This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 73%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBD%3C/text%3E%3C/svg%3E)
Hello,
We want people who took their laptops and PCs home to still use AD login. We don't want Azure. Is it possible to sync them? If not can we manually edit the registry of their PC so their PW for AD is in the same as their on prem AD PW.
To be clear, their PC was on premise and joined to the domain. We did not remove it from the domain when they took it home. We are trying to avoid moving them to a new local profile on their PC. Everyone is running Win 10 x64. Our on prem AD server is 2012 R2.
For anyone with this environment, what we did was had them connect with their VPN client while they were remote, then we changed their AD account, locked the computer and unlocked with the new AD password and it worked fine.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 19%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
This worked perfectly for me. Thanks!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Hi,
Users can use cached credentials for AD login.
Make sure the group policy for : Interactive logon: Number of previous logons to cache (in case domain controller is not available) under the path: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
This determines how many credentials can be cached .
Once users can't connect to domain, the cached credentials will be used .
But if the password changed on the DC when the computers disconnected, the computers will not receive the new password.
If you want the users to use the new password , the computers need to connect to the domain and login again to cache the new password.
If users disconnect to the domain all the time, it will continue to use the old password.
For more information, you can refer to:
Interactive logon: Number of previous logons to cache
Network access: Do not allow storage of passwords and credentials for network authentication
Best Regards,
Thanks - that is the issue. They are not on site - probably won't be for months. We do want them to use the new AD password however the only way they connect to AD is through VPN through our firewall after they've logged in.
Hi,
Yes, for the premise AD , the clients need to connect to the DC to refresh to new password .
Best Regards,
Fan