Active Directory Authentication Process

The active directory authentication process involves maintenance of security in allowing or blocking entry into the SGD. A user must have an account in an Active Directory domain. The SGD uses a protocol to check the user principal name and password against a Key Distribution Center (KDC) for a domain.

For Dissecting the active directory architecture: SID filtering and trust relationships, successful authentication of a user within the domain. Such entry is made possible through the provision of a construct known as the access token. The active directory authentication protocol is the process by which the user's identity is expressed on the wire and the specific mechanisms used to deliver the access token.

What are active directory authentication methods? While Windows 2000 and AD introduced Kerberos are the principal authentication mechanism for all Win2K and later machines, other authentication protocols may be available. Microsoft and IBM created LAN Manager for OS/2. It is used by Windows and Windows 9x administrators and has the least security features.

NT LAN Manager (NTLM) is a more secure challenge-response authentication protocol than LAN Manager. Earlier client and Windows NT 4.0 Service Pack 3 (SP3) protocol. NTLMv2 is a version of NTLM that uses 128-bit encryption and is matched with machines running NT 4.0 SP4 and later. It is the most secure challenge-response authentication available. Kerberos is basically a ticket-based authentication protocol.

Mac systems being relatively new to the industry, its integration with Active Directory made it possible for Mac OS X to leverage directory services even if they reside in a Macintosh NetInfo directory, Microsoft Active Directory, or in an enterprise LDAP directory. The ability of Mac OS X to authenticate using Active Directory revolves around using Kerberos or LDAP protocols.

Security and compliance concerns are a primary driver for any company that aims to protect information through databases. It is important for IT companies to design Active Directory through risk analysis done by identifying threats like object spoofing, data manipulation, capturing data in transit, and so on.