Active Directory: How does the computer logon process and the user logon process differ?
User Authentication to AD is handled by the Computer, so it will use the computer's idea of AD state to handle the authentication process. A good example of this is with Sites.
- A user logging interactively into a computer in Site Z will authenticate against the Domain Controllers in Site Z (or failing that, the fallback identification process will be followed).
- If the same user flies across the country and logs in interactively at a new computer, in Site J, the user will be authenticated against the Domain Controllers in Site J.
Thinking of it another way, a user inherits locality from the machine they're logging in on.
It is possible for the user to log in against a different DC than the one the computer logged into, especially if the Site they're in has more than one DC in it. This is why you have to capture the security logs of all DCs in a Site to have an accurate idea of who logged into what, where.