I think ideally the registry inventory would be best but i'll need to work out how to get that working. Do you know of any documentation for doing it?
The Administrator's Guide briefly mentions (on p72) how to collect FileSystem and/or Registry information using the Managed Computer Inventory task. Once that data is collected via the inventory task, the Computer (Registry Information) report category defines two datasources that can be used to build the report. The Computers datasource provides all of the identification information for the system itself, and the Registry datasource provides access to the inventoried registry data.
Can anyone from Solarwinds tell me if this is a reporting function that you plan to build into the product?
Over the lifespan of my association with the product (almost five years now), I can count on one hand the number of conversations I've had about reconciling domain membership with WSUS-registered clients. I can't speak to whether there would or would not be plans to do it (you should add an item to the Feature Requests forum, though), but in my observation the demand has been minmal.
To be honest its something I would expect from an enterprise patch managing product as standard. To be able to easily audit your environment to ensure all your systems are protected is a basic requirement. There's little point in the rest of the funcitonality if come the time of a pen test it's discovered that a number of machines arn't being managed by WSUS and therefore have missed updates.
Being able to identify machines that are not registered/communicating with the patch management systems is surely a valid need from an organizational standpoint; however, there's also a matter of practicality here. You cannot report on things that aren't there. WSUS does not require domain membership; it's architected to work in workgroup environments just the same. Furthermore, in some organizations, not all domain-member systems are actually patched by WSUS, or even by the same WSUS server. Many organizations have split end-user and datacenter patch management across more than one product (e.g. WSUS and Configuration Manager, or even multiple independent instances of WSUS). Thus, it would be totally inappropriate for the product to assume that membership in a domain implied that those machines should also be registered with WSUS. At some point it becomes a necessity for the individual patch administrator to interpret what should or should not be with respect to what actually is. Patch Manager can report on what is, but cannot possibly interpret rationally what "should be".