This is the process:
1. When the MCTS: Windows Vista requests access to a resource, a session ticket must be obtained. The TGT is returned to the KDC along with a fresh authenticator and a request for a specific resource.
2. The KDC checks the plain-text timestamp in the authenticator and rejects the request if the time difference between this stamp and its own clock is greater than the time skew. Otherwise, the inspection continues.
3. The KDC encrypts the plain-text timestamp using the user’s password hash from the account database and comparing it to the encrypted timestamp in the authenticator.
4. If there is a match, a session ticket is prepared and sent to the user. Part of the session ticket is encrypted using the password hash of the user’s machine account so that it can be read and stored by the user’s compute. Part of the session ticket is encrypted using the password hash of the computer account on which the service or resource resides that the user has requested access to. This allows that computer to know that the material is provided by the KDC. (Only the KDC could know its password.)
Best Microsoft MCTS Certification, Microsoft MCITP Training, and more at Certkingdom.com
5. The session ticket can be used to authenticate to the resource computer. Objects are either container objects or leaf objects. A container object stores other objects and occupies a specific level in a subtree hierarchy. A leaf object does not store other objects and occupies the endpoint of a subtree. When you attempt to Windows Vista exam locate objects in Active Directory, you enter criteria for the system to use in the search. These criteria must be previously included in the properties for the object when the object is created. This is why it is a best practice to complete all attributes that are important to your organization when you create Active Directory objects. The more attributes you include, the greater the flexibility when you search for objects.
There are three ways to locate Active Directory objects:
* Use the Find option on the Active Directory Users And Computers console.
* Use the Dsquery command.
* Using the Find Option
If an object is published and listed in Active Directory, you can locate it by using the Find option on the Active Directory Users And Computers console. The Find option enables you to search for users, contacts, groups, computers, printers, shared folders, OUs, remote installation servers, and remote installation clients. Find also provides the capability to build custom search queries and to perform common administrative queries for users, contacts, and groups. Using Find, you enter various search criteria free practice tests, which are used to create a Lightweight Directory Access Protocol (LDAP) query to search the global catalog to locate Active Directory objects.
Post your comments