Active Directory and NTLM Authentication

I'm writing an IIS Application, which manages AD users. For this purpose I've configu开发者_StackOverflow中文版red site to use Negotiate AuthenticationProvider, and everything works.

I wonder, is NTLM suitable for operations with Active Directory (such as creating user accounts)?

Or AD accepts only Kerberos authentication?

NTLM should work fine, Kerberos is the latest technology n it is recommended to use Kerberos. From WIN2K onwards Kerberos is the default authentication mechanism use by Microsoft for AD.