What changes are applied to a client when it joins an AD domain?
How is a domain member supposed to behave when disconnected to the network? Are users able to login? Will domain user policies still apply when off network?
If you know of a comprehensive resource that provides a comprehensive introduction to Active Directory, please post them.
Thanks
Best Answer
The reason you can still login is because your account is cached on the computer. It is in fact supposed to work that way. Otherwise you'd never be able to use a laptop off the network without having a local account on it. Which in an enterprise would be a nightmare.
When you log into the domain the first time a bunch of information about your account and it's privileges along with any Group Policy Objects (GPOs) get configured. That is why the first login takes so long.
Joining a computer to an AD domain creates an account in the domain for the computer. This allows the computer to exist as a controllable, configurable, authenticated, individual in the domain. This means you can force policies about everything from desktop appearance to windows updates to anything configurable in windows to the client, and it can be changed relative to the user logged into the client as well.
Here is Microsoft's documentation on how login works with 2003 technet article about login