You have an IAS Server which is a member of domain “A”. The machine is often used to authenticate users in domain “B”. There’s a trust relationship established between “A” and “B” and users using the full name “B\<user>” can authenticate perfectly, but you want to default anything else to domain “B” (instead of defaulting them against “A”, since the IAS server is a member of that domain).
It’s easy, simply create this registry key:
Create a new REG_SZ (string) value:
“DefaultDomain” (e.g. “B”)
Now, why would you want to do this when you have attribute manipulation? The setting is server wide (i.e. not policy specific). Every user with blank domain will be automatically referred to “B” for authentication. While users with domain names “A\<user>” will still be authenticated as usual.
Just another trick to roll up your sleeve to make your job a little bit easier.