We help IT Professionals succeed at work.

Binding an AD User Account to a Desktop

Hello Experts,

Is there any way for Binding an AD User Account to a desktop in the AD Domain.My requirement is that each user should only be able to Login his/her machine in the Corporate Domain....

Awaiting your valuable suggestions.

Anoop Sudheer
Watch Question

You can restrict the users' ability to log into a set of predefined computers by opening a user object in AD, clicking on the 'Account' tab and clicking the 'Log On To' button

In ADUC Double click the user you want to restrict. This will open the
properties page for that user.

Now, click on the button labeled "Logon To" at the bottom, in the
center of the row of butotns.

In the resulting window, click the radio button labeled "User May
Logon To These Workstations".

In the fields below, enter 1 or more workstations that you want to
limit the user to.

Click Ok, then Ok again.

You are done! The user will not be able to log on to unauthorized
Also you can use this
LimitLogin - Tool to limit and monitor concurrent logins in a domain
A couple of people in the past have asked how to prevent users from logging more than 1 time (or x number of times) on different devices across the network. I stumbled accross this tool which seems like it does exactly that better than the old CConnect.exe (also some other nice features):

LimitLogin v1.0
 LimitLogin is an application that adds the ability to limit concurrent user logins in an Active Directory domain. It can also keep track of all logins information in Active Directory domains.

LimitLogin capabilities include:

Limiting the number of logins per user from any machine in the domain, including Terminal Server sessions.

Displaying the logins information of any user in the domain according to a specific criterion (e.g. all the logged-on sessions to a specific client machine or Domain Controller, or all the machines a certain user is currently logged on to).

·         Easy management and configuration by integrating to the Active Directory MMC snap-ins.

·         Ability to delete and log off user session remotely straight from the Active Directory Users and Computers MMC snap-in.

·         Generating Login information reports in CSV (Excel) and XML formats.

LimitLogin grants System Administrators, Help Desk staff or any other IT-related personnel the ability to quickly query for any user logged on to the domain and view the machines they’re currently logged on to, while enabling the above list of features and management tasks to be performed on those user sessions.