Authenticated Users - Where is it?

Posted on 2007-10-17
Last Modified: 2008-05-31
Here's a stupid question - I'm poking around in Active Directory for Users and Computers.  I'm trying to find the "NT Authority" folder.  Specifically, I'm looking for the "NT Authority\Authenticated Users" group.  Is it hidden in the default ADUC configuration, or does the ADUC simply not give you access to the group?
Question by:jdana
    LVL 70

    Accepted Solution

    You won't find it - its a "special" group. Authenticated users is a dynamic group that contains users who have been authenticated by Active Directory, once someone has entered their credentials and have been authenicated they automatically become a member of the group, when they log off they are removed from the group. You cannot manually control its membership.
    LVL 30

    Assisted Solution

    Authenticated Users is a special group that is maintained internally by the Windows operating system, you cannot view the membership of this group, nor can you add or remove users from this group.  Most of the NT AUTHORITY groups correspond to well-known security principals like the ones described here:
    LVL 9

    Expert Comment

    In addition to the information in the previous posts -- this is indeed a 'special' group that you gain membership in by merely being authenticated.  There are many others similar in nature to this one such as 'Network' or 'Interactive'.  If you subscribe to TechTarget, take a look at the series of articles I wrote that included a detailed breakdown of this aspect of AD, available if subscribed at -,289142,sid1_gci1195097,00.html

    While the membership within the special groups cannot be viewed or directly influenced, their membership in other groups (group nesting) can.  However, objects like these only appear in Active Directory when the AD-database is forced to create a reference to them, for example - when you add 'Authenticated Users' to another AD group in an effort to simplify the allocation of a particular permission or set of permissions or rights.

    Once groups like these are created in Active Directory, they're called Foreign Security Principals (FSPs or, internally to MS, FPOs [foreign principal objects]) and exist in a container of that name beneath the domain head.  Using Active Directory Users and Computer, select View --> Advanced Features and you'll find the container is probably now populated.  Expand the colums until you're able to read the names ... they are prefixed by 'NT Authority' as you mentioned earlier.  You are now able to review or alter their properties to a limited extent including their membership in other groups or the ACL (security) controlling who's permitted to do what to them.

    All of that now said, what was your goal in the first place, purely informational or ???

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now