如何以编程方式确定Windows计算机是否是域的成员?

时间:2022-05-27 07:19:37

I need a way to determine whether the computer running my program is joined to any domain. It doesn't matter what specific domain it is part of, just whether it is connected to anything. I'm coding in vc++ against the Win32 API.

我需要一种方法来确定运行我的程序的计算机是否加入任何域。它属于哪个特定领域并不重要,只要它是否与任何东西相连。我正在使用vc ++编写针对Win32 API的代码。

7 个解决方案

#1


11  

Straight from Microsoft:

直接来自微软:

How To Determine If a Windows NT/Windows 2000 Computer Is a Domain Member

如何确定Windows NT / Windows 2000计算机是否为域成员

This approach uses the Windows API. From the article summary:

此方法使用Windows API。从文章摘要:

This article describes how to determine if a computer that is running Windows NT 4.0 or Windows 2000 is a member of a domain, is a member of a workgroup, or is a stand-alone computer using the Local Security Authority APIs.

本文介绍如何确定运行Windows NT 4.0或Windows 2000的计算机是域的成员,是工作组的成员,还是使用本地安全机构API的独立计算机。

The article also provides sample code for a small program that outputs whether the computer the program is running on is part of a domain, part of a workgroup, or a standalone computer.

本文还提供了一个小程序的示例代码,该程序输出程序运行的计算机是域的一部分,工作组的一部分还是独立的计算机。

#2


3  

I think the NetServerEnum function will help you in what you want; I would ask for the primary domain controllers with the SV_TYPE_DOMAIN_CTRL constant for servertype parameter. If you don't get any, then you're not in a domain.

我认为NetServerEnum功能可以帮助您实现所需;对于servertype参数,我会要求主域控制器使用SV_TYPE_DOMAIN_CTRL常量。如果你没有得到任何,那么你不在域中。

#3


1  

You can check the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon for the value of 'CachePrimaryDomain'.

您可以检查注册表项HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon以获取'CachePrimaryDomain'的值。

#4


1  

The code in the MSDN sample is a little outdated. This is the function I came up with that works.

MSDN示例中的代码有点过时了。这是我提出的功能。

bool ComputerBelongsToDomain()
{
    bool ret = false;

    LSA_OBJECT_ATTRIBUTES objectAttributes;
    LSA_HANDLE policyHandle;
    NTSTATUS status;
    PPOLICY_PRIMARY_DOMAIN_INFO info;

    // Object attributes are reserved, so initialize to zeros.
    ZeroMemory(&objectAttributes, sizeof(objectAttributes));

    status = LsaOpenPolicy(NULL, &objectAttributes, GENERIC_READ | POLICY_VIEW_LOCAL_INFORMATION, &policyHandle);
    if (!status)
    {
        status = LsaQueryInformationPolicy(policyHandle, PolicyPrimaryDomainInformation, (LPVOID*)&info);
        if (!status)
        {
            if (info->Sid)
                ret = true;

            LsaFreeMemory(info);
        }

        LsaClose(policyHandle);
    }

    return ret;
}

#5


1  

Here is a dead simple approach I don't see mentioned.

这是一个我看不到的简单方法。

TCHAR UserDnsDomain[128] = { 0 }; 
DWORD Result = 0;

Result = GetEnvironmentVariable("USERDNSDOMAIN", UserDnsDomain, sizeof(UserDnsDomain));

if (Result == 0 || Result >= sizeof(UserDnsDomain) || GetLastError() == ERROR_ENVVAR_NOT_FOUND)
{
    return(FALSE); // Not logged in to a domain
}

This is predicated on the idea that if the user who is running this code is not currently logged in to a domain, then the USERDNSDOMAIN environment variable will be empty or unavailable. But there are some caveats you should think about.

这是基于以下想法:如果运行此代码的用户当前未登录到域,则USERDNSDOMAIN环境变量将为空或不可用。但是你应该考虑一些警告。

Pros:

  • Very easy to implement.
  • 很容易实现。

  • 99% reliable.

Cons:

  • May fail or return false results if the computer is domain joined, but the user executing this code is logged on to that computer with a local account.
  • 如果计算机已加入域,则可能会失败或返回错误结果,但执行此代码的用户使用本地帐户登录到该计算机。

  • May fail or return false results if the computer is domain joined, but network connectivity to a domain controller was unavailable at the time of logon/user logged on with cached credentials.
  • 如果计算机已加入域,则可能会失败或返回错误结果,但在登录/用户使用缓存凭据登录时,与域控制器的网络连接不可用。

#6


0  

Avoid LSA which is a wrong method. You must use DS api (2 lines of code)

避免使用LSA这是一种错误的方法。你必须使用DS api(2行代码)

#7


0  

what about from the name of the computer?

怎么从电脑的名字?

edit: this was a crapy 'answer' from way back. What I meant was cheching for the form domain\name in the computer name. That of course implies that you do know the name of the domain, it does not solves the issue of just knowing if the computer is in any domain.

