Verify users credentials on Domain Controller

  • Thread starter Thread starter Michael Haering
  • Start date Start date
M

Michael Haering

How could I verify a users credentials on the Domain
controller?
What commands could I run the verify the users is logged
in to the domain controller and not using the cache.

Thank You.
Mike
 
To determine if a particular machine is using a DC to logon use the
following command while logged onto that machine at the command prompt.
set logonserver
You should get something back like the following
LOGONSERVER=\\MYDC

IBTerry [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Thank You very much, for the information.

I beleive an environment variable is set at login, by a
program, or script.
If somehow, I lost my authentication to the domain (Maybe
my ticket expired ) I would expect that my logon server
environment variable would remain. Is this true?
(I am trying to test this now)

Along this line of thinking, I beleive that the DC has
a "lifetime for user ticket" setting. Where is this ticket
stored, on the PC, or on the DC? And how would I verify
its is currently valid?
 
What is it you're trying to do/troubleshoot?

Michael said:
Thank You very much, for the information.

I beleive an environment variable is set at login, by a
program, or script.
If somehow, I lost my authentication to the domain (Maybe
my ticket expired ) I would expect that my logon server
environment variable would remain. Is this true?
(I am trying to test this now)

Along this line of thinking, I beleive that the DC has
a "lifetime for user ticket" setting. Where is this ticket
stored, on the PC, or on the DC? And how would I verify
its is currently valid?

-----Original Message-----
To determine if a particular machine is using a DC to logon use the
following command while logged onto that machine at the command
prompt. set logonserver
You should get something back like the following
LOGONSERVER=\\MYDC

IBTerry [MSFT]
This posting is provided "AS IS" with no warranties, and confers no
rights.



.
Click to expand...
Click to expand...
 
I am trying to troubleshoot an application that allows or
disallows accesss based on domain authentication.

So I am trying to find out a way to verify the users
domain authentication actively. So, if the app is failing
I want to determine, if the "Domain Tickets lifetime" ran
out, or if the user lost domain priveliges somehow.

My though was to find the commands that could verify the
domain authentication. Then test using the command at the
point of failure to determine the problem.

Thank you for any assistance you can offer.

-----Original Message-----
What is it you're trying to do/troubleshoot?

Michael said:
Thank You very much, for the information.

I beleive an environment variable is set at login, by a
program, or script.
If somehow, I lost my authentication to the domain (Maybe
my ticket expired ) I would expect that my logon server
environment variable would remain. Is this true?
(I am trying to test this now)

Along this line of thinking, I beleive that the DC has
a "lifetime for user ticket" setting. Where is this ticket
stored, on the PC, or on the DC? And how would I verify
its is currently valid?

-----Original Message-----
To determine if a particular machine is using a DC to logon use the
following command while logged onto that machine at the command
prompt. set logonserver
You should get something back like the following
LOGONSERVER=\\MYDC

IBTerry [MSFT]
This posting is provided "AS IS" with no warranties, and confers no
rights.



.
Click to expand...
Click to expand...


.
Click to expand...
 
I am answering my own post as I have found more
information since then. I still do not have my answer to
how do you verify the user is validated on the DC/domain?

Use the nltest /dsgetdc:domainname command to verify that
a domain controller
can be located for a specific domain. The NLTest tool is
installed with the
Windows XP support tools.
On the Win XP cd go to Support\Tools, and then double-
click Setup.exe
2 tests below will verify the DC name and its
availability.
nltest /dcname:domainname
nltest /dsgetdc:domainname

Queries the local server for a healthy secure channel to
a domain controller
nltest /query
Queries for a list of backup domain controllers in
DomainName and displays
their state of synchronization and replication status
nltest /bdc_query:DomainName

Gets the name of the parent domain of this computer
nltest /parentdomain

Hope this helps someone...
-----Original Message-----
I am trying to troubleshoot an application that allows or
disallows accesss based on domain authentication.

So I am trying to find out a way to verify the users
domain authentication actively. So, if the app is failing
I want to determine, if the "Domain Tickets lifetime" ran
out, or if the user lost domain priveliges somehow.

My though was to find the commands that could verify the
domain authentication. Then test using the command at the
point of failure to determine the problem.

Thank you for any assistance you can offer.

-----Original Message-----
What is it you're trying to do/troubleshoot?

Michael said:
Thank You very much, for the information.

I beleive an environment variable is set at login, by a
program, or script.
If somehow, I lost my authentication to the domain (Maybe
my ticket expired ) I would expect that my logon server
environment variable would remain. Is this true?
(I am trying to test this now)

Along this line of thinking, I beleive that the DC has
a "lifetime for user ticket" setting. Where is this ticket
stored, on the PC, or on the DC? And how would I verify
its is currently valid?


-----Original Message-----
To determine if a particular machine is using a DC to logon use the
following command while logged onto that machine at the command
prompt. set logonserver
You should get something back like the following
LOGONSERVER=\\MYDC

IBTerry [MSFT]
This posting is provided "AS IS" with no warranties, and confers no
rights.



.
Click to expand...


.
Click to expand...
.
Click to expand...
 
Back
Top