Generally, if client computers are not able to contact a domain controller, they will be logged on to the local computer using their cached credentials stored at the registry. You can delete the Cached Credentials to force them to log on the domain:
This mechanism is very useful in the following scenario:
- When you are doing capacity planning to add an additional domain controller and want all the users to log on the domain.
- When you want users to update their LastLogonTimeStamp value in the domain.
- When you want to apply an urgent Group Policy setting.
To delete the Cached Credentials:
- Open a Command Prompt
- Run "Psexec.exe -s -i regedit.exe" without quotes
- Navigate to HKLM\SECURITY\Cache
- Delete all NL$1 through NL$10