编辑:从回来开始,这是一个疗法'回答'。我的意思是在计算机名称中填写表单domain \ name。这当然意味着您确实知道域的名称,它不能解决只知道计算机是否在任何域中的问题。

#1


11  

Straight from Microsoft:

直接来自微软:

How To Determine If a Windows NT/Windows 2000 Computer Is a Domain Member

如何确定Windows NT / Windows 2000计算机是否为域成员

This approach uses the Windows API. From the article summary:

此方法使用Windows API。从文章摘要:

This article describes how to determine if a computer that is running Windows NT 4.0 or Windows 2000 is a member of a domain, is a member of a workgroup, or is a stand-alone computer using the Local Security Authority APIs.

本文介绍如何确定运行Windows NT 4.0或Windows 2000的计算机是域的成员,是工作组的成员,还是使用本地安全机构API的独立计算机。

The article also provides sample code for a small program that outputs whether the computer the program is running on is part of a domain, part of a workgroup, or a standalone computer.

本文还提供了一个小程序的示例代码,该程序输出程序运行的计算机是域的一部分,工作组的一部分还是独立的计算机。

#2


3  

I think the NetServerEnum function will help you in what you want; I would ask for the primary domain controllers with the SV_TYPE_DOMAIN_CTRL constant for servertype parameter. If you don't get any, then you're not in a domain.

我认为NetServerEnum功能可以帮助您实现所需;对于servertype参数,我会要求主域控制器使用SV_TYPE_DOMAIN_CTRL常量。如果你没有得到任何,那么你不在域中。

#3


1  

You can check the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon for the value of 'CachePrimaryDomain'.

您可以检查注册表项HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon以获取'CachePrimaryDomain'的值。

#4


1  

The code in the MSDN sample is a little outdated. This is the function I came up with that works.

MSDN示例中的代码有点过时了。这是我提出的功能。

bool ComputerBelongsToDomain()
{
    bool ret = false;

    LSA_OBJECT_ATTRIBUTES objectAttributes;
    LSA_HANDLE policyHandle;
    NTSTATUS status;
    PPOLICY_PRIMARY_DOMAIN_INFO info;

    // Object attributes are reserved, so initialize to zeros.
    ZeroMemory(&objectAttributes, sizeof(objectAttributes));

    status = LsaOpenPolicy(NULL, &objectAttributes, GENERIC_READ | POLICY_VIEW_LOCAL_INFORMATION, &policyHandle);
    if (!status)
    {
        status = LsaQueryInformationPolicy(policyHandle, PolicyPrimaryDomainInformation, (LPVOID*)&info);
        if (!status)
        {
            if (info->Sid)
                ret = true;

            LsaFreeMemory(info);
        }

        LsaClose(policyHandle);
    }

    return ret;
}

#5


1  

Here is a dead simple approach I don't see mentioned.

这是一个我看不到的简单方法。

TCHAR UserDnsDomain[128] = { 0 }; 
DWORD Result = 0;

Result = GetEnvironmentVariable("USERDNSDOMAIN", UserDnsDomain, sizeof(UserDnsDomain));

if (Result == 0 || Result >= sizeof(UserDnsDomain) || GetLastError() == ERROR_ENVVAR_NOT_FOUND)
{
    return(FALSE); // Not logged in to a domain
}

This is predicated on the idea that if the user who is running this code is not currently logged in to a domain, then the USERDNSDOMAIN environment variable will be empty or unavailable. But there are some caveats you should think about.

这是基于以下想法:如果运行此代码的用户当前未登录到域,则USERDNSDOMAIN环境变量将为空或不可用。但是你应该考虑一些警告。

Pros:

  • Very easy to implement.
  • 很容易实现。

  • 99% reliable.

Cons:

  • May fail or return false results if the computer is domain joined, but the user executing this code is logged on to that computer with a local account.
  • 如果计算机已加入域,则可能会失败或返回错误结果,但执行此代码的用户使用本地帐户登录到该计算机。

  • May fail or return false results if the computer is domain joined, but network connectivity to a domain controller was unavailable at the time of logon/user logged on with cached credentials.
  • 如果计算机已加入域,则可能会失败或返回错误结果,但在登录/用户使用缓存凭据登录时,与域控制器的网络连接不可用。

#6


0  

Avoid LSA which is a wrong method. You must use DS api (2 lines of code)

避免使用LSA这是一种错误的方法。你必须使用DS api(2行代码)

#7


0  

what about from the name of the computer?

怎么从电脑的名字?

edit: this was a crapy 'answer' from way back. What I meant was cheching for the form domain\name in the computer name. That of course implies that you do know the name of the domain, it does not solves the issue of just knowing if the computer is in any domain.

编辑:从回来开始,这是一个疗法'回答'。我的意思是在计算机名称中填写表单domain \ name。这当然意味着您确实知道域的名称,它不能解决只知道计算机是否在任何域中的问题。