I have only found one reliable way to tell a member of a domain from a stand-alone machine (without digging through browse information or account databases) -- asking the machine's LSA subsystem. You need to have appropriate access permissions on the target; if your account is no good there, you may want to explicitly connect to \\target\IPC$ first, using a properly endowed account.

The output will list the "primary" domain -- the one of which a machine is a member -- and the "account" domain, the one which stores local accounts and groups. For a DC, the two are the same; for a member of a domain, the primary domain is different from the account domain, and the primary domain has a SID (pd->Sid != NULL); and for a stand-alone server a/k/a member of a workgroup, the primary domain name is the workgroup name, and the primary domain SID does not exist.

lsa_lqip2.cpp, 4 KB