Query for last time contacted domain RRS feed

  • Question

  • So, in my org. we have a lot of machines used offsite (home, client sites, etc.). Because of Office 365, users rarely require connectivity back to the internal network despite having a VPN client that they can use. However, from a device management point of view, we still need them to connect so that they get Group Policy, AD group membership and, from an SCCM POV, so that their DNS record internally is updated which means that the AD System Discovery will import data from AD into SCCM.

    Anyway, all sorts of reasons for clients to be prompted to reconnect. Which leads me to, how can I determine locally (i.e., without attempting to query the domain, which obvious may be impossible at the time) that a machine has not connected to the domain for a 'long' time?

    All I've found so far is 


    which has the last timestamp of when computer account password was changed. But that's only changed every 30 days. So is hardly up to date.

    So, does anyone know of a local value on a PC (Windows 10 certainly, plus 8 and even 7 would be better) that has the date when the PC last spoke to the domain it's joined to? Looking for built-in values, before I consider a custom one.

    (I'd be using that value to determine if a message should pop up to the user asking them to connect back to the internal network.)

    Many thanks for your thoughts!

    Friday, October 18, 2019 2:30 PM

All replies

  • one of the best tables to use would probably be

    select * from v_ch_clientSummary

    This has details of lastactiveTime, LastOnline, LastHardware and LastDDR record time.

    Website: Technical Blog: Personal Blog: Twitter: Dwalshampro

    Friday, October 18, 2019 2:37 PM
  • OK, that would help me build a Collection. However, won't help me run a script on the local client, which I need to do. So any value/query has to be on the local machine, as the target is those machines without connectivity to the internal network.
    Friday, October 18, 2019 2:44 PM
  • Try the RefreshDateTime value at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\DataStore\Machine\0.

    Also, install a CMG and move your group policies to configuration items and baselines.

    Jason | | @jasonsandys

    Friday, October 18, 2019 4:14 PM
  • Hi,

    As Jason mentioned, we can get the time when the clients last contacted domain by querying the register value. Here is a PowerShell script about the last time Group Policy was processed. Hope it helps.

    Best Regards,

    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact

    Monday, October 21, 2019 9:14 AM
  • Hi,

    How are things going? I just checked in to see if there are any updates. Please feel free to feedback and if the reply is helpful, please kindly click “Mark as answer”. It would make the reply to the top and easier to be found for other people who has the similar question.

    Thank you for your kindly support.

    Best Regards,

    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact

    Wednesday, October 23, 2019 7:59 AM
  • Cheers both Jason and Tina for your help!

    I'd already come across the registry values Tina suggested in that script, but those are for the last time GP was processed, which happens even if the machine is not connected to the Domain. So not that useful in this scenario.

    As for the other value, then that has promise. However finding on some machines that the value is just not there at all!

    And yes, moving to CMG (already up and running, not moved much to it yet though), but for now need to keep machines connecting to the domain until we have completed that.

    Monday, October 28, 2019 11:43 AM
  • Having used CMPivot to query for the RefreshDateTime value at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\DataStore\Machine\0, only about 25% of machines have any value at all.

    And even amongst the 25% many of them have dates going back to 2015!

    So not a value I can reliably use.

    Still considering using a custom value (e.g., script that runs regularly - daily/hourly - which will write the current timestamp into a registry key, if it can reach the domain at the time). e.g. HKLM\Software\organisation LastDomainContact DWORD.

    Unless anyone has a better idea?

    BTW: Looks like this may have been asked before, without getting a better answer then either;
    • Edited by Robin Herbert Friday, November 1, 2019 3:45 PM Add BTW paragraph
    Friday, November 1, 2019 3:42 PM