在实现了广告。该支持SDL Tridion CMS MMC控制台没有任何AD-LDAP集成（没有同步或任何东西）。只是一个普通的安装。 这意味着，用户在AD中创建，然后在CMS手动添加和CME给出的权利/访问。 当我们添加我们只是提供域名，用户在GUI和CMS进入并获取所有用户。现在，我们不提供任何AD-LDAP服务器的任何配置或引用任何地方上面的设置。 如果一个域My_Domain有20个AD服务器将如何外表套上知道挑选为此新用户（My_Domain的一部分）的广告被添加？或者如果再现有用户登录怎么做外表套上知道去哪个AD服务器上查找（如果有20 AD-LDAP服务器的特定领域可能会有）？ 解决方案

没关系，我们可以忘记LDAP现在，因为你没有配置。外表套上将使用标准的Windows身份验证通过NTLM / Kerberos的。

答案是外表套上不知道或关心使用的服务器。这个任务委托给IIS，这反过来将使用任何服务器上的Windows操作系统告诉它。

你可能会更好过问这个问题到Windows Server组，而忘记了它的外表套上的一部分。当使用Windows身份验证外表套上将仅仅依靠标准的IIS来对付它。

Implementation has AD. The SDL Tridion CMS MMC console DOES NOT have any AD-LDAP integration (no sync or anything). Just a plain vanilla install. This means users are created in AD, then manually added in CMS and given rights/access in CME. When we add a user we just provide the Domain name in the GUI and the CMS goes and fetches all the users. Now we do not provide any configuration or reference to any AD-LDAP server anywhere for above setup. If a domain "My_Domain" has 20 AD servers then how does Tridion knows which AD to pick for this new user (part of "My_Domain") to be added? OR if an existing user logs in then how does Tridion knows which AD server to go for look up (if there are 20 AD-LDAP servers a particular domain may have)?

解决方案

OK, we can forget LDAP for now, since you didn't configure it. Tridion will use standard Windows authentication over NTLM/Kerberos.

The answer is that Tridion doesn't know or cares which server to use. This task is delegated to IIS, which in turn will use whatever server the Windows OS tells it to.

You're probably better off asking this question to a Windows Server group, and forgetting the Tridion part of it. When using Windows authentication Tridion will just rely on standard IIS to deal with it.