How To Logon To A Domain Controller Locally - ManageEngine

TL;DR: To sign in to another domain or log on to a domain controller locally or remotely

• Sign in to another domain: Use the Other User option and enter your credentials in the domain\username format.
• Log on locally: Use .\Administrator to access the local Administrator account when domain authentication is unavailable.
• Log on remotely (RDP): Enable Remote Desktop on the domain controller and connect using DOMAIN\Username.

These methods cover local, remote, and alternate-domain logons across Windows Server 2008-2022 and Windows 10 and 11.

System administrators often need to perform a domain sign in or log on locally to a domain controller (DC) for troubleshooting, maintenance, or administrative tasks.

This guide provides step-by-step instructions for Windows Server editions 2008 to 2022 and Windows desktop versions 10 and 11.

How to sign in to another domain in Windows

On the Windows sign-in screen, click Switch User. Instead of showing icons for all the users with accounts on the PC, you'll see two icons:

1. The first icon is the last user who signed in.
2. The second icon always shows Other user.

To sign in to a different domain:

1. On the sign-in screen, select Other user.
2. Enter your credentials in the format: Copy domain\username

   Example: CORP\JBond

   

3. Enter your password and press Enter.

How to sign in locally to a domain controller

Sometimes you need to sign in using the local Administrator account rather than a domain account:

1. Disconnect the network or disable the NIC temporarily.
2. On the sign-in screen, select Other user.
3. Enter the username in this format: Copy .\Administrator
4. Enter the local Administrator password and press Enter.

   

5. After signing in, reconnect to the network if required.

Note:

• The dot backslash (.\) tells Windows to use a local account on this computer rather than a domain account.
• This method is helpful when domain authentication is unavailable. Make sure you have the local Administrator password before attempting it.

How to sign in to a domain controller via Remote Desktop (RDP)

1. On the domain controller, open System Properties (Win + Pause, or right-click This PC > Properties > Remote Settings).
2. Under the Remote Desktop section, use the Enable Remote Desktop toggle to allow remote connections to the computer.

   

3. Ensure Network Level Authentication (NLA) is enabled under Advanced settings for better security.
4. Confirm your account has administrative or delegated rights to connect remotely.

   

5. Open the Remote Desktop Connection client on your computer (type mstsc in the Run dialog or search for Remote Desktop).
6. In the Remote Desktop Connection window, enter the hostname or IP address of the domain controller you want to connect to.

   

7. Click Connect.
8. When prompted, enter your credentials in the format: Copy DOMAIN\Username
9. Enter your password and click OK.
10. If a security certificate warning appears, click Yes to proceed.

    

11. After successful authentication, you will see the desktop of the domain controller.

Best practices to consider during domain controller logons

To maintain a secure and reliable authentication environment, follow these best practices when logging on to domain controllers:

1. Use domain accounts with appropriate privileges instead of local administrator accounts whenever possible.
2. Limit logons to authorized administrators only, and avoid using service or shared accounts for interactive sign-ins.
3. Always log on over secure channels (like Remote Desktop over HTTPS or using VPN access) to prevent credential exposure.
4. Avoid using domain controllers for daily administrative tasks such as browsing the web or checking email.
5. Implement multi-factor authentication (MFA) for domain admin accounts to strengthen security.
6. Monitor and audit all domain controller logons to detect unusual access attempts early.

Wondering who's logging on to your domain controllers?

Not sure if the logons on your domain controllers are legitimate? ADAudit Plus gives you complete visibility into every domain controller logon so you can be confident they're done by the right user.

Quickly get insights on:

• Who logged on and when.
• Which domain controller was accessed.
• Logon trends across servers and workstations.
• User-specific logon history for auditing.

For detailed steps on auditing domain controller logon events, refer to our guide here.

A one-stop solution for all your IT auditing, compliance, and security needs

ADAudit Plus provides capabilities like change auditing, logon monitoring, file tracking, compliance reporting, attack surface analysis, response automation, and backup and recovery for diverse IT systems.

• Active Directory
• Microsoft Entra ID
• Windows file server
• NAS file servers
• Windows Server
• Workstation
• And more

Schedule a demo

Troubleshooting and FAQ

What are the main types of domain controllers?

• Read-Write Domain Controller (RWDC): Can read and write changes to Active Directory.
• Read-Only Domain Controller (RODC): Holds a read-only copy of Active Directory, ideal for remote or less-secure sites.
• Global Catalog (GC) Domain Controller: Stores partial Active Directory data to speed up logons and searches.
• Primary Domain Controller (PDC): Legacy role that handled updates and replication in Windows NT.
• Backup Domain Controller (BDC): Legacy read-only backup of the domain database in Windows NT.

What if I don't see the Other User option on the sign-in screen?

Modern Windows versions only show the last signed-in user and the Other user option. If this option isn't visible, press Ctrl + Alt + Del to bring up the sign-in prompt.

I got the The specified domain does not exist error. What now?

Ensure the computer is joined to the correct domain and the domain controller is online.

To verify:

• Press Win + R, type sysdm.cpl, and check under the Computer Name tab to confirm the domain.

  

• Open Command Prompt and test the network connectivity by running: Copy ping < DomainControllerName>

  

• Test domain controller availability to confirm which domain controller is reachable by running: Copy nltest /dsgetdc: < domainname >

I'm experiencing a slow or delayed logon.

A logon that's slow or delayed could indicate network latency, domain controller issues, or problems with cached credentials. Check the system logs and network connectivity.

Related how-to's

• How to check if domain controllers are in sync with each other?
• How to find the source of failed logon attempts in Active Directory
• How to find the computers a user is logged on to
• How to enable file and folder access auditing in Windows Server?
• How to track who changed a file or a folder in Windows Server?
• How to view Active Directory event log?
• How to check user login history in Active Directory