![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 71%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENM%3C/text%3E%3C/svg%3E)
7,023 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello there,
Disabled computer accounts in AD will not prevent local logons if the machine is not connected to the domain.
Also if the computer is deleted from AD it will not prevent local logons, even with "some" domain user accounts as they use cached credentials, because the computer may not "know" about the deleting from the domain.
When a computer object is deleted from AD, and AD doesn't have the computer's object or password it its database. So what happens to the computer? The trust relationship between the computer an AD is broken because it cannot authenticate to the domain because the AD doesn't have its password anymore. computer's local secret cannot be used to authenticate the computer object then.
Similar discussion here
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer--