Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

AD authentication

Posted on 2009-04-14
10
Medium Priority
?
319 Views
Last Modified: 2013-12-05
Hi can someone give me information on AD authentication. I had a question on if a user logs into the network how many times does it authenticate to AD? Does it do it just once on login or everytime it tries to hit a network resource? Also if I want to check authentication success\failures, all of this information is in the event viewer of the DC correct? In the eventviewer when the user section is system, does that mean its just a service on the computer requesting AD authentication? Thanks
0
Comment
Question by:Thomas N
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 6

Expert Comment

by:ngailfus
ID: 24140841
I believe each time a user tries to access a network resource they authenticate with the DC.  We occasionally have a user who ignores the password expiration warnings, never logs off and then complains how they can't print or access their files anymore.
0
 

Author Comment

by:Thomas N
ID: 24141059
Would you by chance have a link explaining the authentication process for AD? Possibly troubleshooting too? Thanks
0
 
LVL 18

Expert Comment

by:Americom
ID: 24141633
Authentication including when users logon to a machine, map a drive, start a service, UNC to a share, run admin tool, rdp, etc....

When you enable auditing on your DCs, these events shows up in the security event logs:
http://support.microsoft.com/kb/299475

Both computer and user account authentication are logged on the security log.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:Thomas N
ID: 24141716
Thanks Americom:Sorry I forgot to say I have Windows 2003 server. The event id's are in there 600's. I tried to do a search for Windows 2000 Security Event Descriptions but could not find anything. Any chance you would have a link for that one?
0
 
LVL 18

Expert Comment

by:Americom
ID: 24141812
The link provided above has two parts. You should see the link there, look for part 2 of 2 for the 600s.
0
 
LVL 18

Expert Comment

by:Americom
ID: 24141815
0
 

Author Comment

by:Thomas N
ID: 24141903
ah got it thanks. So if a user logs into a workstation and they access a network resource, it authenticates to the dc and will show up in the eventviewer everytime?
0
 

Author Comment

by:Thomas N
ID: 24142030
Also one last question , we have 3 dc's. Is it possible to for a users computer to timeout during authentication and if so is there a way for us to determine when\if a user had timed out?
0
 
LVL 18

Expert Comment

by:Americom
ID: 24142055
Yes, as long as you use a valid domain account, it will show up in the DC security event log.
0
 
LVL 18

Accepted Solution

by:
Americom earned 2000 total points
ID: 24142092
Very unlikely. If you have all three DCs and without and AD site creation and only the default AD site exist, user can authenticate by any DC available. If you have AD site create, user will authenticate to the DC that is on the same assigned AD site as the user's PC. If that DC is not available, then the user will be authenticated by other AD Site DCs. So, it is very unlikely that the time out will show up in any DC, it will show up in the local PC's event log but not the DC. If the authentication request reached the DC, it will recorded in the DC. Hope this help.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question