Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In this use case, a user successfully logs on to a domain by using an RODC, after which the associated last-logon time value is updated in the lastLogonTimeStamp attribute of the user account.
Goal
When the user successfully logs on, the lastLogonTimeStamp attribute of the user account is updated in the directory.
Context of Use
This use case is used by an RODC to communicate the user's latest lastLogonTimeStamp to the DC whenever the user logs on to the domain. The lastLogonTimeStamp attribute represents the time when the user successfully logged on to the domain. This use case is used in scenarios where the client application is connecting to an RODC for directory services.
Figure 19: Use case diagram for a last-logon time value update by using an RODC
Actors
Client application
The client application is the primary actor. The user is trying to log on to the domain by using the client application. It is the entity that initiates authentication operations to access a resource in the directory.
RODC
The RODC is a read-only domain controller. It is the supporting actor to which the client application is connected in order to authenticate the user.
DC
The DC is a domain controller in the domain. It is the supporting actor that contains a writable replica of the naming context in which the user account is present.
Stakeholders
User
The user is the person whose account is being updated with a last-logon time value.
Directory
The directory is the entity that contains user accounts and logon details of the user.
Preconditions
The system-wide preconditions described in section 2.6 are satisfied. The Active Directory system completes initialization, as described in section 2.6.
The client application has connectivity to an RODC to which it can establish a connection (if it is not already connected) and send the request.
The account that the user uses for the logon is present in the directory.
The RODC is configured to allow caching of the account credentials of a user.
Main Success Scenario
Trigger: The user enters the credentials needed to log on to the client.
The client application establishes a connection to the RODC. Windows Authentication Services that is present in the RODC uses the supplied credentials to authenticate the user ([MS-AUTHSOD] section 2).
The RODC verifies that the credentials supplied by the client application have the necessary access-control rights to complete the operation ([MS-ADTS] section 5.1.3).
If the user is successfully authenticated, the RODC sends a success response to the client application.
On successful verification of step 3, the RODC sends a LogonTimeStampUpdatesForward request ([MS-SAMS] section 3.2.4.6) to the DC.
The DC updates the lastLogonTimeStamp attribute of the user account and sends a response.
Postcondition
The user account's lastLogonTimeStamp attribute is updated to reflect the user's last logon time.