NetBIOS vs. Active Directory - Common Use Cases
Generally, Active Directory records are preferred over NetBIOS because of the way cross-domain setups interact with name mapping. With NetBIOS records there are more situations in which the Kerberos protocol cannot be used. We support manually configured cross-domain setups with NetBIOS and Active Directory.
|
Use Case |
Domain type |
Domain name |
User name |
Follow trust relationships |
|
IP-based authentication |
NetBIOS, User-Selected IPs |
DOMAIN |
USER |
- |
|
Host-based authentication |
NetBIOS, Service-Selected IPs |
DOMAIN |
USER |
- |
|
Service-based auth for NTLM (no Kerberos available) no trust relationships We'll try to upgrade this to Kerberos if "DOMAIN" can be mapped to "domain.foo.com". |
NetBIOS, Service-Selected IPs |
DOMAIN |
USER |
- |
|
Service-based auth for NTLM (no Kerberos available) with manually configured trusts This cannot be upgraded to Kerberos. |
NetBIOS, Service-Selected IPs |
TARGETDOMAIN |
USERDOMAIN\USER |
- |
|
Service-based auth for Kerberos no trust relationships This always tries Kerberos first. |
Active Directory |
domain.foo.com |
USER |
OFF |
|
Service-based auth for Kerberos with manually configured trusts This always tries Kerberos first. Recommended for Enterprise organizations for cross-domain authentication. |
Active Directory |
targetdomain.foo.com |
OFF |
|
|
Service-based auth for Kerberos with automatic trust discovery ONLY recommended for Small to Midsize Businesses. |
Active Directory |
userdomain.foo.com |
USER |
ON |