If you decide to federate your ArcGIS Server with the Portal, you are allowing Portal to handle all of the authentication:
When you federate a server with your portal, the portal's security store controls all access to the server. This provides a convenient sign-on experience but also impacts how you access and administer the federated server. For example, when you federate, any users, roles, and permissions that you previously configured on ArcGIS Server services are no longer valid. Access to services is instead determined by portal members, roles, and sharing permissions. Before federating, review the information in Administer a federated server to learn more about how federating will impact your existing site.
So if a user attempted to access the Server directly, they would first be redirected to a Portal login page, then get passed along to the Server using a generated token after authentication.
If your portal is set to use AD authentication, your Server will also use AD authentication by proxy. You don't have to use built-in accounts at all.
As for your intent (putting non-Portal content on a hosting server), I assume you're talking about being able to add content to a server without going through the portal? If so, same concept. Users pushing content from desktop directly to the server will be prompted for their active directory credentials.
