{"id":20,"date":"2014-04-27T16:00:58","date_gmt":"2014-04-27T20:00:58","guid":{"rendered":"http:\/\/blog.metcorp.org\/?p=20"},"modified":"2014-04-29T21:53:01","modified_gmt":"2014-04-30T01:53:01","slug":"ad-reading-active-directory-authentication-logon","status":"publish","type":"post","link":"https:\/\/adsecurity.org\/?p=20","title":{"rendered":"AD Reading: Active Directory Authentication &#038; Logon"},"content":{"rendered":"<p>The following are extremely useful resources for understanding the Active Directory Authentication &amp; Logon.<\/p>\n<p><strong>Authentication &amp; Logon<\/strong><\/p>\n<ul>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc780455%28WS.10%29.aspx\">Logon and Authentication Technologies<\/a><\/li>\n<\/ul>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc782794%28v=ws.10%29.aspx\">Digest Authentication Technical Reference<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc781463%28v=ws.10%29.aspx\">Interactive Logon Technical Reference<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc739058%28v=ws.10%29.aspx\">Kerberos Authentication Technical Reference<\/a><\/p>\n<ul>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc780469%28v=ws.10%29.aspx\">What Is Kerberos Authentication?<\/a><\/li>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc772815%28v=ws.10%29.aspx\">How the Kerberos Version 5 Authentication Protocol Works<\/a><\/li>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc738673%28v=ws.10%29.aspx\">Kerberos Authentication Tools and Settings<\/a><\/li>\n<\/ul>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc784149%28v=ws.10%29.aspx\">TLS\/SSL Technical Reference<\/a><\/p>\n<ul>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/bb742431.aspx\">Windows Kerberos Authentication<\/a><\/li>\n<\/ul>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/bb742431.aspx#XSLTsection122121120120\">Introduction<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/bb742431.aspx#XSLTsection123121120120\">Overview of the Kerberos Protocol<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/bb742431.aspx#XSLTsection124121120120\">Kerberos Components in Windows 2000<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/bb742431.aspx#XSLTsection125121120120\">Authorization Data<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/bb742431.aspx#XSLTsection126121120120\">Interactive Logon<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/bb742431.aspx#XSLTsection127121120120\">Remote Logon<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/bb742431.aspx#XSLTsection128121120120\">Interoperability<\/a><\/p>\n<ul>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc739587.aspx\">Kerberos Protocol Transition and Constrained Delegation<\/a><\/li>\n<\/ul>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc758097.aspx\">Introduction (Kerberos Protocol Transition and Constrained Delegation)<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc759501.aspx\">Authenticating Web Application Users<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc738207.aspx\">Windows Server 2003 Kerberos Extensions<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc787848.aspx\">Sample Scenario Source Files<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc772683.aspx\">Summary (Kerberos Protocol Transition and Constrained Delegation)<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc781743.aspx\">Conclusion (Kerberos Protocol Transition and Constrained Delegation)<\/a><\/p>\n<ul>\n<li><a href=\"https:\/\/blogs.technet.com\/themes\/blogs\/generic\/post.aspx?WeblogApp=askds&amp;y=2008&amp;m=03&amp;d=06&amp;WeblogPostName=kerberos-for-the-busy-admin&amp;GroupKeys=\">Kerberos for the Busy Admin<\/a><\/li>\n<li><a href=\"https:\/\/blogs.technet.com\/b\/askds\/archive\/2008\/06\/13\/understanding-kerberos-double-hop.aspx?Redirected=true\">Understanding Kerberos Double Hop<\/a><\/li>\n<li><a href=\"https:\/\/blogs.technet.com\/b\/askds\/archive\/2012\/07\/27\/kerberos-errors-in-network-captures.aspx\">Kerberos errors in network captures<\/a><\/li>\n<li><a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/cc236621.aspx\">[MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol<\/a><\/li>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc782880%28WS.10%29.aspx\">Authorization and Access Control Technologies<\/a><\/li>\n<\/ul>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc775598%28v=ws.10%29.aspx\">Security Descriptors and Access Control Lists Technical Reference<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc758849%28v=ws.10%29.aspx\">Access Tokens Technical Reference<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc738585%28v=ws.10%29.aspx\">Permissions Technical Reference<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc738722%28v=ws.10%29.aspx\">Security Principals Technical Reference<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc782090%28v=ws.10%29.aspx\">Security Identifiers Technical Reference<\/a><\/p>\n<ul>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc781463%28WS.10%29.aspx\">Interactive Logon Technical Reference<\/a><\/li>\n<\/ul>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc780095%28v=ws.10%29.aspx\">What is Interactive Logon?