Are there any applications that integrate with AD, that would require employees to read and acknowledge a Policy before being able to authenticate to the domain. Once they acknowledge the policy, their acknowledgement would be recorded in a data base and they would be able to join the domain. If they do not acknowledge the policy, then they would not be able to join the domain.