|
No navigation frame on the left? Click here. LsaQueryInformationPolicy, take 2
|
I have only found one reliable way to tell a member of a domain from a stand-alone machine (without digging through browse information or account databases) -- asking the machine's LSA subsystem. You need to have appropriate access permissions on the target; if your account is no good there, you may want to explicitly connect to \\target\IPC$ first, using a properly endowed account. The output will list the "primary" domain -- the one of which a
machine is a member -- and the "account" domain, the one which stores
local accounts and groups. For a DC, the two are the same; for a member of a
domain, the primary domain is different from the account domain, and the primary
domain has a SID ( lsa_lqip2.cpp, 4 KB |