NetBIOS vs. Active Directory - Common Use Cases

Generally, Active Directory records are preferred over NetBIOS because of the way cross-domain setups interact with name mapping. With NetBIOS records there are more situations in which the Kerberos protocol cannot be used. We support manually configured cross-domain setups with NetBIOS and Active Directory.

 

Use Case

Domain type

Domain name

User name

Follow trust relationships

IP-based authentication

NetBIOS, User-Selected IPs

DOMAIN

USER

-

Host-based authentication

NetBIOS, Service-Selected IPs

DOMAIN

USER

-

Service-based auth for NTLM (no Kerberos available)

 

no trust relationships

 

We'll try to upgrade this to Kerberos if "DOMAIN" can be mapped to "domain.foo.com".

NetBIOS, Service-Selected IPs

DOMAIN

USER

-

Service-based auth for NTLM (no Kerberos available)

 

with manually configured trusts

 

This cannot be upgraded to Kerberos.

NetBIOS, Service-Selected IPs

TARGETDOMAIN

USERDOMAIN\USER

-

Service-based auth for Kerberos

 

no trust relationships

 

This always tries Kerberos first.

Active Directory

domain.foo.com

USER

OFF

Service-based auth for Kerberos

 

with manually configured trusts

 

This always tries Kerberos first. Recommended for Enterprise organizations for cross-domain authentication.

Active Directory

targetdomain.foo.com

USER@userdomain.foo.com

OFF

Service-based auth for Kerberos

 

with automatic trust discovery

 

ONLY recommended for Small to Midsize Businesses.

Active Directory

userdomain.foo.com

USER

ON