Domain logins outside of the domain, how long before they can't login anymore?

We are looking into moving to a AD setup and are trying to do some preplanning,

We have quite a few laptops that field techs use, if we join them to the domain, how long does it continue to work? They take these machines home/leave them in the vans. They don't need anything on the domain, they are just used to diagnose the vehicle, and have manuals on them. Should we not join them to the domain and leave them as is?

From what I have read, it seems to vary from it works a week, it works till x number of logins, or it works as long as you have the gp tell it it can cache the credentials?

It'll work fine. AD users can login even if the computer can not connect to the DC. The only time it matters is when adding the machine to the domain. While it is true that this doesn't work forever, I would think you see these machines at least once a month to run updates and do other system maintenance. As long as you login when you're doing that, they'll be fine.

lol, wow, where do you work? This sounds exactly like part of our setup / situation.

Be aware of your email / exchange setup. We moved to O365 hybrid situation and set it up to where these users will still be able to use their email even after their password expires, but only if they have not connected back to the domain yet. Additionally, you could set up a Citrix portal for them to change their expired passwords.

Domain users will have to login once before you disconnect them, it creates a profile. Keep that in mind.

We don't use exchange, I'm also just the assistance sysadmin, so I don't know how everything works yet here. we use something called icewarp, idk what runs it. To be honest the password security here is uh nonexistent(really really really bad) for the machines. and the users RDS. It is going to be a huge change for the users. I really hope my uh guess you could call him boss, does have us move to ad, he's got a lot of shit on his plate, only it guy for several locations, few hundred workstations, several applications we use he wrote and has to keep up. Computer management currently is pretty much non existent.

@Ethereal Yep, we/I am in the process of learning all of the setup stuff that will be needed for us to change over to AD. We would have to go around and add everything to the domain. Not sure how he wants to handle the field techs and their laptop accounts. Right now they are all local users all the same name and password.

If you have VPN licenses you could do all this remotely. Just a heads up if you're interested in saving time / money. But it would take cooperation from the end users.

Security cringe.

Pretty much. lol (not laughing matter) when I was hired they like heres your email password...i was just like.. your fucking joking right?

1 Like

Your company will never get / keep large contracts if this continues to be a practice. Any sort of audit will destroy any relationship you wish to build / keep with any other company. You also put your company / clients at risk and with IT becoming more and more legally responsible for hacks, I'd be a little weary if I were you. I'm assuming you know this by your comments, but how you point these issues out to your boss? Good luck. Try to do so tactfully and perhaps in a traceable email.

Yea, this place is run more like a family then a business, no internal voice mails, they expect you to discuss matters face to face. current building is like 140 people.(company is larger but that's this building) I currently don't have access to much of anything, I was hired to help take some of the load off the used to be one man shop, but haven't had anything really delegated to me other than to learn some programing. Which I have, and asked for projects but right now he's trying to move the servers to 2012 r2 and handle other user issues, some of them I handle. I helped move them from xp to seven and in the future 10. At some point I will help run cat5e so we can get to gigabit, most of the building is on cat3.

This is why I want us to go to AD so that I can manage things like the computers, users, and files, with his assistance. Then he can manage the programming and whatever other things he does.