When using authentication models other then Active Directory, obviously a user account needs to be created beforehand in order to grant access to the system.
When you are using Active Directory authentication, two choices are offered to you:
1.You can choose to create the user account manually, just as with the other authentication models; or
2.Enable Automatic Account Creation, and let Devolutions Server create user accounts as soon as they are authenticated by the domain you've linked the instance to.
After the account is created, rights and permissions are assigned either manually to the user account, or through membership in AD groups for which you have created a role mapping.
User accounts created by the server have no rights other then logging on the system. They will be able to see and edit the objects that have no security defined. You must ensure that all sessions are protected, typically this is achieved by ensuring that all root level folders have a security group assigned to them.
Depending on the authentication mode used, the user name may be prefixed by the domain name, and the exact naming convention is controlled by the domain. For instance, for a WINDJAMMER domain that is registered as windjammer.loc, we have no way of knowing beforehand what form will be reported by the AD services. It is recommended to always enable both Devolutions Server authentication initially and create an Administrator account for the initial phase of implementation.