Step 8 — Test Authentication
In this step, you will verify that Active Directory is working correctly by logging into the client as a domain user.
This confirms that identity, authentication, group membership, and DNS are all functioning end-to-end.
A successful domain login proves that the client can locate a domain controller, authenticate the user, build a security token, and apply group membership — all core Active Directory functions.
1. Log Into the Client as a Domain User
- On the client VM login screen, select Other user
- Log in using a domain account (for example:
LAB\ajohnson) - Enter the password you set earlier
- Complete the login
The first login may take longer while the user profile is created.
2. Verify Login Success
- The desktop loads successfully
- No local account is used
- The session is authenticated against the domain
3. Verify the User in Active Directory
On the domain controller:
- Open Active Directory Users and Computers
- Navigate to
_Branches → Houston → Users - Confirm the user account exists and is enabled
4. Verify Group Membership from the Client
On the client VM, open a command prompt and run:
whoami /groups
Review the output and confirm the user is a member of the expected security group (Helpdesk, Accounting, or ITSupport).
What This Command Proves
- The user received a valid Kerberos access token
- Group membership was evaluated at logon
- Authorization decisions can now be made
This command is commonly used by administrators when troubleshooting access and permission issues.
Common Issues and What They Mean
- Login fails immediately → DNS or domain join issue
- Login works but groups are missing → group membership or token issue
- User logs in locally → incorrect username format
- Group changes not reflected → user must log out and back in
Success Criteria
- A domain user can log into the client successfully
- The user exists in the correct branch OU
- Expected group memberships appear in the token
If all of these are true, your Active Directory environment is working correctly.