AuthLite Interactive Documentation
Quick Start: Install and protect Domain Admins AuthLite Features Supported Tokens Installation and Upgrading Configuration Token Management How to Log In

AuthLite runs as an authentication service in the DCs to assist with domain authentication.  There is not any way to restrict what DC domain clients will choose, therefore you must install the software on every DC that could be used to authenticate AuthLite users.

AuthLite uses an Application Partition to store and distribute its user data.  By default, each DC where you install AuthLite will be registered to host a replica of the data partition.

Read-only DCs

AuthLite can function on RODCs, but because it uses one-time passcodes, at each successful logon the RODC must update OTP counter attributes on a writeable DC.  The necessary configuration and permissions to allow this RODC-to-WDC access are applied automatically.

If you have network or firewall constraints that prevent the RODC from being able to reach a RWDC over LDAP, AuthLite will not be able to function.

"Core" (command-line mode) DCs

AuthLite supports server Core. The token manager application will not be able to import/export records, because that feature requires the Explorer components. But you can simply use a management server/workstation.