Is there any way that I can manage/switch between multiple AD accounts on a local windows account. The account is not connected to AD.

  • 72,524
  • 21
  • 127
  • 192
  • 103
  • 4
  • I assume by "windows account" you mean a local account on a specific machine? I'm not sure what you are referring to when you say "switch between multiple AD accounts" though, can you clarify your question with some more detail? – ThatGraemeGuy Dec 08 '10 at 21:35
  • Exactly! What I want to achieve is to make my local account act as if were a specific AD account. Basically make it authenticate automatically against the AD and account in context. I can assume that this might have some complications.. But is it possible? – Robin Dec 08 '10 at 21:44
  • I don't think you can do this. Can you describe what problem you're actually trying to solve? – mfinni Dec 09 '10 at 02:21

3 Answers3


A whole bunch of net use statements, probably.

  • 35,711
  • 3
  • 50
  • 86
  • This only seems to solve issues with connecting logical drives. I want my account to be in the "whole" context of the AD. But I might be wrong. If so.. Do you have any example? – Robin Dec 08 '10 at 21:38
  • it won't and can't be. Your machine isn't a domain member, and your local account on it isn't a domain account. All you can do is start certain actions as another user. 'net use' gets you a SMB session to another server. 'runas', as mentioned above, starts applications in other contexts - although I don't know if it will work actually. The local machine has no idea who /user:domain\username is , so the runas would probably fail. – mfinni Dec 09 '10 at 02:19

First a bit on how Windows Authentication works.

If you're on a domained workstation and log in with a local account, your security token will be generated by the local workstation and your credentials will be local. All processes spawned by you will inherit this token. To access domained resources you will need to provide an additional credential, the AD credential, as part of the connection process. You authenticate once per server, so you can't talk to a server using two different credentials.

When you connect to a server (\\fileserver\homedir), you connect to \\fileserver and then access \homedir. You can't then access \\fileserver\shareddir using a different credential, Windows will complain. In order to switch, you have to disconnect from all resources on \\fileserver and reconnect using a different credential.

If you're accessing multiple servers (\\fileserver\homedir, \\devserver\coderepo) you can definitely connect to each server using a different AD credential. But only if you log in to the local workstation as a workstation-local user.

  • 131,083
  • 18
  • 173
  • 296

Not sure if you can use a local account to masqurade as a domain account. All auth is based on GUIDS and they'd be different right? Best I can think of is starting any programs you need as your domain account. Easy way to do this is using runas and set it to remember your password.

Create a shortcut like this, %windir%\system32\runas.exe /savecred /user:domain\username "explorer /separate"

Obviously change the command at the end to be Outlook, IE, appX, etc.

  • 148
  • 5