Name

domain user account

Synopsis

A user account that lets a user log on to a domain and access shared network resources.

Description

Domain user accounts are user accounts that are domain-wide in scope and stored within Active Directory for that domain. This is in contrast to local user accounts that are valid only on the computer on which they are defined. Domain user accounts are created by administrators on domain controllers.

Authentication of a domain user account works as follows:

  • The user provides her credentials to log on to the network and her client computer forwards the credentials to Active Directory on the first available domain controller.

  • The domain controller compares the user’s credentials with those stored for the user in Active Directory and determines whether to provide the user with access to the network.

  • If the user is to be granted access to the network, Active Directory provides an access token that specifies the permissions and rights that the user will have on the network.

Notes

  • Always use domain user accounts for users in domain-based Windows 2000 networks if you want users to have access to shared resources on the network (which is generally the purpose of having a network).

  • Domain user accounts are internally identified within Active Directory by their security identifier or SID. If you delete an account and create a new account with the same name, it will have a different SID than the deleted account had.

  • Domain user accounts are created by default within the ...

Get Windows 2000 Administration in a Nutshell now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.