I am trying to obtain the name of the LogonDomain for the currently logged on user. I need this information to be able to determine if the user was logged in using a MicrosoftAccount, AzureAD or standard Windows Active Directory Domain.
When using the Sysinternals BGInfo.exe utility to display the LogonDomain, when on a Windows active directroy I get the name of the Domain, when running for a user logged in using a Microsoft account it returns "MicrosoftAccount". This is what I am expecting.
To this I am trying to use the WTSQuerySessionInformation with "WTSConfigInfo" for the WTS_INFO_CLASS parameter as follows
DWORD dwSessionID;
LPSTR ppBuffer = NULL;
DWORD dwBytesReturned = 0;
WTSCONFIGINFO* pInfo = NULL;
WTS_INFO_CLASS wtsci = WTSConfigInfo;
if (!ProcessIdToSessionId(GetCurrentProcessId(), &dwSessionID))
{
return;
}
if (WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE, dwSessionID, wtsci, &ppBuffer, &dwBytesReturned))
{
OutputDebugStringX(" dwBytesReturned = %i sizeof(WTS_INFO_CLASS) = %i SessionId = %i", dwBytesReturned, sizeof(WTSCONFIGINFO),dwSessionID);
if (dwBytesReturned > 0)
{
pInfo = (WTSCONFIGINFO*)ppBuffer;
OutputDebugStringX("LogonUserName = %s", pInfo->LogonUserName);
OutputDebugStringX("LogonDomain = %s", pInfo->LogonDomain);
}
}
WTSFreeMemory(ppBuffer);
The code executes without error with 848 bytes returned. The problem is that besides the pInfo->Version parameter that returns "1", everything else is blank.
Anyone have any idea why this is not returning any information or if there is another way to determine who validated the logged on user?
the easiest way is to read this value from registry : "HKEY_CURRENT_USER\Volatile Environment" value REG_SZ "LOGONSERVER" or "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\DataStore\Machine\0" value REG_SZ "DCName" or use the WMI class Win32_ComputerSystem