Hi ZhangHuangbin
I tried a few alternatives in the config files, but the result was never really satisfying. At some point I made the LDAP query look for either the UPN or sAMAccountname and then I was able to login with both xxxyyy and firstname.lastname. However, in the former case, I wasn't able to send out mails with the firstname.lastname@domain.com address (I got an error saying that the mailbox did not belong to xxxyyy)...
In the end, I modified the AD UPN of my accounts. Now that it's firstname.lastname@domain.com, I can keep the "original" config files from the tutorial. Since I can still use the pre-W2000 account (xxxyyy) to login to workstations, I guess this is the better approach for making it work.
In Thunderbird/Roundcube I can't login with my xxxyyy anymore, but since this is 100% e-mail related, users shouldn't complain about having to login with their e-mail address.
I'm already stumbling into additional questions, but I'll have a look at them first before opening another topic. Thanks for the assistance you provided!