Find domain name from command line

We can find the domain name of a computer by running the following commnad from command line.

We can find the logged in user’s domain by using the environment variable ‘USERDOMAIN’. Command for this is given below.

Note that the value in %USERDOMAIN% may not be the same as the one returned by systeminfo command. %USERDOMAIN% gives the domain name the user account belongs to, it could be different from the domain of the computer. Also, this may give you the NetBios name of the computer, not DNS/FQDN name.

Alternatively, we can use WMIC to retrieve domain name.

Whatt is the command to view domain name in windows 7

All the above commands work on Windows 7. WMIC one may/may not work depending on whether the edition of win7 you have supports it or not.

The systeminfo command given in this post works on Windows 7 also. I think copying the command from this page had some problem and it did not work. Have corrected it. It should work now.

systeminfo | findstr Domain

I see no reason for the /b /c:” “

/C may not be required. /b is required to avoid matches with the values for other fields of systeminfo command.

Thanks! Useful!! Keep it up your good work.

Thanks for this! I needed to pull the domain for a powershell script for use on servers that didn’t have the ActiveDirectory module (and I wasn’t going to install it).

This enabled me to grab the domain, then trim out the header and return in Powershell for my variable.

This command returns domain or workgroup: net config workstation
* If domain: “Workstation Domain DNS Name”
* If group: “Workstation domain”

Get-WmiObject is not recognized as a command. Any help guys?

Get-WmiObject is a PowerShell cmdlet. You need to use the command in the PowerShell Terminal. To do it in the CMD Terminal, you need to run the WMIC commands (as explained above)
For example, “wmic computersystem get domain” (without quotes)

Can someone please guide me on how to obtain the domain name of the servers remotely. I need to get the domain name for hunderds of servers.
Is there a way to create a CSV file with the server names and create a batch file and run it to obtain this information?
Any help would be highly appreciated.
Thanks.

wmic /node:”COMPUTERNAME” computersystem get domain

I am getting domain as workgroup. what’s wrong here?

It means that your computer is not part of a domain but a workgroup. All the home computers are part of a workgroup.

what is domain for windows 8? i need it for change to administrator, it is will work?

thanks for share me the value knowledge

Excellent info and list of commands.. Thank you.

Just type –> set user

gives you the domain info without searching

set user only shows the domain of which the user is a member.
NOT the computer’s domain. (This could be different).

If so, the ‘wmic computersystem get domain’ is a working command.

systeminfo | findstr /B /C:”Domain” depends on the OS language.
if you have a german OS, it’s
systeminfo | findstr /B /C:”Domäne” .
But otherwise fine info.

Get display name of current Windows domain user from a command prompt

From the command prompt, how can I get the friendly display name (that is, «John Doe» instead of «john.doe») of the domain user that is currently logged in?

8 Answers 8

Here is a tricky way that I did it using the net command and the find command in a batch file:

The first line stores the command that we want to execute in a variable. It pulls the username from the environment variables and passes that into the net user command as well as the /domain parameter to tell it to pull from the current domain. Then it pipes the result from that, which is a bunch of data on the current user, to a find method which will pull out only the property that we want. The result of the find is in the format «Full Name John Doe». The second line will execute the command and put the result into the variable fullNameText . The third line will remove the «Full Name» part of the result and end up with » John Doe». The fourth line with the for loop will remove all of the leading spaces from the result and you end up with «John Doe» in the fullName variable.

Lectrode answer in one string will be like this:

Here’s a derivative of skeletank’s response that’s slightly cleaner that worked for me. (I tried skeletank’s response and it didn’t work for me the way it was written, thus my answer below.)

Then you can use ‘DNAME’ anywhere you need like to ouput with an echo or validate with an ‘IF’ statement. You can flip the ‘%%B’ and ‘%%A’ tokens around to go back to last name first layout. This saves the additional effort used in skeletank’s original response.

Variables:
—TNAME = Temporary Name
—DNAME = Display Name

This should be a clean way using dsquery and dsget without relying on the output of «Full Name», which is language dependent, whereas «fn» seems to work with different language versions of windows.

The dsget -L switch gives the listed output «fn: USER» so the only thing left is to grab the second column in the output. find «fn:» is used to get rid of the «dsget succeeded» output.

The accepted answer (at time of posting) has 4 lines of code, when you only need one to do the same thing:

This will work even if the Full Name has more than 2 parts. Works on Windows workstations «out of the box» and does not require admin rights.

