Directory Services

Testing Whether Running on a Domain Controller

The following code uses the VerifyVersionInfo function to determine whether the calling process is running on Windows 2000 domain controller. Your service installation program could use this test before installing a service under the LocalSystem account. If the test indicates that you are running on a domain controller, you either install the service to run under a user account, or display a dialog box warning of the dangers in running as LocalSystem on a domain controller (which are that the service would then have unrestricted access to Active Directory, a supremely powerful security context that has the potential to damage the entire network).

BOOL Is_Win2000_DomainController () 
{
   OSVERSIONINFOEX osvi;
   DWORDLONG dwlConditionMask = 0;
 
   // Initialize the OSVERSIONINFOEX structure.
   ZeroMemory(&osvi, sizeof(OSVERSIONINFOEX));
   osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
   osvi.dwMajorVersion = 5;
   osvi.wProductType = VER_NT_DOMAIN_CONTROLLER;
 
   // Initialize the condition mask.
   VER_SET_CONDITION( dwlConditionMask, VER_MAJORVERSION, 
	VER_GREATER_EQUAL );
   VER_SET_CONDITION( dwlConditionMask, VER_PRODUCT_TYPE, 
	VER_EQUAL );
 
   // Perform the test.
   return VerifyVersionInfo(
	&osvi, 
	VER_MAJORVERSION | VER_PRODUCT_TYPE,
	dwlConditionMask);
}