Options
Help with understanding the logon process
Robbo777
Member Posts: 331 ■■■□□□□□□□
Hi, i think my knowledge of the logon process is incomplete, i also have a couple of questions that have been bothering me.
So, here is my understanding of how the logon process works when a client logs into AD (not including cached credentials etc...)
1. Client queries/contacts DHCP to obtain address and DNS etc...
2. Client contacts DNS server for LDAP SRV records in DNS zone from the suffix the client has been given through DHCP on where to login
3. Client attempts to contact all DC found
4. The first DC to respond examines clients IP and subnet definitions and refers client to a site
5. Client stores the site information in registry
6. Client queries all DC in the site
7. First DC to respond authenticates client
BUT, one thing that has been on my mind and keep find the connection is when the user either enters the pre windows 2000 logon name or the UPN name into the login details. I want to know what significance enterting the domain or upn in on this does? It may sound like a really stupid question, but i'm confused. The part that gets me is the DNS suffix the client has for which zone to check which is all part of the login process. What i described above is the login process, so what does either domain1\user1 or user1@domain1.com do? Again, this may sound confusing or silly, but i cant see the connection, i know its the domain you're trying to sign into but what does it actually do?
Thanks
So, here is my understanding of how the logon process works when a client logs into AD (not including cached credentials etc...)
1. Client queries/contacts DHCP to obtain address and DNS etc...
2. Client contacts DNS server for LDAP SRV records in DNS zone from the suffix the client has been given through DHCP on where to login
3. Client attempts to contact all DC found
4. The first DC to respond examines clients IP and subnet definitions and refers client to a site
5. Client stores the site information in registry
6. Client queries all DC in the site
7. First DC to respond authenticates client
BUT, one thing that has been on my mind and keep find the connection is when the user either enters the pre windows 2000 logon name or the UPN name into the login details. I want to know what significance enterting the domain or upn in on this does? It may sound like a really stupid question, but i'm confused. The part that gets me is the DNS suffix the client has for which zone to check which is all part of the login process. What i described above is the login process, so what does either domain1\user1 or user1@domain1.com do? Again, this may sound confusing or silly, but i cant see the connection, i know its the domain you're trying to sign into but what does it actually do?
Thanks
Comments
-
Options
Dojiscalper
Member Posts: 266 ■■■□□□□□□□
Well for one it tells the computer whether to verify the credentials against the local computer (local\user) or against a network domain (domain\user).
I guess with a really simple answer when you attempt logon with domain\user1 the DC checks the directory for user1, then proceeds to log the user in and applying policies and permissions according to the settings applied to that user. -
OptionsLexluethar
Member Posts: 516
Something to note as well is if the credentials don't pass the PDC is contacted to verify user name and password
-
Options
PJ_Sneakers
Member Posts: 884 ■■■■■■□□□□
You can log onto a trusted domain other than the one the computer is joined to if you specify the domain using "otherdomain\user" or "user@otherdomain".
Also, you can use ".\username" to specify a local machine username. -
Optionspoolmanjim
Member Posts: 285 ■■■□□□□□□□
As others have pointed out when you login "user@domain.com" or "domain\user" you are informing the logon service which environment you are targeting.
For the FQDN, DNS just phones home and finds out if those credentials match. As Lexlethar said, if those credentials are invalid or don't match what the first DC says, it forwards the request to the PDC who is supposed to process password changes and would be the first source of knowledge in this regard.
For the short name, it follows the DNS suffix search order and appends suffixes until one works. After that it follows mostly the same procedure.
Another thing to note:1. Client queries/contacts DHCP to obtain address and DNS etc...
That actually happens prior to the logon process. Its part of the computer startup and in most cases doesn't happen at all if the lease hasn't expired yet.2019 Goals: Security+
2020 Goals: 70-744, Azure
Completed: MCSA 2012 (01/2016), MCSE: Cloud Platform and Infrastructure (07/2017), MCSA 2017 (09/2017)
Future Goals: CISSP, CCENT