Help with understanding the logon process

Robbo777Robbo777 Member Posts: 331 ■■■□□□□□□□
Hi, i think my knowledge of the logon process is incomplete, i also have a couple of questions that have been bothering me.
So, here is my understanding of how the logon process works when a client logs into AD (not including cached credentials etc...)

1. Client queries/contacts DHCP to obtain address and DNS etc...
2. Client contacts DNS server for LDAP SRV records in DNS zone from the suffix the client has been given through DHCP on where to login
3. Client attempts to contact all DC found
4. The first DC to respond examines clients IP and subnet definitions and refers client to a site
5. Client stores the site information in registry
6. Client queries all DC in the site
7. First DC to respond authenticates client

BUT, one thing that has been on my mind and keep find the connection is when the user either enters the pre windows 2000 logon name or the UPN name into the login details. I want to know what significance enterting the domain or upn in on this does? It may sound like a really stupid question, but i'm confused. The part that gets me is the DNS suffix the client has for which zone to check which is all part of the login process. What i described above is the login process, so what does either domain1\user1 or [email protected] do? Again, this may sound confusing or silly, but i cant see the connection, i know its the domain you're trying to sign into but what does it actually do?



  • DojiscalperDojiscalper Member Posts: 266 ■■■□□□□□□□
    Well for one it tells the computer whether to verify the credentials against the local computer (local\user) or against a network domain (domain\user).
    I guess with a really simple answer when you attempt logon with domain\user1 the DC checks the directory for user1, then proceeds to log the user in and applying policies and permissions according to the settings applied to that user.
  • LexluetharLexluethar Member Posts: 516
    Something to note as well is if the credentials don't pass the PDC is contacted to verify user name and password
  • PJ_SneakersPJ_Sneakers Member Posts: 884 ■■■■■■□□□□
    You can log onto a trusted domain other than the one the computer is joined to if you specify the domain using "otherdomain\user" or "[email protected]".

    Also, you can use ".\username" to specify a local machine username.
  • poolmanjimpoolmanjim Member Posts: 285 ■■■□□□□□□□
    As others have pointed out when you login "[email protected]" or "domain\user" you are informing the logon service which environment you are targeting.

    For the FQDN, DNS just phones home and finds out if those credentials match. As Lexlethar said, if those credentials are invalid or don't match what the first DC says, it forwards the request to the PDC who is supposed to process password changes and would be the first source of knowledge in this regard.

    For the short name, it follows the DNS suffix search order and appends suffixes until one works. After that it follows mostly the same procedure.

    Another thing to note:
    1. Client queries/contacts DHCP to obtain address and DNS etc...

    That actually happens prior to the logon process. Its part of the computer startup and in most cases doesn't happen at all if the lease hasn't expired yet.
    2019 Goals: Security+
    2020 Goals: 70-744, Azure
    Completed: MCSA 2012 (01/2016), MCSE: Cloud Platform and Infrastructure (07/2017), MCSA 2017 (09/2017)
    Future Goals: CISSP, CCENT
Sign In or Register to comment.