Solved

AD authentication

Posted on 2009-04-14
10
314 Views
Last Modified: 2013-12-05
Hi can someone give me information on AD authentication. I had a question on if a user logs into the network how many times does it authenticate to AD? Does it do it just once on login or everytime it tries to hit a network resource? Also if I want to check authentication success\failures, all of this information is in the event viewer of the DC correct? In the eventviewer when the user section is system, does that mean its just a service on the computer requesting AD authentication? Thanks
0
Comment
Question by:Thomas N
  • 5
  • 4
10 Comments
 
LVL 6

Expert Comment

by:ngailfus
ID: 24140841
I believe each time a user tries to access a network resource they authenticate with the DC.  We occasionally have a user who ignores the password expiration warnings, never logs off and then complains how they can't print or access their files anymore.
0
 

Author Comment

by:Thomas N
ID: 24141059
Would you by chance have a link explaining the authentication process for AD? Possibly troubleshooting too? Thanks
0
 
LVL 18

Expert Comment

by:Americom
ID: 24141633
Authentication including when users logon to a machine, map a drive, start a service, UNC to a share, run admin tool, rdp, etc....

When you enable auditing on your DCs, these events shows up in the security event logs:
http://support.microsoft.com/kb/299475

Both computer and user account authentication are logged on the security log.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Author Comment

by:Thomas N
ID: 24141716
Thanks Americom:Sorry I forgot to say I have Windows 2003 server. The event id's are in there 600's. I tried to do a search for Windows 2000 Security Event Descriptions but could not find anything. Any chance you would have a link for that one?
0
 
LVL 18

Expert Comment

by:Americom
ID: 24141812
The link provided above has two parts. You should see the link there, look for part 2 of 2 for the 600s.
0
 
LVL 18

Expert Comment

by:Americom
ID: 24141815
0
 

Author Comment

by:Thomas N
ID: 24141903
ah got it thanks. So if a user logs into a workstation and they access a network resource, it authenticates to the dc and will show up in the eventviewer everytime?
0
 

Author Comment

by:Thomas N
ID: 24142030
Also one last question , we have 3 dc's. Is it possible to for a users computer to timeout during authentication and if so is there a way for us to determine when\if a user had timed out?
0
 
LVL 18

Expert Comment

by:Americom
ID: 24142055
Yes, as long as you use a valid domain account, it will show up in the DC security event log.
0
 
LVL 18

Accepted Solution

by:
Americom earned 500 total points
ID: 24142092
Very unlikely. If you have all three DCs and without and AD site creation and only the default AD site exist, user can authenticate by any DC available. If you have AD site create, user will authenticate to the DC that is on the same assigned AD site as the user's PC. If that DC is not available, then the user will be authenticated by other AD Site DCs. So, it is very unlikely that the time out will show up in any DC, it will show up in the local PC's event log but not the DC. If the authentication request reached the DC, it will recorded in the DC. Hope this help.
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question