Solved

AD authentication

Posted on 2009-04-14
10
315 Views
Last Modified: 2013-12-05
Hi can someone give me information on AD authentication. I had a question on if a user logs into the network how many times does it authenticate to AD? Does it do it just once on login or everytime it tries to hit a network resource? Also if I want to check authentication success\failures, all of this information is in the event viewer of the DC correct? In the eventviewer when the user section is system, does that mean its just a service on the computer requesting AD authentication? Thanks
0
Comment
Question by:Thomas N
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 6

Expert Comment

by:ngailfus
ID: 24140841
I believe each time a user tries to access a network resource they authenticate with the DC.  We occasionally have a user who ignores the password expiration warnings, never logs off and then complains how they can't print or access their files anymore.
0
 

Author Comment

by:Thomas N
ID: 24141059
Would you by chance have a link explaining the authentication process for AD? Possibly troubleshooting too? Thanks
0
 
LVL 18

Expert Comment

by:Americom
ID: 24141633
Authentication including when users logon to a machine, map a drive, start a service, UNC to a share, run admin tool, rdp, etc....

When you enable auditing on your DCs, these events shows up in the security event logs:
http://support.microsoft.com/kb/299475

Both computer and user account authentication are logged on the security log.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:Thomas N
ID: 24141716
Thanks Americom:Sorry I forgot to say I have Windows 2003 server. The event id's are in there 600's. I tried to do a search for Windows 2000 Security Event Descriptions but could not find anything. Any chance you would have a link for that one?
0
 
LVL 18

Expert Comment

by:Americom
ID: 24141812
The link provided above has two parts. You should see the link there, look for part 2 of 2 for the 600s.
0
 
LVL 18

Expert Comment

by:Americom
ID: 24141815
0
 

Author Comment

by:Thomas N
ID: 24141903
ah got it thanks. So if a user logs into a workstation and they access a network resource, it authenticates to the dc and will show up in the eventviewer everytime?
0
 

Author Comment

by:Thomas N
ID: 24142030
Also one last question , we have 3 dc's. Is it possible to for a users computer to timeout during authentication and if so is there a way for us to determine when\if a user had timed out?
0
 
LVL 18

Expert Comment

by:Americom
ID: 24142055
Yes, as long as you use a valid domain account, it will show up in the DC security event log.
0
 
LVL 18

Accepted Solution

by:
Americom earned 500 total points
ID: 24142092
Very unlikely. If you have all three DCs and without and AD site creation and only the default AD site exist, user can authenticate by any DC available. If you have AD site create, user will authenticate to the DC that is on the same assigned AD site as the user's PC. If that DC is not available, then the user will be authenticated by other AD Site DCs. So, it is very unlikely that the time out will show up in any DC, it will show up in the local PC's event log but not the DC. If the authentication request reached the DC, it will recorded in the DC. Hope this help.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question