There are different ways of getting data from Active Directory. One of them is that using PrincipalContext class which is a member of System.DirectoryServices namespace (Reference).
Here is a code sample to connect to Active Directory and query a user by using PrincipalContext.
I have recently worked on a case where questions about increasing the Kerberos ticket lifetime came up. Long story short: There are security concerns about increasing the lifetime of Kerberos tickets. Details are below.
After installing February 2019 updates to your Windows Server, the authentication in your web application may stop working. The users may experience a delay and then authentication error following the delay.
There is a known issue about these updates. You will find the root cause and solution for this issue.
There is a registry setting that instructs the web server and domain controller which version of NTLM to be used. If the web server and DC are trying to use versions that are incompatible with each other, NTLM authentication fails. Updates set the preference to “NTLMv2 only” (Registry value is 3) which may cause an issue if the DC is not supporting it.
For example: If DC (or client) is set to the value of 1 (Send LM, NTLM and prohibit NTLMv2) and the server is set to the value of 5 (Only accept NTLMv2), this issue may occur. Please see this article for the descriptions of each value.
