Checks if the current machine has at least one active network connection that is Domain Authenticated. If it doesn't, restart the Network Location Awareness service.

Remediate Network Location Awareness.xml

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.3" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Author>james@schlackman.org</Author>
    <Description>Restarts the Network Location Awareness following an LDAP authentication failure (typically due to a DC being temporarily unavailable during an update cycle)</Description>
    <URI>\Remediate Network Location Awareness</URI>
  </RegistrationInfo>
  <Triggers>
    <EventTrigger>
      <Enabled>true</Enabled>
      <Subscription>&lt;QueryList&gt;&lt;Query Id="0" Path="Microsoft-Windows-NlaSvc/Operational"&gt;&lt;Select Path="Microsoft-Windows-NlaSvc/Operational"&gt;*[System[Provider[@Name='Microsoft-Windows-NlaSvc'] and EventID=4343]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>
      <Delay>PT30M</Delay>
    </EventTrigger>
    <EventTrigger>
      <Enabled>true</Enabled>
      <Subscription>&lt;QueryList&gt;&lt;Query Id="0" Path="Microsoft-Windows-NetworkProfile/Operational"&gt;&lt;Select Path="Microsoft-Windows-NetworkProfile/Operational"&gt;*[System[Provider[@Name='Microsoft-Windows-NetworkProfile'] and EventID=10000]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>
      <Delay>PT30M</Delay>
    </EventTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <UserId>S-1-5-18</UserId>
      <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
    <AllowHardTerminate>false</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <Duration>PT5M</Duration>
      <WaitTimeout>PT1H</WaitTimeout>
      <StopOnIdleEnd>false</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>false</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>
    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>powershell.exe</Command>
      <Arguments>-ExecutionPolicy Bypass -File .\Remediate-NetworkLocationAwareness.ps1</Arguments>
      <WorkingDirectory>\\contoso.com\SYSVOL\contoso.com\scripts</WorkingDirectory>
    </Exec>
  </Actions>
</Task>

Remediate-NetworkLocationAwareness.ps1

# Name: Remediate-NetworkLocationAwareness.ps1
# Author: James Schlackman
# Last Modified: Oct 5 2023

# Checks if the current machine has at least one active network connection that is Domain Authenticated.
# If it doesn't, restart the Network Location Awareness service.

# Configure this script to be run on with the following recommended event triggers:

# Log: Microsoft-Windows-NlaSvc/Operational
# Source: NlaSvc
# Event ID: 4343

# Log: Microsoft-Windows-NetworkProfile/Operational
# Source: NetworkProfile
# Event ID: 10000

# Delay task execution for 15-30 mins on each event (to allow for transient network faults to pass)

If (![bool](Get-NetConnectionProfile | Where-Object NetworkCategory -eq DomainAuthenticated)) {
    
    # Check for any running services dependent on the Network Profile List and stop them
    $RunningDeps = Get-Service Netprofm -DependentServices | Where-Object Status -eq Running
    $RunningDeps | Stop-Service -Verbose

    # Restart Network Profile List and it's dependencies
    Restart-Service -Name NlaSvc -Force

    # Restart any dependent services we stopped earlier
    $RunningDeps | Start-Service -Verbose
}