Ever since Office365 and Azure crept into our environment, we've had to take the extra step of going into GUIdbedit to tell each gateway to perform directory lookups using both the sAMAccountName and the UserPrincipalName (sk149854). Frequently, I forget this and then spend too much time wondering why Identity Awareness is behaving strangely.
Given that Microsoft seems to be moving away from sAMAccountName and Check Point supports making this modification to perform both sAMAccountName *and* UserPrincipalName, I'm thinking it would be best to make both the default - rather than the exception.
This would mean that customers that are strictly sAMAccountName (I believe this is a shrinking number) that wanted to tune their IA for speed *could* tweak the lookup behavior to support it using GUIdbedit but the majority of customers would benefit from having the directory lookups performed using either account name format.
Thoughts?
Steve
