I have installed and enabled the ActiveDirectoryProvider 1.0.4.  I have disabled the normal login dialog.

If I have configured forms authentication mode for DotNetNuke, then when a new user visits the site, the user is are eventually presented with the Login page, and the user can login using their Windows Active Directory credentials.  This will automatically add a user by the name of DOMAIN\username to the portal and log them in successfully.

However, if I have configured Windows authentication mode, then when a new user visits the site, the user's credentials get authenticated, but they do not get added to DNN.  This creates an infinite loop as the user's credentials are correctly checked against active directory, but when they try to visit the home page (for registered users only) they get redirected back to the login page.  The login page recognizes the user is valid, and redirects back to the home page.  Do I need to make WindowsSignin.aspx the home page somehow?  What is the proper way to get the user to be registered?

Thanks.

That seems to do what I want.  There is one thing that I am surprised by though.  I am using a third party single sign on method that grants a user a Kerberos Token.  I have a user called "user a" in my active directory domain "DOMAIN".  If I log in using "usera" with usera's password, then the method you described automatically logs in and registers "usera".  If I logout of DNN, however, the only way I can log back in is with either "DOMAIN/usera" or "usera@DOMAIN".  Both cases create a distinct username in DotNetNuke.  Do you have any recommendations for restricting the canonical name of a user?

(The Windows mode uses DOMAIN\usera login.)

Maybe I can configure DNN to enforce a "username@DOMAIN" format for usernames?