NOTE: Remember to change %n and %o to %%n and %%o ,respectively, when using in a batch file.

Explanation of the command:

«tokens=2* specifies that the only tokens it will pay attention to are the 2nd token (assigned to %n ), and everything after it (assigned to the next letter: %o )

The default delims is space so we don’t need to define it, but if we need to manually define it it’d be as follows: «tokens=2* delims= » . Because the space is a delimiter, it will ignore all leading spaces.

The pipe ( | ) is escaped by a carrot ( ^ ), telling the command processor to ignore it initially.

I also prefer to use FINDSTR instead of FIND because (in my testing) I’ve found it to be the faster command, which can make a difference if you’re using it frequently. FINDSTR /C:»Full Name» could be easily replaced with FIND «Full Name» if you preferred.

How to get Windows domain name?

How can i get the domain name of the machine (if the machine is in fact joined to a domain)?

And, of course, if the machine is not joined to a domain the function should return

• null , or
• an empty string, or
• the name of the machine, or
• «.»

Notes:

the NetGetJoinInformation Win32 function returns the legacy NetBIOS name of the domain (e.g. AVATOPIA ), not the name of the domain (e.g. avatopia.local )

the USERDOMAIN environment variable returns the domain of the logged on user, which can be different from the machine; and also returns the legacy NetBIOS name of the domain (e.g. AVATOPIA )

the USERDNSDOMAIN environment variable returns the domain name of the logged on user, which can be different from the machine

Microsoft has a knowledge base article How to retrieve current user and domain names on Windows NT, Windows 2000, or Windows XP, which relies on getting the user’s security token and calling LookupAccountSid.

• the LookupAccountSid Win32 function returns the legacy NetBIOS name of the domain (e.g. AVATOPIA ); and also returns the domain of the logged on user, which can be different from the machine

Update One

i’ve also tried using ADs object to bind to the IADs interface of the domain:

problem with this approach is that:

• you cannot get the domain name (only the distinguished name)
• it doesn’t work if the user does not have permissions to query AD
• it doesn’t work if the user is not a valid user in active directory
• it only works for Active Directory domains

Update Two:

Just to be clear what i want is:

Bonus Reading

3 Answers 3

Anybody using DsRoleGetPrimaryDomainInformation in production use should consider calling DsRoleFreeMemory to free the memory block when the information is no longer needed (as per discussion in the comments).

• Domain Forest Name: e.g. stackoverflow.com
• Domain DNS Name: e.g. stackoverflow.com
• Domain NetBIOS Name: e.g. STACKOVERFLOW

If the machine is not joined to a domain, then both Forest and dns are blank, with only NetBios name filled with the name of the workgroup, e.g.:

• Domain Forest Name: null
• Domain DNS Name: e.g. null
• Domain NetBIOS Name: e.g. WORKGROUP

The function also returns a flag indicating if the machine is joined to a domain:

• DsRole_RoleMemberWorkstation : workstation that is a member of a domain
• DsRole_RoleMemberServer : server that is a member of a domain
• DsRole_RolePrimaryDomainController : primary domain controller
• DsRole_RoleBackupDomainController : backup domain controller

• DsRole_RoleStandaloneWorkstation : workstation that is not a member of a domain
• DsRole_RoleStandaloneServer : server that is not a member of a domain

Getting windows domain name

I need to get the Windows domain name from Internet Explorer using classic asp (I could try it in another way if with classic asp it’s not possible).

I need to do this in order to insert the domain name into a database row.

So again, in summary, I need to retrieve the Windows computer domain name from the Internet Explorer that is accessing to a particular webpage.

Any idea where I could find and example in order to do that?, is it possible?

2 Answers 2

Web browsers by default use the web protocols (think Http, Html, Ssl, etc.). By your username I know that you are familiar with the RFCs that define these protocols.

Windows networks use a different protocols. The Domain is a logical security boundary in Windows networks. Yes, in modern versions of Windows Domain security uses standard protocols like Kerberos.

The problem you’ll have is that a web browser doesn’t normally send extra information to a web server about the client. That would be a huge security problem. So, by default a web browser (even IE) would not volunteer any network security information in an Http request.

When your web server requires client authentication, the web browser then must provide more security information to the server. Depending on the type of authentication your web server requires, your browser will send different information. For instance, in Http Basic authentication, the browser will send a username and password.

