Active Directory Authentication

Active Directory Authentication is a step that's forcefully implemented when you set a Windows Server computer as a Domain Controller in your network in order to validate people who want to login within that network. If you aren't aware already, machines within a domain both have restrictions as well as certain privileges like accessing Intranet specific sites.

You can perform Active Directory Client Authentication via several means, but you do it essentially in two fashions: Integrated and Web. Integrated is meant to be used on everyday situations where you have a home or corporate network and you want to have all the machines cooperating within a domain, all users will use the local computers to login. The alternative however is Web based and that allows for two functions.

First function is when you want to use Intranet websites for specific tasks that don't really require a whole computer system to perform, for example, a simple database access. You can have this page meant for the database access to request the user for data and crosscheck it with the Active Directory group authentication or even a Active Directory cross domain authentication, the later being useful for when you want to have a service broadening to several domains (even if of the same company.

Active Directory user authentication is always performed in the same way, based on a username and password that will work for both a Web page with this kind of authentication via Active Directory, or for the actual computers that are using Active Directory for authentication. The Active Directory machine authentication, as well as Web, will be made by the domain controller on either case and function on the same way, that meaning that it can still work with all the advantages (and disadvantages) of Active Directory.

You should be sure however that the Active Directory client certificate authentication, can only be used effectively in a regular Windows login, that is, to try and login with a computer into the domain. Web authentication is prone to problems since the certificate can't be as easily compared when you have to resort to a web browser as means of interface for authentication. Errors may spring out of the attempt to use this system on Web authentication, therefore it should be avoided and have the users forced to do regular logins.

Additionally, authentication in Active Directory can sometimes require certain requirements to be met. For example, mismatching local/server date and time, which can cause a fail in the Active Directory client authentication. For proper resolution of this problem make sure to always have the potentially associated machines to the domain to use NTP servers to keep their clocks synchronized.