I don’t think there is a way to get the last time a computer checked in with AD via relevance, so we might have to get creative. I was thinking about ways you can check to make sure AD communication is happening, and the first thing I thought of was that the computer won’t be able to update Domain Group Policy if it’s out of contact with the Domain. With a little digging, I found that event ID 4016 looks to be one that is generated when the computer successfully talks to the domain controller during a gpupdate. An event with that record was not created when I disallowed communication from my test computer to my DC.
From there, I’m using relevance to read the event log and report whether there are any event records with that ID in the last 60 days:
not exists records whose (id of it = 4016 AND time generated of it > now - 60*day) of event log "Microsoft-Windows-GroupPolicy/Operational"
In theory, that will report true if a computer has not talked to the domain in 60 days and false if it has. You could use that to drive an automated report in Web Reports, for your user nagging purposes
I didn’t spend too much time testing, nor is my test environment particularly representative of a real one, but even if it turns out 4016 isn’t the event log record ID you need, looking for the presence of some event log record should be one way to solve this problem.