Is it authenticated domain user?

Posted on 2004-10-04
Last Modified: 2013-12-03

I have a token (hAccessToken) belonged to a current user:

::OpenThreadToken(::GetCurrentThread(), TOKEN_QUERY, TRUE, &hAccessToken));

Is it possible to determine whether a user is authenticated in domain or not? How?
Question by:NetwrkGuru
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
LVL 86

Expert Comment

ID: 12218453
The easy way is: Compare the value of the "USERDOMAIN" env. variable to the local computer name. If they're identical, you have a local logon. The hard way: Use 'LsaQueryInformationPolicy()' as described in

Author Comment

ID: 12218972
I can't obtain "USERDOMAIN" because my code will work on the other machine using DCOM protocal. I have only security token.
LVL 86

Accepted Solution

jkr earned 63 total points
ID: 12219020
Then you'll have to go the hard way. Get the Token's UserSID and use the code at
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.


Expert Comment

ID: 12234646
When ever you get an access token, it is always after autheticaion. The user is already authenticated in your case.  Why do you want to check this again?

Author Comment

ID: 12234944
User can be authenticated within workgroup or within domain. I want know exactly that user is authenticated within domain.

Code at works only for workstations. The question is still open.

Assisted Solution

Milind00 earned 62 total points
ID: 12237625  this code only tells you that where the machine is. By this you will not know if the user is logged on to machine or domain. The user could be a domain user or machine local user. You can use GetTokenInformation by specifying  " TokenUser" and get the SID of the user. And from the SID you can seperate out RID. Remainig will be domain SID or machine SID. You can verify that.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Enable Clear Text in Win 8.1 7 49
ODBC Connection; Switch between 2 SQL Databases VBA 11 146
VS2015 compilation and missing DLLs 9 191
Why use this lambda? 12 96
This article describes how to programmatically preset the "Pages per Sheet" option that's available with most printer drivers.   This setting lets you do "n-Up" printing, where two, four, or more pages are printed on each sheet of paper. If your …
In this article, I will show how to use the Ribbon IDs Tool Window to assign the built-in Office icons to a ribbon button.  This tool will help us to find the OfficeImageId that corresponds to our desired built-in Office icon. The tool is part of…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA.…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question