Link to home
Avatar of roy_batty
roy_battyFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Removing DC. How long can users log in?

I want to remove the one and only domain controller from a single server environment.

The server is only used for authenticating users.
How long will users be able to continue to login and use their Windows 10 PCs using their current credentials?
ASKER CERTIFIED SOLUTION
Avatar of Hayes Jupe
Hayes Jupe
Flag of Australia image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Read this MS statement about cached logon information...
https://docs.microsoft.com/en-us/troubleshoot/windows-server/user-profiles-and-logon/cached-domain-logon-information

So, it doesn't depend on a time value but rather on the logon attempts.
So theoretically, for ever, if you leave the machine running.

If you want avoid this, you should first disable the caching vie GPO.


If Group Policy has been set up to force systems to not cache credentials then full stop when no DC is present or local user if required.

The default is to cache so users can log on to their machines locally even when disconnected and the password expiry wall goes by. They will still be able to log on until they plug in to the network.