User Account Types

Microsoft® Windows® 2000 Scripting Guide

microsoft windows 2000 scripting guide

« Previous | Next »   

In most cases, a user account is created so that a person or a program, such as a service, can log on to a computer or a domain. To access resources in an Active Directory forest, each user or application must have an account in Active Directory. Domain controllers running Windows 2000 use accounts to verify that the user or application has permission to use a resource.

Active Directory defines two types of user account objects: User and Contact.

User Account

The User account is the primary Active Directory object type used to represent users. Users can be people who log on to the network or services that must log on in order to run. An Active Directory User account is a security principal that the Windows 2000 security subsystem recognizes.

When a user logs on to the domain, the domain controller verifies the user s password by comparing it with the corresponding user account object in the Active Directory database. If the password presented matches the password stored in the corresponding Active Directory user account object, the domain controller produces an access token, which is subsequently used to verify access to computing resources throughout the forest.

Contact Account

The Contact user account object type is used to represent human users for address book, distribution list, and e-mail purposes; however, a contact account is not a security principal. A Contact account has no security context and therefore cannot be used to log on to a domain or to control access to computing resources.


send us your feedback Send us your feedback « Previous | Next »   


Microsoft Windows 2000 Scripting Guide(c) Automating System Administration 2003
Microsoft Windows 2000 Scripting Guide(c) Automating System Administration 2003
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 635

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net