One AD-account two computers - never logged in at the same time

windows-7 active-directory windows-domain

Mission

I have one AD account that I, at different times, want to use at two phyiscal computers (referred to as computer1 & computer2). To be clear about the time aspeact, I never want to be logged in on both computers at a certain time.

Info

  • In Computer1 Windows is installed and joined to the domain. I have permission to do this myself
  • Software: Windows7 x64 SP1
  • One constraint to my solution is that I will have to use the same computer name.

Problem description

Now to the problem. On computer2 I install Windows and added computer2 to the domain as well. It worked well, but then when I logged out and tried to log in on computer1 I got a error message:

This computer is unable to establish a trust relationship with the server

Temporary Solution

The issue was quickly solved by removing computer1 from the domain and re-joining it again using my local admin account. However, I don´t want to do that each time I switch computer.

Thoughts and Questions

From what I´ve read on the internet one way to solve the issue might be to unplug the network adapter and login to disable Windows from checking with the AD server, and then re-connect the network cable again. Haven´t verified this solution.

I´ve also read about SIDs in various forms. One is something called "computer SID" or "machine SID" which seems to be string that is used to represent/identify the actual computer associated with an AD account. Just a theory, but if I can synchronize those SIDs between the two computers then would I be able to use them as I plan?

Are there any risk involved with using one AD account at two different computers? I don´t use the file share pushed out by the admins. But perhaps there are other things that I use in the background that may cause trouble?

I´m using Windows7, and I guess the functionality to remotely administrate my computer is built into the OS by now (compared to WinXP). What kind of reports are the admins able to get from me? Can they for example get a list of all the applications I´ve installed?

Even though it isn´t needed, I stil wonder what will happens if I log in on both computers at the same time?

And the final question, is it possible to solve my problem?


Solution 1:

Each computer on the domain must have a different sid or like you have already experienced you will have problems. If you set up a user profile you can use any computer on the domain with the same credential and permissions. If you have a server running in the back ground you could make a network drive so you will have your files regardless of where on the domain you will log in.

Related

Use one system hard disk alternately for two identical PCs
Increase size in dev/sda
WERS is disabled, system still displaying error(s)
How to allow IPIP (IP encap, proto 4) with ufw?
What happened to "Suggested Times" in Outlook (365) windows app?
Bluetooth Pairing on Dual Boot of Windows 11 & Linux (or some os else)
Windows 7 Stuck before loading drivers
key presses repeat or not register at all, is it Windows or Mobo
what is the difference between 802.1p and 802.1q
Why has my gpg key been revoked (should I be concerned)?
My laptop does not support ultrawide monitor?
SwiftUI dismiss modal