Extending Active Directory functionality in C# .NET?

On a flat LAN with multiple Windows 7 clients and a single Active Directory (server 2008) machine, I have a requirement to ensure that given AD users can only log on for a specified number of minutes every day, at the limit of which they are forcibly logged out, and cannot log back in until the next day.

In the absence of the built in facility to do this, I had wondered whether a bespoke solution might be possible in .NET. Any pointers as to w开发者_如何转开发here to begin with this would be very much appreciated. Thank you all!

yeah agree with @marc_s, you could use existing properties like "lastlogontimestamp" to find out when last time username was used, but Service based approach is better, which will run on that box and check how long the user has been logged in and log him out.

Or you might be lucky with exploring Policies, where you might be able to specify maxUsage. I think in "Parental Control" policies somewhere you can set maximum time account can be used for given period. (i think I have seen it in Windows 7)