THE INFORMATION IN THIS ARTICLE APPLIES TO:
- EFT Server (All Versions)
QUESTION
How does EFT Server’s NTLM and AD authentication manager authenticate against the directory server?
ANSWER
EFT Server invokes "LogonUser()" to authenticate against the specific domain.
(Ref: http://msdn2.microsoft.com/en-us/library/aa378184.aspx)
EFT Server supplies a value of "LOGON32_PROVIDER_DEFAULT," meaning that the Server uses the negotiated provider that the EFT Server computer has determined appropriate based upon its place in the domain hierarchy. It is up to the domain controller to dictate the security provider policy.
The core difference between EFT Server's AD and NTLM providers is the way in which EFT Server queries the control to obtain a list of users, not how it authenticates.
So "NTLM" is an older version of querying users, using the "Network Management Functions; while "AD" uses ADSI -- Active Directory Services Interface.