NT user authentication

[Andrej Borsenkow]

I got this from a book on NT networking. Can anybody please comment on this?
This describes, how member of NT domain verifies remote logon request

1. check (domain,user) with DC. If O.K. log user on as (domain,user)
2. check user against local user database. If O.K., log on as local user
3. if guest is allowed, log on as guest
4. deny request

I am somewhay uneasy about 2 ...

thank you

/andrej