I am using LsaGetLogonSessionData to retrieve the logonSessionData on a machine that is using AD and Kerberos in a Domain Controller as a login method.
However, the logonServer field is empty in logonSessionData. But from commandline, I'm able to get the logonServer by using nltest/dsgetdc or set l command.
Anyone knows why I am not able to get logonServer from the code?
Attaching code snippet as below:
PSECURITY_LOGON_SESSION_DATA logonSessionData;
for (ULONG i = 0; i < logonSessionCount; i++) {
if (::LsaGetLogonSessionData(logonSessionList + i, &logonSessionData) != 0) {
LsaFreeReturnBuffer(logonSessionList);
DWORD error = ::GetLastError();
LOG_ERROR("GetActiveLogonUser: LsaGetLogonSessionData failed ", error);
return error;
}
if (std::count(sessions.begin(), sessions.end(), logonSessionData->Session) &&
(logonSessionData->LogonType == Interactive || logonSessionData->LogonType == RemoteInteractive)) {
const std::wstring logonServer = logonSessionData->LogonServer.Buffer;
if (!logonServer.size()) continue;
std::wstring domain = logonSessionData->LogonDomain.Buffer;
std::wstring userName = logonSessionData->UserName.Buffer;
logonUsers[StringUtils::GetStringFromWString(domain + std::wstring(TEXT("-")) + userName)] =
logonSessionData->Session;
}
}
