When did I last talk to my Domain Server?

Question

How can my app get a valid "last time connected to domain" timestamp from Windows, even when the app is running offline?

Background: I am writing an application that is run on multiple client machines throughout my company. All of these client machines are on one of the AD domains implemented by my company. This application needs to take certain measures if the client machine has not communicated with the AD for a period of time.

An example might be that a machine running this app is stolen. After e.g. 4 weeks, the application refuses to work because it detects that the machine has not communicated with its AD domain for 4 weeks.

Note that this must not be tied to a user account because the app might be running as a Local Service account. It the computer-domain relationship that I'm interested in.

I have considered and rejected using WinNT://<domain>/<machine>$,user because it doesn't work while offline. Also, any LDAP://... lookups won't work while offline.

I have also considered and rejected scheduling this query on a dayly basis and storing the timestamp in the registry or a file. This solutions requires too much setup and coding. Besides this value simply MUST be stored locally by Windows.

Answer 1

IMHO i dont think the client machine would store a timestamp of the last time it communicated with AD. This information is stored in active directory itself (ie. on the DC)

Once a user logs into say a Windows machine the credentials are cached. If that machine is disconnected from the network the credentials will last forever. You can turn this feature off with group policies, so that the machine does not cache any credentials.

Answer 2

I don't believe this value is stored on the client machine. It's stored in Active Directory, and you can get a list of inactive machines using the Dsquery tool.

The best option is to have your program do a simple test such as connection to a DC, and then store the timestamp of that action.