I often run cmd shell using runas with multiple domain accounts, how could I get the domain name from the shell that was running under a different domain account?
Example:
C:\>echo %userdomain%
DOMAIN1
C:\>runas /netonly /user:DOMAIN2\USER cmd
Enter the password for DOMAIN2\USER:
Attempting to start cmd as user "DOMAIN2\USER" ...
Now on the new shell which is running as DOMAIN2\USER still gives me the %userdomain% output as DOMAIN1. Is there a way I could get the domain of runas account?
This is the expected behavior of RunAs when used with the /netonly parameter.
Using /netonly allows you to run your command/application/shell with your user (DOMAIN1\USER), while authenticating over the network with another user (DOMAIN2\USER).
From Microsoft Documentation:
/netonly Indicates that the user information specified is for remote access only. This parameter cannot be used with the /profile parameter.
You can however open the new cmd.exe prompt with a command that will set a variable you can then use... for example:
runas /netonly /user:DOMAIN2\USER "cmd /K SET NETONLYUSER=DOMAIN2\USER"
So you can access this variable in the new cmd.exe with %NETONLYUSER%