After I implement solution from a closed question ( http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28120593.html
), I met a problem.
For every user I edited the setting "Active Directory Account Setting - Logon On To - This user can logon to - Computer name") by giving his computer NetBios name to provide a user can not logon another computer in domain.
when I did this, users could not use mail system and other active directory authenticated applications.
Could I solve this?