Active Directory Authentication Problems

In the year 2000 Microsoft released a technology called Active Directory. In a central database, active directory stores settings and information that allows system administrators to introduce new software, apply critical updates, as well as assign policies to an entire organization. There usually is an amount of information and security sensitivity in an organization, therefore when trying to access an organization's active directory an act of authentication ( identifying oneself ) usually takes place.

There are two types of active directory authentication. First, there is mutual authentication. This where the client and the server being accessed must identify themselves to each other, before any information is transferred. This can be done through a trusted third party or encryption. The second is NTLM. This security feature can be achieved through three different levels of challenge and response authentication--LAN manager(least secure) enabling Windows 2000 or later to connect to older versions of Windows, NTLM v1( medium security) enabling Windows 2000 or later to connect Windows NT versions, and the most secure NTLM v2. NTLM v2 enables Windows 2000 or later to connect to the higher service pack versions of Windows NT. As with any computer software there are bound to be a few bugs to worked out. Below are a few problems that you might encounter, as well as a few trouble shooting tips.

Account Information Not Recognized: Active Directory Authentication failed to log you on--Once, you have your new active directory in place, you find that you are having difficulties logging in to use it. First off, check to make sure you have everything configured right. Important, make sure you are listed as a member of the mapped group and make sure that group has been validated.

Error updating Windows AD authentication properties: Active Directory Authentication failed to verify the mapped groups--This particular problem is usually followed by the most common way to fix it--delete and re-map. Most likely the groups are not mapped to each or synchronized. Make sure the groups contain the same users and that those users are mapped to each other. Also, check to make sure that the user name mapping service is running on the designated server or whether or not the directory is accessible .

Many times you may run into a situation where authentication has failed. One reason for that might be that the user belongs to several groups. Belonging to several groups creates a problem for the Kerberos protocol, in that is has to use multiple frames to send the validation tokens. At some point, some of the frames are lost and the group information is not properly applied and some users were not being authenticated.

Reducing the number of groups should ensure that group access is not dropped in the transfer process. Also, make sure your group policy actually includes you for granted access .

It seems that basic issues and problem are directly related to how the system was configured, group policy issues, and installation issues. Make sure everyone who needs access is on a validated group list and that these groups are properly synchronized to one another. And, then make sure that the members don't belong to an absurdly large number of groups. Having good user data management should curtail the basic problems.