Domain account trust relationship expire?

fausp · May 31, 2019, 5:50pm

How long are we able to use a Windows 10 account offline until the trust relationship expires?

Steveo · June 5, 2019, 4:26pm

This period is usually 30 Days on a MS DC before the trust relationship expires. (Not sure if this is different on NS’s implementation, I cant see why it would be) How long you can use it offline, who knows… this could be forever in theory. I have a user whom works offline for periods of 6 months at a time with no issues until he connects to the LAN and communication between the client and DC is established. The caveat obviously being that this user is not prompted to change his password on a regular basis as would be best practice.

MrE · June 5, 2019, 4:34pm

Maybe the problem occurs when you stop using the computer for a long time, I see issues with and old virtualbox windows vm that I stop using for almost a +year, after reboot the vm, windows shows some blah messages and the logon is not possible using the right password (then I try changing the password in the domain and don’t work); so I need to rejoin or even use the local account that fortunately I always create. In some other forums someone say this doesn’t happen, but I don’t believe it because I see it happened.

I wonder, if I try to start the vm … what will happen:

let’s see

Uff I forgot to disconect the NIC!
Need to find some old backup and test it with the nic disconnected. …

Backup found it! offline since 2019/Dec/17

Note: This backup is a windows XP joined to and old and running an AD in windows 2000 sbs; not the same scenario as the windows 10 that @fausp have, but maybe it shows

Ok network disabled…

Run!..

No error!

I don’t know but this looks good.

Maybe I have some other vm backup (windows 8.1) at home, and see if this works too.

Steveo · June 5, 2019, 4:41pm

Disable the NIC to prevent comms to DC before booting? Should have no errors.

Steveo · June 5, 2019, 4:50pm

Would be awesome if you could find a backup, I somehow think 30 + plus days is a long time for an answer

MrE · June 5, 2019, 5:22pm

Test done @Steveo @fausp (see above)

My previous HDD was damaged some months ago (Dec/18) and I take it to my home to recover some old files the past week. Maybe I have another vm (windows 8.1) joined in the new NethServer domain to see if this works too.

Steveo · June 5, 2019, 5:30pm

Thank you @MrE . That test result really seems positive.

MrE · June 6, 2019, 2:44pm

CC. @fausp

Today I run the old windows 8.1 vm backup and it works with the network disabled, hope the image is clear enough.
( Now I wonder why I got that errors on those times, maybe a patch fix that behavior )

Regards

fausp · June 6, 2019, 3:05pm

Does it mean as long as I not connect to the DC-Network the account on the PC/NB will be usable and grant access locally or does it mean network connections are forbidden at all?

MrE · June 6, 2019, 3:12pm

I Disconnect the NIC not disabled, just to be sure that it works without authentication on the domain.

Steveo · June 6, 2019, 3:36pm

I think the general conclusion is, As long as you not connecting to the DC local Authentication will continue to function. Other connectivity is fine. (No need to disable the NIC, the tests were ran with NICs disabled only to ensure no connection to DCs were possible)