Read logged in user's domain on OS X

Question

Is there a way to identify whether the logged in account is local account or active directory account on OS X? If yes, how can we retrieve the domain name?

Answer 1

You can create a CBUserIdentity for the user from their username:

CBUserIdentity* identity = [CBUserIdentity identityWithName:NSUserName() authority:[CBIdentityAuthority defaultIdentityAuthority]];

Then, you can obtain that user identity's authority:

CBIdentityAuthority* authority = identity.authority;

Then, you can see if that is the local authority (the alternative is the managed authority):

if ([authority isEqual:[CBIdentityAuthority localIdentityAuthority])
{
    // user is local
}
else
{
    // user is managed
}

The authority has a localizedName property, but that's not likely to include the domain name, I don't think. I don't know how to get that.

---

Update:

This is an approach using the Open Directory API:

ODSession* session = [ODSession defaultSession];
ODNode* node = [ODNode nodeWithSession:session type:kODNodeTypeAuthentication error:NULL];
ODQuery* query = [ODQuery queryWithNode:node forRecordTypes:kODRecordTypeUsers attribute:kODAttributeTypeRecordName matchType:kODMatchEqualTo queryValues:NSUserName() returnAttributes:kODAttributeTypeStandardOnly maximumResults:0 error:NULL];
NSArray* results = [query resultsAllowingPartial:NO error:NULL];
ODRecord* record = results.firstObject;

At this point, you can query the record for some of its attributes. One that may be of interest might be kODAttributeTypeMetaNodeLocation:

NSArray* attributes = [record valuesForAttribute:kODAttributeTypeMetaNodeLocation error:NULL];
NSString* attribute = attributes.firstObject;

For a local account, the meta node location should be "/Local/Default". I tested with an LDAP account and that gave ""/LDAPv3/my.ldap.server.example.com". I don't have an Active Directory account to test with.

Alternatively, you can try kODAttributeTypeMetaRecordName. For a local account, that returned nil. For an LDAP account, it gave the fully distinguished name: "uid=ken,ou=People,dc=example,dc=com". Again, I don't know what it would do for an Active Directory account.

You can log the record to see other attributes that are available. That will show the attribute keys as string values. You can look here to try to find a symbolic constant for the one(s) of interest, or check /System/Library/Frameworks/OpenDirectory.framework/Frameworks/CFOpenDirectory.framework/Headers/CFOpenDirectoryConstants.h for some which aren't documented.

Once you find what you really care about, you can maybe simplify the query by requesting just those instead of kODAttributeTypeStandardOnly. Also, you should consider running the query asynchronously rather than synchronously as I did in my example code.

Answer 2

For me the code:

NSMutableString *userDataDirectory = [[NSMutableString alloc] initWithString:NSHomeDirectory()];
NSLog(@"%@", userDataDirectory);

prints: /Users/jwlaughton

Is this what you're looking for?