Generally, Active Directory records are preferred over NetBIOS because of the way cross-domain setups interact with name mapping. With NetBIOS records there are more situations in which the Kerberos protocol cannot be used. We support manually configured cross-domain setups with NetBIOS and Active Directory.
Use Case |
Domain type |
Domain name |
User name |
Follow trust relationships |
IP-based authentication |
NetBIOS, User-Selected IPs |
DOMAIN |
USER |
- |
Host-based authentication |
NetBIOS, Service-Selected IPs |
DOMAIN |
USER |
- |
Service-based auth for NTLM (no Kerberos available)
no trust relationships
We'll try to upgrade this to Kerberos if "DOMAIN" can be mapped to "domain.foo.com". |
NetBIOS, Service-Selected IPs |
DOMAIN |
USER |
- |
Service-based auth for NTLM (no Kerberos available)
with manually configured trusts
This cannot be upgraded to Kerberos. |
NetBIOS, Service-Selected IPs |
TARGETDOMAIN |
USERDOMAIN\USER |
- |
Service-based auth for Kerberos
no trust relationships
This always tries Kerberos first. |
Active Directory |
domain.foo.com |
USER |
OFF |
Service-based auth for Kerberos
with manually configured trusts
This always tries Kerberos first. Recommended for Enterprise organizations for cross-domain authentication. |
Active Directory |
targetdomain.foo.com |
USER@userdomain.foo.com |
OFF |
Service-based auth for Kerberos
with automatic trust discovery
ONLY recommended for Small to Midsize Businesses. |
Active Directory |
userdomain.foo.com |
USER |
ON |