Is it authenticated domain user?


I have a token (hAccessToken) belonged to a current user:

::OpenThreadToken(::GetCurrentThread(), TOKEN_QUERY, TRUE, &hAccessToken));

Is it possible to determine whether a user is authenticated in domain or not? How?
Who is Participating?
jkrConnect With a Mentor Commented:
Then you'll have to go the hard way. Get the Token's UserSID and use the code at
The easy way is: Compare the value of the "USERDOMAIN" env. variable to the local computer name. If they're identical, you have a local logon. The hard way: Use 'LsaQueryInformationPolicy()' as described in
NetwrkGuruAuthor Commented:
I can't obtain "USERDOMAIN" because my code will work on the other machine using DCOM protocal. I have only security token.
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

When ever you get an access token, it is always after autheticaion. The user is already authenticated in your case.  Why do you want to check this again?
NetwrkGuruAuthor Commented:
User can be authenticated within workgroup or within domain. I want know exactly that user is authenticated within domain.

Code at works only for workstations. The question is still open.
Milind00Connect With a Mentor Commented:  this code only tells you that where the machine is. By this you will not know if the user is logged on to machine or domain. The user could be a domain user or machine local user. You can use GetTokenInformation by specifying  " TokenUser" and get the SID of the user. And from the SID you can seperate out RID. Remainig will be domain SID or machine SID. You can verify that.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.