To my knowledge, the best way to get Windows Network Domain information from a web browser is to force the browser to authenticate using Windows Authentication. This is a special authentication mode that Microsoft built that pushes Microsoft network security information over the standard Http protocol. However, in order for this to work:

1. Users must be running IE on Windows
2. Web server must be IIS on Windows
3. The client and server must have a Windows security relationship
4. IIS must be enabled for Windows Auth
5. There are many restrictions about the network path between the client and the server. Proxies and firewalls will typically prevent the IE Client from using windows authentication with IIS.

If you can live with this checklist, I think you will find the domain info in the one of the http headers. You may have to parse it out of the username which will be domain\user. But I’m sorry I don’t remember the specifics. This should work even in classic ASP. More info on Windows Authentication is available at http://www.iis.net/ConfigReference/system.webServer/security/authentication/windowsAuthentication

For a user authenticated using Windows authentication, the name is of the form domainname\username, where domainname is the name of the domain in which the user is registered (or machine name if it’s a local account instead of a domain account), and username is the user’s name.

In Classic ASP, try Request.ServerVariables («AUTH_USER») or Request.ServerVariables («LOGON_USER»)

One alternative to Windows Authentication is to use Basic Auth and force the user to login with their windows credentials as domain\user. This however presents other security issues and you should do this only over SSL. However, this technique will work over the Internet and doesn’t require a security relationship between the client PC and the server. This would also work for non-IE browsers.

Get domain name

My computer is in a Domain (Active Directory) and I need to get the domain name dynamically. I found the following code on the internet:

It works exactly as I want and returns exactly the domain name as I want (when I am logged as Administrator). If the user is not a Domain Admin, I have an Access denied exception.

Does anybody know how to get the domain even with non-domain administrator users?

NOTE: I have found this solution on Internet System.Environment.UserDomainName; but it only gives me a part of the domain name.

I.e. my domain is: something.domain.com and the UserDomainName returns only something .

6 Answers 6

Why are you using WMI? Can’t you use the standard .NET functionality?

I’m going to add an answer to try to clear up a few things here as there seems to be some confusion. The main issue is that people are asking the wrong question, or at least not being specific enough.

What does a computer’s «domain» actually mean?

When we talk about a computer’s «domain», there are several things that we might be referring to. What follows is not an exhaustive list, but it covers the most common cases:

• A user or computer security principal may belong to an Active Directory domain.
• The network stack’s primary DNS search suffix may be referred to as the computer’s «domain».
• A DNS name that resolves to the computer’s IP address may be referred to as the computer’s «domain».

Which one do I want?

This is highly dependent on what you are trying to do. The original poster of this question was looking for the computer’s «Active Directory domain», which probably means they are looking for the domain to which either the computer’s security principal or a user’s security principal belongs. Generally you want these when you are trying to talk to Active Directory in some way. Note that the current user principal and the current computer principal are not necessarily in the same domain.

Pieter van Ginkel’s answer is actually giving you the local network stack’s primary DNS suffix (the same thing that’s shown in the top section of the output of ipconfig /all ). In the 99% case, this is probably the same as the domain to which both the computer’s security principal and the currently authenticated user’s principal belong — but not necessarily. Generally this is what you want when you are trying to talk to devices on the LAN, regardless of whether or not the devices are anything to do with Active Directory. For many applications, this will still be a «good enough» answer for talking to Active Directory.

The last option, a DNS name, is a lot fuzzier and more ambiguous than the other two. Anywhere between zero and infinity DNS records may resolve to a given IP address — and it’s not necessarily even clear which IP address you are interested in. user2031519’s answer refers to the value of HTTP_HOST , which is specifically useful when determining how the user resolved your HTTP server in order to send the request you are currently processing. This is almost certainly not what you want if you are trying to do anything with Active Directory.

How do I get them?

Domain of the current user security principal

This one’s nice and simple, it’s what Tim’s answer is giving you.

Domain of the current computer security principal

This is probably what the OP wanted, for this one we’re going to have to ask Active Directory about it.

This one will throw a ActiveDirectoryObjectNotFoundException if the local machine is not part of domain, or the domain controller cannot be contacted.

Network stack’s primary DNS suffix

This is what Pieter van Ginkel’s answer is giving you. It’s probably not exactly what you want, but there’s a good chance it’s good enough for you — if it isn’t, you probably already know why.

DNS name that resolves to the computer’s IP address

This one’s tricky and there’s no single answer to it. If this is what you are after, comment below and I will happily discuss your use-case and help you to work out the best solution (and expand on this answer in the process).