How To Force Users To Log On To The Domain?

by [Published on 3 Sept. 2008 / Last Updated on 8 July 2008]

This article explains a mechanism you can use to force client computers to log on to the domain.

Generally, if client computers are not able to contact a domain controller, they will be logged on to the local computer using their cached credentials stored at the registry. You can delete the Cached Credentials to force them to log on the domain: 

This mechanism is very useful in the following scenario:

  • When you are doing capacity planning to add an additional domain controller and want all the users to log on the domain.
  • When you want users to update their LastLogonTimeStamp value in the domain.
  • When you want to apply an urgent Group Policy setting.

To delete the Cached Credentials:

  • Open a Command Prompt
  • Run "Psexec.exe -s -i regedit.exe" without quotes
  • Navigate to HKLM\SECURITY\Cache
  • Delete all NL$1 through NL$10

See Also

The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP and was awarded the Microsoft MVP award in Directory Services and Windows Networking. He specializes in Microsoft Azure, Office 365, Directory Services, Failover Clusters, Hyper-V, PowerShell Scripting and System Center products. Nirmal has been involved with Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites and contributing to PowerShell-based Dynamic Packs for www.ITDynamicPacks.Net solutions.

Featured Links