Determining authenticated type user is logged onto NT4 domain or Active Directory

  • Thread starter Thread starter Zeno Lee
  • Start date Start date
Z

Zeno Lee

Right now I'm checking the presence of the USERDNSDOMAIN environment
variable.
Is there a better way to see which windows network, NT 4, Mixed ADS, Pure
ADS a user is logged into?
 
Hi

Based on my understanding, you have a mixed AD environment and you want to
judge if you are logged on a NT domain or a AD domain.

I think in addition to the USERDNSDOMAIN approach, we may also try to check
the LOGONSERVER environment variable which will tell us which DC we are
used to authenticated which need us build a NT DC list and AD DC list so
that we can match it to see which domain we are using. I have consult the
AD support team it seems that there is no other better approach.

Hope this helps.

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Primarily, I want to determine if a user is logged onto a pure NT 4.0
Domain, or if the user is in an Active Directory Environment. I have
customers who are still using plain NT 4 domains.

In addition, I would like to determine if a user is in a Mixed-Mode AD
environment or a pure AD environment. I have software that needs to work
with NT4 but I don't want to get bitten in a pure AD environment.

I've been checking the presense of the USERDNSDOMAIN, which may not be
completely bullet proof. It's an environment variable that can be modified.
In fact my software stopped working because of this check at an NT4
environment, but I was able to get it working by artificially defining
USERDNSDOMAIN.

There must be a better way.
 
Hi

Ok, now I am keeping researching the problem and I will update you ASAP.

Thanks for you understanding!

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Hi

If you do not want to retrieve the environment information, you could try
to create the ADSystemInfo object... if you get a DN for the computername
or the username, then you are on the AD, if not, it could be NT 4.
Getting the Host Domain Name
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/e2k3/e2k3/_
exch2k_getting_the_host_domain_name.asp

If you are on the AD, you then bind to the RootDSE object an look at the
domainFunctionality attribute.
This will tell you what mode the AD is running in, see the following link
for details:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/ad
schema/rootdse.asp?frame=true

If this fails, then you are most likely on an NT 4 domain. Their is no
quick way to determine which domain you are part of with ADSI. The above
method requires you to wait to the LDAP timeouts....

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top