<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc780332%28v=ws.10%29.aspx\">How Interactive Logon Works<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc787053%28v=ws.10%29.aspx\">Interactive Logon Tools and Settings<\/a><\/p>\n<ul>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc781516%28WS.10%29.aspx\">User Data and Settings Management<\/a><\/li>\n<\/ul>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc785415%28v=ws.10%29.aspx\">User Profiles Overview in User Data and Settings Management<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc775560%28v=ws.10%29.aspx\">User Profile Structure<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc783453%28v=ws.10%29.aspx\">Enhancements to User Profiles in Windows Server 2003 and Windows XP<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc780629%28v=ws.10%29.aspx\">How to Configure a Roaming User Profile<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc737633%28v=ws.10%29.aspx\">Security Considerations when Configuring Roaming User Profiles<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc784484%28v=ws.10%29.aspx\">Best Practices for User Profiles<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc778976%28v=ws.10%29.aspx\">Folder Redirection Overview<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc782799%28v=ws.10%29.aspx\">How to Configure Folder Redirection<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc775853%28v=ws.10%29.aspx\">Security Considerations when Configuring Folder Redirection<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc784630%28v=ws.10%29.aspx\">Best Practices for Folder Redirection in User Data and Settings Management<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc780552%28v=ws.10%29.aspx\">Related Technologies: Offline Files and Synchronization Manager<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc781162%28v=ws.10%29.aspx\">Common Scenarios for IntelliMirror User Data and Settings Features<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc758768%28v=ws.10%29.aspx\">Appendix: Group Policy Settings for Roaming User Profiles<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc776688%28v=ws.10%29.aspx\">Related Links for User Data and Settings Management<\/a><\/p>\n<ul>\n<li><a href=\"http:\/\/support.microsoft.com\/kb\/327825\">Problems with Kerberos authentication when a user belongs to many groups (Article ID: 327825)<\/a><\/li>\n<li><a href=\"http:\/\/support.microsoft.com\/kb\/328889\">Users who are members of more than 1,015 groups may fail logon authentication (Article ID: 328889)<\/a><\/li>\n<li><a href=\"https:\/\/blogs.technet.com\/b\/askds\/archive\/2012\/09\/12\/maxtokensize-and-windows-8-and-windows-server-2012.aspx?Redirected=true\">MaxTokenSize and Windows 8 and Windows Server 2012<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>The following are extremely useful resources for understanding the Active Directory Authentication &amp; Logon. Authentication &amp; Logon Logon and Authentication Technologies o\u00a0\u00a0 Digest Authentication Technical Reference o\u00a0\u00a0 Interactive Logon Technical Reference o\u00a0\u00a0 Kerberos Authentication Technical Reference What Is Kerberos Authentication? How the Kerberos Version 5 Authentication Protocol Works Kerberos Authentication Tools and Settings o\u00a0\u00a0 TLS\/SSL &hellip; <\/p>\n<p><a class=\"more-link btn\" href=\"https:\/\/adsecurity.org\/?p=20\">Continue reading<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[5,6],"class_list":["post-20","post","type-post","status-publish","format-standard","hentry","category-technical-reference","tag-adreading","tag-mcm","item-wrap"],"_links":{"self":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts\/20","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=20"}],"version-history":[{"count":2,"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts\/20\/revisions"}],"predecessor-version":[{"id":40,"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts\/20\/revisions\/40"}],"wp:attachment":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=20"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=20"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=20"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}