1

I'm trying to determine the last domain connection made by a user from a remote machine, regardless of if the machine is currently connected to the domain or not.

The closest I can get is using the System.DirectoryServices.ActiveDirectory and System.DirectoryServices.AccountManagement namespaces that do something similar to this:

Domain d = Domain.GetComputerDomain();
PrincipalContext c = new PrincipalContext(ContextType.Domain, d.Name);
UserPrincipal uc = UserPrincipal.FindByIdentity(c, "johndoe");

And then using the LastLogon property of the UserPrincipal.

This works fine, as long as the machine my application is running on is connected to the domain. If it isn't, Domain.GetComputerDomain() returns null, and I'm out of luck (even if I hardcode the domain name to the PrincipalContext constructor, it throws an exception when not connected to the domain). Is there some other AD property or registry key that gets stored locally on the remote machine when it makes an AD connection to the server that I could use?

The following link describing the LSA Cache seems promising, but, to my knowledge, there is nothing regarding domain connection timestamps that gets cached.

Determine User Active Directory Groups from Local Machine off Network

Community
  • 1
  • 1
sabelbe
  • 11
  • 3
  • Although it is a property of a network, HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{GUID}\DateLastConnected appears to behave close to what I'm looking for. Unfortunately, it doesn't appear as though XP has any such key. – sabelbe May 04 '15 at 17:49
  • Also, since this is just a timestamp for the network profile, it will not update if a user VPNs into the domain. – sabelbe May 05 '15 at 13:15

0 Answers0