"Spin" <S***@spin.com> wrote in message
news:441tmtF1q01rjU1@individual.net...
> When a user logs onto a workstation joined to an AD domain, the machine
> uses DNS to locate domain controllers in the users site, and the user then
> authenticates to the Active Directory instance on the domain controller
> DNS sent him to.  Kerberos does this authentication, and LDAP is not
> involved in this situation at all?  Or is at least not the most prominent
> protocol in this series of events?
>
> --
> Spin
>
>

"Al Mulnick" <amulnick_No_SPAM@ncDOTrr.com> wrote in message
news:OKPdIYFJGHA.2900@TK2MSFTNGP14.phx.gbl...
> LDAP is not an authentication protocol.  LDAP is a directory access
> protocol (DAP, but that was designed for use with X.500 directories.  LDAP
> is a "lightweight" version of that protocol).
>
> Kerberos is an authentication protocol and DNS is a directory access
> protocol/system. All three are in use during a normal logon.
>
> What makes you ask? Or does this answer your question?
>
> Al
>
> "Spin" <S***@spin.com> wrote in message
> news:441tmtF1q01rjU1@individual.net...
>> When a user logs onto a workstation joined to an AD domain, the machine
>> uses DNS to locate domain controllers in the users site, and the user
>> then authenticates to the Active Directory instance on the domain
>> controller DNS sent him to.  Kerberos does this authentication, and LDAP
>> is not involved in this situation at all?  Or is at least not the most
>> prominent protocol in this series of events?
>>
>> --
>> Spin
>>
>>
>
>

"Spin" <S***@spin.com> wrote in message news:442f2cF2ic2U1@individual.net...
> Thank you for your reply.  It *un-muddles* me a bit, but still doesn't
> answer my question of whether LDAP is involved in the logon process.  Your
> answer implies that it does not, and I am willing to accept that, provided
> no one else jumps in on this thread and proves us both wrong.  :-)
>
> --
> Spin
>
> "Al Mulnick" <amulnick_No_SPAM@ncDOTrr.com> wrote in message
> news:OKPdIYFJGHA.2900@TK2MSFTNGP14.phx.gbl...
>> LDAP is not an authentication protocol.  LDAP is a directory access
>> protocol (DAP, but that was designed for use with X.500 directories.
>> LDAP is a "lightweight" version of that protocol).
>>
>> Kerberos is an authentication protocol and DNS is a directory access
>> protocol/system. All three are in use during a normal logon.
>>
>> What makes you ask? Or does this answer your question?
>>
>> Al
>>
>> "Spin" <S***@spin.com> wrote in message
>> news:441tmtF1q01rjU1@individual.net...
>>> When a user logs onto a workstation joined to an AD domain, the machine
>>> uses DNS to locate domain controllers in the users site, and the user
>>> then authenticates to the Active Directory instance on the domain
>>> controller DNS sent him to.  Kerberos does this authentication, and LDAP
>>> is not involved in this situation at all?  Or is at least not the most
>>> prominent protocol in this series of events?
>>>
>>> --
>>> Spin
>>>
>>>
>>
>>
>
>

"Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com> wrote
in message news:ONtJjiGJGHA.1124@TK2MSFTNGP10.phx.gbl...
> LDAP is not involved in the logon process.  The best way to understand
> what happens is to use a packet sniffer.  Perhaps you could hook up a
> machine via a hub and capture some packets while another machine logs on?
> Look for port 389 access to the domain controller if you are checking for
> LDAP.  Kerberos is 88, etc.  There is no better way to understand what
> happens on the wire than to do some packet sniffing.
>
> Note that as I said before, this does not include any LDAP code in logon
> scripts and such.  We are just talking about the actual logon.

> LDAP is not involved in the logon process.  The best way to understand what
> happens is to use a packet sniffer.  Perhaps you could hook up a machine via
> a hub and capture some packets while another machine logs on?  Look for port
> 389 access to the domain controller if you are checking for LDAP.  Kerberos
> is 88, etc.  There is no better way to understand what happens on the wire
> than to do some packet sniffing.
>
> Note that as I said before, this does not include any LDAP code in logon
> scripts and such.  We are just talking about the actual logon.
>
> Joe K.
>
> "Spin" <S***@spin.com> wrote in message news:442f2cF2ic2U1@individual.net...
>> Thank you for your reply.  It *un-muddles* me a bit, but still doesn't
>> answer my question of whether LDAP is involved in the logon process.  Your
>> answer implies that it does not, and I am willing to accept that, provided
>> no one else jumps in on this thread and proves us both wrong.  :-)
>>
>> --
>> Spin
>>
>> "Al Mulnick" <amulnick_No_SPAM@ncDOTrr.com> wrote in message
>> news:OKPdIYFJGHA.2900@TK2MSFTNGP14.phx.gbl...
>>> LDAP is not an authentication protocol.  LDAP is a directory access
>>> protocol (DAP, but that was designed for use with X.500 directories.
>>> LDAP is a "lightweight" version of that protocol).
>>>
>>> Kerberos is an authentication protocol and DNS is a directory access
>>> protocol/system. All three are in use during a normal logon.
>>>
>>> What makes you ask? Or does this answer your question?
>>>
>>> Al
>>>
>>> "Spin" <S***@spin.com> wrote in message
>>> news:441tmtF1q01rjU1@individual.net...
>>>> When a user logs onto a workstation joined to an AD domain, the machine
>>>> uses DNS to locate domain controllers in the users site, and the user
>>>> then authenticates to the Active Directory instance on the domain
>>>> controller DNS sent him to.  Kerberos does this authentication, and LDAP
>>>> is not involved in this situation at all?  Or is at least not the most
>>>> prominent protocol in this series of events?
>>>>
>>>> --
>>>> Spin
>>>>
>>>>
>>>
>>
>
>