A Complete Guide to Active Directory Authentication

Every organization has a well-defined structure that defines the roles and responsibilities of employees in various departments such as sales, marketing, and IT. To use corporate resources efficiently and stay productive, organizations must develop access control measures.

Active Directory (AD) Authentication is one such measure that you can use to manage users, applications, and other assets within the organization. Once deployed, Active Directory authentication can simplify IT administration and improve overall enterprise security. Learn more about AD authentication, how it works, and how JumpCloud can help you improve its operations.

What is Active Directory Authentication?

AD authentication is a Windows-based system that authenticates and authorizes users, devices, and services against Active Directory. IT teams can use AD authentication to streamline user and entitlement management while centralizing control of user devices and configurations through the AD Group Policy Feature.

It also provides single sign-on (SSO) functionality, allowing users to authenticate only once and then seamlessly access any corporate resource in the domain for which they are authorized. AD authentication succeeds LAN Manager (LM) and NT LAN Manager (NTLM)easily usable protocols.

For example, LM used a weak cryptographic scheme that modern processors could easily break. Although NTLM – which succeeded LM – made some security improvements around the strength of cryptography, it could not provide mutual authentication and smart card authentication services. Due to these weaknesses, Microsoft replaced the LM and NTLM protocols with AD starting with Windows 2000 Server operating systems (OS).

How does authentication work in Active Directory?

Active Directory authentication is a process that supports two standards: KerberosName and Lightweight Directory Access Protocol (LDAP).

1. Kerberos Protocol

In Kerberos-based AD authentication, users log in only once to access corporate resources. Instead of transmitting login credentials over the network, as is the case with the LM and NTLM protocols, the Kerberos system generates a session key for the user. The generated session key lasts for a specified period of time, providing users flexibility in authentication.

In addition to the session key, the Kerberos system (Read more…)

Calvin W. Soper