How can I check if my Windows 10 or 11 PC is properly joined to a Domain Controller?


Frank15

Frank15

Member
Local time
8:26 PM
Posts
12
OS
Windows 11 Home
I noticed that,

1. Even if my Windows Sever 2019 domain controller is turned off, I can log into the domain, and the whoami command shows: domainName/computerName


2. Even if I’m logged in with a local account, the advanced System Properties applet shows that I’m logged into a domain (I wonder why):
1714506906704.png

How can I check that I’m logged in and properly connected to a domain controller?

Any insights much appreciated
 

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    Gigabyte B550M DS3H
Frank15 said:
the advanced System Properties applet shows that I’m logged into a domain
Click to expand...
This isnt what its showing. It is saying your machine is joined to a domain, has nothing to do with the user logged in status.

A local account can be logged into the domain as long as that user is in AD. So can a microsoft account.

Don't confuse the local and microsoft accounts from an AD account.

It really depends if you are using active directory or azure.
Frank15 said:
Even if my Windows Server 2019 domain controller is turned off,
Click to expand...
That is because the account is cached. When a pc cannot see the domain, it will let you log in with the last password and account info that was cached on the machine. If you were to delete that account from the pc and try to sign in with the account on the pc with the domain controller unavailable it will fail.

Frank15 said:
How can I check that I’m logged in and properly connected to a domain controller?
Click to expand...
At the logon screen, it will by default log into the domain once joined. You can see this by clicking on other user in the bottom left at the logon screen, and see it will say sign into: yourdomainnamehere for example. If you wanted to sign into the computer only, you can see an example by clicking on how do I sign into another domain? And you will see the text showing how to type in your computer name \local user name to sign in the machine without the domain. But again, you can only do this with a cached profile.

Also if the account is not logged into the domain, you will not be able to access network resources, such as mapped network drives or printers.
 
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell G15 5525
    CPU
    Ryzen 7 6800H
    Memory
    32 GB DDR5 4800mhz
    Graphics Card(s)
    RTX 3050 4GB Vram
    Screen Resolution
    1920 x 1080
    Hard Drives
    2TB Solidigm™ P41 Plus nvme
    Internet Speed
    800mbps down, 20 up
  • Operating System
    Windows 11
    Computer type
    Tablet
    Manufacturer/Model
    Lenovo ideapad flex 14API 2 in 1
    CPU
    Ryzen 5 3500u
    Motherboard
    LENOVO LNVNB161216 (FP5)
    Memory
    12GB DDR4
    Graphics card(s)
    AMD Radeon Vega 8 Graphics
    Hard Drives
    256 GB Samsung ssd nvme
andrew129260 said:
This isnt what its showing. It is saying your machine is joined to a domain, has nothing to do with the user logged in status.

A local account can be logged into the domain as long as that user is in AD. So can a microsoft account.

Don't confuse the local and microsoft accounts from an AD account.

It really depends if you are using active directory or azure.

That is because the account is cached. When a pc cannot see the domain, it will let you log in with the last password and account info that was cached on the machine. If you were to delete that account from the pc and try to sign in with the account on the pc with the domain controller unavailable it will fail.


At the logon screen, it will by default log into the domain once joined. You can see this by clicking on other user in the bottom left at the logon screen, and see it will say sign into: yourdomainnamehere for example. If you wanted to sign into the computer only, you can see an example by clicking on how do I sign into another domain? And you will see the text showing how to type in your computer name \local user name to sign in the machine without the domain. But again, you can only do this with a cached profile.

Also if the account is not logged into the domain, you will not be able to access network resources, such as mapped network drives or printers.
Click to expand...
Thanks a lot for the insights. But, how can I know that I'm properly connected to the domain controller? I mean: if the domain controller is offline or the dns settings on the Windows 10 client aren't pointing to the right name server for the domain, I can still log in like you said. Is there any command, or anything I can check in the graphical user interface, to make sure that I’m properly logged in and connected to the DC?
 

