Active Directory Authentication

When you log on to a Windows Server 2003 domain, a single logon gives access to any resources you're permitted to use, regardless of their location on the network.A user doesn't need to re-enter a password every time the user accesses a server or other resources, because any authentication after initially logging on is transparent. Because only one logon is needed, the system needs to verify a person is who he or she claims to be, before any access is given.

Authentication is used to verify a user's logon credentials. The primary method of determining the identity of a user is by logging on to the local computer and network, where a person enters a username and password. If these don't match the username and password for the local computer or Active Directory account, the person isn't able to gain access.

Operating systems such as Windows NT, 2000, and Server 2003 store account information in the SAM database.The SAM stores credentials that are used to access the local machine. When a user logs on to a computer with a local user account that's stored in the SAM, the user is authenticated to the local machine. The user's access is limited to just that computer when logging on to the machine.

When users log on to the Windows Server 2003 domain, an account in Active Directory is used to access network resources located within the domain, or in other trusted domains.When a user logs on, the Local Security Authority (LSA) is used to log users on to the local computer. It is also used to authenticate to Active Directory. After validating the user's identity in Active Directory, the LSA on the DC that authenticates the user creates an access token and associates a SID with the user.

The access token is made up of data that contains information about the user. It holds information about the user's name, group affiliation, SID, and SIDs for the groups of which he or she is a member. The access token is created each time the user logs on. Because the access token is created at logon, any changes to the user's group membership or other security settings won't appear until after the user logs off and back on again. For example, if the user became a backup operator, he or she would have to log off and log back on before these changes affected the user's access.

Access control and authentication are vital parts of Active Directory's security, so it is important that you understand the features and controls of Active Directory. The initial security feature that users will experience is the interactive logon. When users log on, an access token is created to indicate the user's security capabilities. When changes are made to a user's account, they will not apply to the user until that user logs on to the domain.

Test Day Tip

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment