How to retrieve user's domain correctly?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

If you are using any of the following two calls below, you may not get what
you are looking for.

string domain = System.Environment.UserDomainName;
string domain = SystemInformation.UserDomainName;

I happen to have an account USERX as part of the local domain (MACHINE_NAME)
of my system. The same account name USERX is used for my USERX_DOMAIN domain.
I logged in as USERX_DOMAIN\USERX but the domain returned by those two calls
is MACHINE_NAME.

As a workaround, I am going to use the value of the environment variable
USERDOMAIN, which is correct, to get the correct domain name. How could I
obtain the correct domain name without depending on an overwritable
environment variable?
 
It sounds like you authenticated through your local machine - in other
words, when you go to login, you specify to log in from the local machine
instead of the domain.

If that is the case, this is correct - you ARE logged in as your machine
account and NOT your domain account. And if you are trying to get the
running user of the CURRENT process, this is pretty reliable:

string strUser = Environment.UserDomainName + "\\" + Environment.UserName;

HTH
 
Thank you Drebin for your response.

We have checked this multiple times and we are certain that we have
logged-in through the domain (USERX_DOMAIN). We used another system which
does not have the local USERX account and we get the correct information.

We investigated further this bug and found that even a WIN32 API returns the
incorrect information. Following is the summary of what we have seen so far.
All of the results were obtained from a system running .Net framework 1.1 on
Windows 2000 profesional SP4.

1. .Net System.Environment.UserDomainName -> Incorrectly returns MACHINE_NAME.
2. .Net SystemInformation.UserDomainName -> Incorrectly returns MACHINE_NAME.
3. Win32 API LookupAccountName -> Incorrectly returns MACHINE_NAME.
4. .Net System.Environment.GetEnvironmentVariable("USERDOMAIN") -> Correctly
returns USERX_DOMAIN.
5. Win32 API GetUserNameEx with NAME_FORMAT set to -> Correctly returns
USERX_DOMAIN/USERX.

At this moment it looks that the problem is being propagated to the .Net
framework classes by the Win32 API.
WNC
 
If you DO have a matching account on your local machine, that is expected
behaviour - your local account is much more "trusted" than your domain
account, and likely has more privs on the local machine. So it is by design
that if you have a domain and matching local account, the local account
should always take precendence. In other words, your process will always try
your local SID first, when trying to do anything, including trying to find
out where the account is from.

If you have a machine that does NOT have a matching account - it should,
work the way you expected, because there is only one instance of that
account. If THAT shows incorrectly, then I would say it's a bona fide bug in
Win32
 
Your statement is incorrect. The OS will not blindly change the domain
because the local account name happens to match the domain account name. The
two accounts are independent and are treated as such. I will be interested in
a reference from MS describing your logic below.

The application should be able to obtain the domain, used by the logged-in
user, correctly. The different results obtained by the methods described
previously points to a bug somewhere.
 
"Drebin" is right.

From the MSDN, the API for LookupAccountName requires a structure with
multiple elements. The documentation for the first two elements follows:

lpSystemName
[in] Pointer to a null-terminated character string that specifies the name
of the system. This string can be the name of a remote computer. If this
string is NULL, the account name translation begins on the local system. If
the name cannot be resolved on the local system, this function will try to
resolve the name using domain controllers trusted by the local system.
Generally, specify a value for lpSystemName only when the account is in an
untrusted domain and the name of a computer in that domain is known.

lpAccountName
[in] Pointer to a null-terminated string that specifies the account name.
Use a fully qualified string in the domain_name\user_name format to ensure
that LookupAccountName finds the account in the desired domain.

In other words, that API is not terribly good for finding the domain name of
the account that you are logged in to.

--- Nick
 
Back
Top