17.0 Understanding AES Encryption for Communication

The AD 2003 level in DSfW used ARCFOUR encryption for communication between Workstations and domain controllers. After the domain upgrade, the encryption also gets upgraded to AES. AES encryption is more secure when compared with ARCFOUR based encryption. The following communications are based on AES in the upgraded server:

  • Kerberos AS and TGS requests

  • SMB setup connection

  • LDAP SASL bind and other requests

  • Dcerpc bind and other requests

For information on how to create AES 256-Bit Tree key, see Creating an AES 256-Bit Tree Key in the NICI Administration Guide.