrypted password. You also must tell Microsoft IIS to use a backslash (\) as the default domain. The Microsoft article "How to Authenticate a User Against All Trusted Domains" (http:// articles/q168/9/08.asp) explains how to do so.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.