Active Directory: How does the computer logon process and the user logon process differ?

active-directory

User Authentication to AD is handled by the Computer, so it will use the computer's idea of AD state to handle the authentication process. A good example of this is with Sites.

  • A user logging interactively into a computer in Site Z will authenticate against the Domain Controllers in Site Z (or failing that, the fallback identification process will be followed).
  • If the same user flies across the country and logs in interactively at a new computer, in Site J, the user will be authenticated against the Domain Controllers in Site J.

Thinking of it another way, a user inherits locality from the machine they're logging in on.

It is possible for the user to log in against a different DC than the one the computer logged into, especially if the Site they're in has more than one DC in it. This is why you have to capture the security logs of all DCs in a Site to have an accurate idea of who logged into what, where.

Related

Nginx ssl - SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line
AD Cross-forest authentication - groups missing from PAC
Give EC2 IAM role read access to S3 bucket
Starting IIS Manager has Web Platform Prompt
Vagrant synced folders aren't case sensitive
How to safely install a new IOS image on a Cisco device when the installed flash memory size isn't enough for two of them?
"Preparing Paste Information" when copying files on server using RDP
Why does yum index get corrupted?
Is it safe to delete redis dump and temp files from /var/lib/redis/
How does yum with Red Hat Network Subscription work inside the rhel Docker images?
Why only a single loopback address on IPv6?
Enable error logging on PHP-FPM 7 with Nginx?