Domain Migration over VPN - cached credential issue

Tony S 96 Reputation points
2020-09-09T22:15:56.563+00:00

I am working on a domain migration from a merger, and the users were somehow already migrated by someone else. Now, in the 11th hour of joining devices, which we are doing manually for some reason, we are running into problems, much to zero shock on my part with our lack of planning. Anyway...

Basically, the issue is once we do the domain join while connected to VPN, we can switch user and login as the user in the target domain. That works, no problem. Once we restart, I am assuming because it completes the domain join, it deletes all cached credentials, including those from the target domain. This is fine if you have a physical connection to the domain, but we are primarily remote right now.

Question is: Is there a way in Windows(or a Microsoft tool) to preserve this cached credential after completing the domain join? I explored third party options when this was first floated and figured we would go down that route(Quest, ForensIT, etc), but here we sit. It's still an option for users that realistically can't get to an office, especially if there isn't another option.

Thanks in advance for any advice!

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,163 questions
Windows Server Migration
Windows Server Migration
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Migration: The process of making existing applications and data work on a different computer or operating system.
414 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Hannah Xiong 6,256 Reputation points
    2020-09-10T03:08:26.647+00:00

    Hello,

    Thank you so much for posting here.

    As per my research, "There is no problem migrating over a VPN as such. The problems come when you attempt to logon after the machine has been joined to the new domain and is rebooted. When you are on the LAN and you reboot, Windows is able to cache the domain and logon information: that isn't the case over the VPN. Instead what you need to do is find a way to create a VPN connection before logging on.

    Probably the easiest way to do this is to select "Logon Using Dial-Up Networking" at the logon prompt and then select your VPN connection from the "Network Connections" box."

    Reference: http://forum.forensit.com/forum_posts.asp?TID=51

    Hope it is helpful. Thank you so much for your support.

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    Best regards,
    Hannah Xiong

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Tony S 96 Reputation points
    2020-09-10T13:52:04.223+00:00

    I appreciate the response, but I don't believe that will work for my situation. We are using a third party app with a token, and if I'm understanding the post above, this would simply setup a standalone VPN connection in network settings. I did find out that our vendor has another add-on that would allow us to specifically use the VPN service before logon. That is potentially an option, but still would like to hear if there are any other options.

    Thanks!