Scenario:
- While my DC is running, I log into an arbitrary machine.
- I stop the DC
- I log off the arbitrary machine. Let's bounce it for good measure, too.
- When the machine comes back up, I can still login with my domain credentials even though DC is down
Why and how?
Is there some sort of local credential cache in play on the "arbitrary" machine? My password was somehow hashed and stored for the future in CASE the DC blows up or is down?
Would the same process work if I attempted to login to a box that I had never logged into before while the DC is down?
Best Answer
By default, Windows will cache the last 10-25 users to log into a machine (depending on OS version). This behavior is configurable via GPO and is commonly turned off completely in instances where security is critical.
If you tried to log into a workstation or member server that you had never logged into while all of your DCs are unreachable, you would get an error stating
There are currently no logon servers available to service the logon request