How to check when a PC last connected to a Domain

[TheToxicgamer97]

My company was hit with ransomware recently so we do not have any domain controllers. Our hosting service is saying if our clients do not check in with a DC within 30 days, they will get locked out. My boss is saying that if we turn them back on, all users are going to lose passwords and be locked out anyway. First, if somebody could provide so information as to how Active Directory would handle this situation. We have been offline for close to 30 days.

My main question is, how do I sit at a client computer and check the last time it connected to a domain controller? We want to use this to tell exactly how much time we have if everyone will get locked out after 30 days.

Thanks in advance, I will be monitoring this post closely to provide clarification if needed!

[Electronics Wizardy]

Do you have backups to restore?

 

Check event viewer?

 

You probably need to get someone on that knows what their doing here, you don't seem to know that much, and this can get expensive fast.

 

What are you doing with active directory? If its just login make a local users and then you can access all the files from the system.

 

 

[TheToxicgamer97]

1 hour ago, Electronics Wizardy said:

Do you have backups to restore?

 

Check event viewer?

 

You probably need to get someone on that knows what their doing here, you don't seem to know that much, and this can get expensive fast.

 

What are you doing with active directory? If its just login make a local users and then you can access all the files from the system.

 

 

First of all, don't make assumptions about my abilities based on a single paragraph, you don't know me or what I know. I came here because I need help, hopefully from people who know more than me.

We had an IT company that hosted and managed pretty much our entire network. They were supposed to be the ones who know what "their" (should be they're, friend) doing. They did not have sufficient backups which is why we have been down for so long. They are saying that if we leave the domain down for 30 days all systems will get locked out because they can't connect to a domain controller. We want to know how long it has been since our client systems have connected to a DC, but we do not have access to any DC's to check this. So my question is if this can be done from a client machine instead of a domain server. 

The only thing I could see in event viewer is the last time it failed to connect on 11/28. 

[Electronics Wizardy]

4 minutes ago, TheToxicgamer97 said:

First of all, don't make assumptions about my abilities based on a single paragraph, you don't know me or what I know. I came here because I need help, hopefully from people who know more than me.

We had an IT company that hosted and managed pretty much our entire network. They were supposed to be the ones who know what "their" (should be they're, friend) doing. They did not have sufficient backups which is why we have been down for so long. They are saying that if we leave the domain down for 30 days all systems will get locked out because they can't connect to a domain controller. We want to know how long it has been since our client systems have connected to a DC, but we do not have access to any DC's to check this. So my question is if this can be done from a client machine instead of a domain server. 

The only thing I could see in event viewer is the last time it failed to connect on 11/28. 

Has the event viewer logs full? it might have delted the old ones.

 

Even if DC is down, you can still make a local accounts and access all the files and programs on the computer.

 

If you don't have backups of the domain, Id just setup a new domain, and migrate to that.

[TheToxicgamer97]

10 minutes ago, Electronics Wizardy said:

Has the event viewer logs full? it might have delted the old ones.

 

Even if DC is down, you can still make a local accounts and access all the files and programs on the computer.

 

If you don't have backups of the domain, Id just setup a new domain, and migrate to that.

They could be full, I didn't really dig too deep. We have decided to just create a new domain. I don't know what our IT services company was/ has been doing, but I'll be surprised if they still exist next year. Most machines have local admins so we'll be okay there. I only came here because my boss was panicking and asked me to find information. 

[jake9000]

@TheToxicgamer97 Every computer has a 'machine password' which is generated automatically on domain join, and stored locally in the registry and in activedirectory on the computer object. The client keeps the current and most recent previous password.  The machine password is automatically rotated every 30 days by changing it locally and then telling the domain controller what the new one is. If the client is offline for 60 days (two rotations), both of the registry items will mismatch what the domain controller knows and the computer will throw a trust relationship error upon attempting to authenticate to the DC. The fix for this scenario is to either do a domain rejoin or a test-computersecurechannel with a domain user account that is authorized to add 'new' computers to the domain. 

 

The machine will not magically get locked at 30 days, you'll still be able to log on with a cached credential to any computer you have logged on to previously. Since you apparently have no plans to ever use the old DC and are going to stand up a new domain, you basically dont have to worry about it at all.

I once came across a colony of such computers that had been operating like this for years in an isolated lab. During a hardware refresh they just never turned in their old equipment but put them on a segregated network for running simulations.