Upon user login, username and users affiliation is queried against existing AD database. This is done using the specified ACTIVE_DIRECTORY_AUTH_USER (query-user) which serves as a proxy and queries the entered information against the existing database.
If the user exists in the AD, information about user groups and affiliation is transferred to Digizuite™ DAM Center and paired against groups marked as active AD groups, based on "Active Directory Group Name". If a match can be found, user is paired and allocated with groups in the Digizuite™ DAM Center similar to those in the AD-database.
Note: If the user is removed from existing AD groups, this will be reflected inside the Digizuite™ DAM Center.
1.1 Important – Especially for Windows Server 2008
Windows Authentication will not work unless the following registry changes are made:
- Click Start, click Run, type regedit, and then click OK.
- In Registry Editor, locate and then click the following registry key: _HKEY_LOCAL_MACHINE \ SYSTEM _ CurrentControlSet _\ Control _ Lsa
- Right-click Lsa, point to New, and then click DWORD Value.
- Type DisableLoopbackCheck, and then press Enter.
- Right-click DisableLoopbackCheck, and then click Modify.
- In the Value data box, type 1, and then click OK.
- Quit Registry Editor, and then restart server.
Read more: http://www.information-worker.nl/2009/06/23/disableloopbackcheck-on-windows-server-2008/