9

How do I detect if my program runs in an Active Directory environment?

I'm using C# and .Net 2.0

GEOCHET
  • 21,119
  • 15
  • 74
  • 98
vIceBerg
  • 4,197
  • 5
  • 40
  • 53

5 Answers5

7

Try getting Environment.UserDomainName and comparing it to Environment.MachineName. If the two are the same then it's likely that the user does not have a domain. If they are not the same then the user is logged into a domain which must have a directory server.

Captain Toad
  • 341
  • 1
  • 11
4

This code will check if the Computer itself is a member of a domain

using System.DirectoryServices.ActiveDirectory;


bool isDomain = false;

try
{
    Domain.GetComputerDomain();
    isDomain = true;
}
catch (ActiveDirectoryObjectNotFoundException)
{
}

However the computer can be in a domain, but the currently logged in user may be a local user account. If you want to check for this use the Domain.GetCurrentDomain() function

Ollie
  • 885
  • 1
  • 7
  • 14
  • 1
    I get false when I'm logged with a local user, true when logged with a domain user... – vIceBerg Sep 26 '08 at 18:36
  • What about an NT4 domain without an active directory? – VVS Oct 01 '08 at 16:40
  • 1
    This is good, but not foolproof: `ActiveDirectoryObjectNotFoundException` also gets thrown if the domain controller cannot be contacted for some reason, even though the machine is a domain member. – EMP May 26 '12 at 07:55
2

One way might be to query the LOGONSERVER environmental variable. That'll give the server name of your AD controller... Which, as far as I know, will be blank (or match current workstation? Not sure) if it isn't currently logged into a domain.

Example Usage:

string ADServer = Environment.GetEnvironmentVariable("LOGONSERVER");
Kevin Fairchild
  • 10,891
  • 6
  • 33
  • 52
1

From http://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentry.path.aspx

To bind to the current domain using LDAP, use the path "LDAP://RootDSE", then get the default naming context and rebind the entry.

So without a domain the binding to "LDAP://RootDSE" should either fail or return nothing. I didn't try it for myself.

use System.DirectoryServices; // add reference to system.directoryservices.dll

...

DirectoryEntry ent = new DirectoryEntry("LDAP://RootDSE");
String str = ent.Properties["defaultNamingContext"][0];
DirectoryEntry domain = new DirectoryEntry("LDAP://" + str);

This is definitely a cleaner way of checking for an Active Directory than relying on an environment variable (which the user could delete or add to spoof the program).

VVS
  • 19,405
  • 5
  • 46
  • 65
  • 1
    +1 This works, thank you. The only thing is, when the machine is not a domain member it waits for about 5 seconds before throwing a COMException. So it may be better to call `Domain.GetComputerDomain()` or `IPGlobalProperties.GetIPGlobalProperties().DomainName` first, then if that succeeds, do this. – EMP May 26 '12 at 09:19
1

I found something that works:

using System.Net.NetworkInformation;

IPGlobalProperties.GetIPGlobalProperties().DomainName;

Works with a local user and a domain user.

vIceBerg
  • 4,197
  • 5
  • 40
  • 53
  • Looks promising, but the remark in the doc is a little concerning: "If a local computer is registered in a domain and then changes to a workgroup, the DomainName property still returns the previous domain name not the Empty" [http://msdn.microsoft.com/en-us/library/system.net.networkinformation.ipglobalproperties.domainname.aspx] – EMP May 26 '12 at 09:22