+ Reply to Thread
Results 1 to 5 of 5
  1. Senior Member Robbo777's Avatar
    Join Date
    Aug 2015
    Location
    UK
    Posts
    298
    #1

    Default Help with understanding the logon process

    Hi, i think my knowledge of the logon process is incomplete, i also have a couple of questions that have been bothering me.
    So, here is my understanding of how the logon process works when a client logs into AD (not including cached credentials etc...)

    1. Client queries/contacts DHCP to obtain address and DNS etc...
    2. Client contacts DNS server for LDAP SRV records in DNS zone from the suffix the client has been given through DHCP on where to login
    3. Client attempts to contact all DC found
    4. The first DC to respond examines clients IP and subnet definitions and refers client to a site
    5. Client stores the site information in registry
    6. Client queries all DC in the site
    7. First DC to respond authenticates client

    BUT, one thing that has been on my mind and keep find the connection is when the user either enters the pre windows 2000 logon name or the UPN name into the login details. I want to know what significance enterting the domain or upn in on this does? It may sound like a really stupid question, but i'm confused. The part that gets me is the DNS suffix the client has for which zone to check which is all part of the login process. What i described above is the login process, so what does either domain1\user1 or user1@domain1.com do? Again, this may sound confusing or silly, but i cant see the connection, i know its the domain you're trying to sign into but what does it actually do?

    Thanks
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Sep 2015
    Location
    Charlotte, NC
    Posts
    194

    Certifications
    MCP, A+, Net+
    #2
    Well for one it tells the computer whether to verify the credentials against the local computer (local\user) or against a network domain (domain\user).
    I guess with a really simple answer when you attempt logon with domain\user1 the DC checks the directory for user1, then proceeds to log the user in and applying policies and permissions according to the settings applied to that user.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Mar 2013
    Location
    Midwest
    Posts
    512

    Certifications
    MCSA Server 2008, VCP 5 DCV, CompTIA A+, Net+, 70-640, 70-642, 70-620, 70-646
    #3
    Something to note as well is if the credentials don't pass the PDC is contacted to verify user name and password
    Reply With Quote Quote  

  5. The ceiling is glass. PJ_Sneakers's Avatar
    Join Date
    Nov 2014
    Location
    169.254.0.1
    Posts
    759

    Certifications
    AccessData, Cellebrite, CompTIA, EC-Council, IACRB, (ISC)˛, Microsoft, MSAB
    #4
    You can log onto a trusted domain other than the one the computer is joined to if you specify the domain using "otherdomain\user" or "user@otherdomain".

    Also, you can use ".\username" to specify a local machine username.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Mar 2012
    Location
    Kansas City
    Posts
    233

    Certifications
    MCSA: Server 2012/2016, MCSE: CP&I
    #5
    As others have pointed out when you login "user@domain.com" or "domain\user" you are informing the logon service which environment you are targeting.

    For the FQDN, DNS just phones home and finds out if those credentials match. As Lexlethar said, if those credentials are invalid or don't match what the first DC says, it forwards the request to the PDC who is supposed to process password changes and would be the first source of knowledge in this regard.

    For the short name, it follows the DNS suffix search order and appends suffixes until one works. After that it follows mostly the same procedure.

    Another thing to note:
    1. Client queries/contacts DHCP to obtain address and DNS etc...
    That actually happens prior to the logon process. Its part of the computer startup and in most cases doesn't happen at all if the lease hasn't expired yet.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks