7,023 questions
domain controllers do use a certificate. But assuming your app is hosted by a "fake" domain, which installed an internal certificate as trusted, you would need to supply your own certificate validation routine.
How to verify Active Directory domain "identity"?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 37%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
MDell.Seradex
1
Reputation point
I am writing a .NET application and am wondering if there is a way to concretely identify that the Active Directory domain the application is running in is mine and not another domain attempting to impersonate mine.
In this case the internal domain names would be the identical, but they are actually separate domains running on different networks.
I was thinking of something like a certificate on the domain that I can validate, but would accept anything else.
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Developer technologies | C#
11,579 questions
{count} votes
-
Jack J Jun 25,296 Reputation points2022-12-07T09:41:10.54+00:00 @MDell.Seradex , Welcome to Microsoft Q&A, I suggest that you could use your username and groupname to verify the identity of the domain. Please refer to the answer How to check if a user belongs to an AD group?.
-
MDell.Seradex 1 Reputation point
2022-12-08T18:44:36.333+00:00 Aren't those names something that could be replicated in another domain?
I am not trying to determine if the current account is a member of the domain, but instead am trying to validate that the domain is one that my company setup.
This is akin to how when one acquires a code signing certificate you are verified to confirm that you are actually who you say you are. As such I cannot just say that I am Microsoft, for instance.
I could create a domain on my network called "microsoft.com", but it would not really be Microsoft's domain.I hope that clarifies what I am asking for. Perhaps it is not possible.
Sign in to comment
1 answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Bruce (SqlWork.com) 78,006 Reputation points Volunteer Moderator2022-12-08T21:07:07.11+00:00