Can not login with domain account when computer is disconnected

mahmoud azletni 11 Reputation points
2021-10-25T09:21:07.677+00:00

dears

we have a company that works with Microsoft environment we have active directory and domain controller

these days some of users they can't use there laptops out of office until they connect the laptops to vpn via local account user , after that they sign in using domain account

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,419 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
11,935 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,727 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Gary Reynolds 9,376 Reputation points
    2021-10-25T09:49:58.087+00:00

    Hi @mahmoud azletni

    There is a GPO setting that allows you to define the maximum number of cached credentials that are stored on the machine. Cached credentials allows a user to logon with their domain credentials when not connected to the corporate network. Review this article for more details.

    https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available

    Gary.


  2. Limitless Technology 39,301 Reputation points
    2021-10-26T09:53:16.857+00:00

    Hi there,

    Try removing the computer from the domain, re-join the domain, this will retain all custom configurations.

    Additionally, try this too

    Computer Configuration > Policies > Administrative Templates > System > Group Policy > "Configure Group Policy Caching" policy setting.

    Enable this "Configure Group policy caching". This will allow your laptops to log in to your DC using a cached profile with the same DC credential, even your DC is not reachable.

    Also, try,
    Computer Configuration > Windows settings > Security settings > Local Policies > Security Options > Interactive Logon : Number of previous logons to cache ( in case domain controller is not available )
    Enable Define this policy settings and set 10 logons cache count.


    --If the reply is helpful, please Upvote and Accept it as an answer--