>Hi Dmitry,
>
>>> Do average users know their network credentials (username and password)?
>
>To log into a PC on the facility network, they need to know their credentials.
>
>>>And do you know of a way to test the above code without having an AD. Or, do you know if a "sample/test" AD is available for a download?
>
>I know of no free or online Windows Server offering Active Directory. However, there's several free LDAP hosts- one of which is referenced in the code- and free openLDAP works fine on Windows if you want to test generic LDAP authentication locally.
>
>What I found was that AD Authentication via LogonUser is being locked down as part of security policies, maybe because it produces a token that can be used for impersonation. Whereas the above LDAP code just tries to bind using credentials, as a way of authenticating them. This can also be blocked, but is unlikely to be if the customer is wanting network credential authentication.

I've never used it, but apparently Samba has offered AD support for some time: https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

It's interesting that you found LogonUser actually is locked down in that environment. Can you share anything about how that was done - Group Policy, or something else?