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    Gigabyte B550M DS3H
If you can ping the controller its likely you are authenticating when you sign in, if you cannot you are using cached creds
 

My Computer

System One

  • OS
    PE
It seems like I found a way:

To know that I'm properly connected and logged into a domain controller: use these two commands
- whoami: it should return domainname\username
- gpupdate /force: if it completes successfully, you know you're properly joined and logged in to the domain controller
 

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    Gigabyte B550M DS3H
Frank15 said:
Thanks a lot for the insights. But, how can I know that I'm properly connected to the domain controller? I mean: if the domain controller is offline or the dns settings on the Windows 10 client aren't pointing to the right name server for the domain, I can still log in like you said. Is there any command, or anything I can check in the graphical user interface, to make sure that I’m properly logged in and connected to the DC?
Click to expand...
The easiest way to know is if you have access to network resources, you're on the domain. If you do not, then you aren't.

However, there is this:

learn.microsoft.com

Test-ComputerSecureChannel (Microsoft.PowerShell.Management) - PowerShell

The Test-ComputerSecureChannel cmdlet verifies that the channel between the local computer and its domain is working correctly by checking the status of its trust relationships. If a connection fails, you can use the Repair parameter to try to restore it. Test-ComputerSecureChannel returns $True...
learn.microsoft.com

Frank15 said:
It seems like I found a way:
To know that I'm properly connected and logged into a domain controller: use these two commands
- whoami: it should show domainname\username
- gpupdate /force: if it completes successfully, you know you're properly joined and logged in to the domain controller
Click to expand...
gp update force. haha that is a clever way. Didn't consider that. However, gpupdate force can fail even if your connected to the domain properly. For example, if there is an issue in the record for group policy. It isn't super common for that to happen but it is possible.

As for the who am I, if I disconnect the ethernet and I am not connected, it will still show the domain listed there
 
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell G15 5525
    CPU
    Ryzen 7 6800H
    Memory
    32 GB DDR5 4800mhz
    Graphics Card(s)
    RTX 3050 4GB Vram
    Screen Resolution
    1920 x 1080
    Hard Drives
    2TB Solidigm™ P41 Plus nvme
    Internet Speed
    800mbps down, 20 up
  • Operating System
    Windows 11
    Computer type
    Tablet
    Manufacturer/Model
    Lenovo ideapad flex 14API 2 in 1
    CPU
    Ryzen 5 3500u
    Motherboard
    LENOVO LNVNB161216 (FP5)
    Memory
    12GB DDR4
    Graphics card(s)
    AMD Radeon Vega 8 Graphics
    Hard Drives
    256 GB Samsung ssd nvme
andrew129260 said:
The easiest way to know is if you have access to network resources, you're on the domain. If you do not, then you aren't.

However, there is this:

learn.microsoft.com

Test-ComputerSecureChannel (Microsoft.PowerShell.Management) - PowerShell

The Test-ComputerSecureChannel cmdlet verifies that the channel between the local computer and its domain is working correctly by checking the status of its trust relationships. If a connection fails, you can use the Repair parameter to try to restore it. Test-ComputerSecureChannel returns $True...
learn.microsoft.com


gp update force. haha that is a clever way. Didn't consider that. However, gpupdate force can fail even if your connected to the domain properly. For example, if there is an issue in the record for group policy. It isn't super common for that to happen but it is possible.

As for the who am I, if I disconnect the ethernet and I am not connected, it will still show the domain listed there
Click to expand...
Thanks for the answer. This one seems to be good:

Test-ComputerSecureChannel -Server rts-dc1.rtsnetworking.com

And not:
Test-ComputerSecureChannel #this one gave TRUE even if the DC was disconnected
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    Gigabyte B550M DS3H
You must log in or register to reply here.

Similar threads

Solved Win 11 can't detect my motherboard Wi-Fi (& Bluetooth?)
2
Replies
37
Views
1K
Jose Hidalgo
Jose Hidalgo
Solved BEST strategy or software to prevent any remote users whatsoever from penetrating my systems.
Replies
10
Views
996
Porthos
Porthos
Solved Can No Longer Access PC Or Get Past "Time for a break" Screen.
Replies
8
Views
441
DennyZenny
DennyZenny
System trying to go to www.thefancarpet with no browsers open
Replies
10
Views
671
andrew129260
andrew129260
  • Article
System Check if Secure Boot is Enabled, Disabled, or Unsupported in Windows 11
Replies
0
Views
2K
Brink
Brink

Latest Support Threads

Latest Tutorials

Back
Top Bottom