Running into a bit of trouble here. Was hoping someone could help me out.
Currently creating a cloud environment for my small cloud network. For compliance purposes, I need to run a Query against a VM to verify it is domain bound. I wish for any computers not domain bound will populate accordingly.
I thought about using the event logs. However, that doesn't seem to be a liable way to view this.
This seems more of a task for Change Tracking and Inventory solution which is part of Azure Automation. As that solution also uses Log Analytics as platform to store configuration and inventory data you will be able to execute search queries. That solution allows you to monitor windows registry keys. For example in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters REG_SZ value that is called Domain. If the windows server is joined to a domain that value will be filled. If not is not joined it won't be filled. Besides tracking the changes that occur on registry also at least every 24 hours snapshot is taken of the registry information. More information: