You will want to look at GetTokenInformation and retrieve the user's
SID. All administrator account SIDs end with the RID 500. So if the user
SID ends in 500, the account is AN administrator account. To determine
if it is THE administrator account of a specific domain, you need to get
the domain SID and append the 500 RID on it and that will tell you the
full SID of domain's builtin administrator account.
Now I would ask WHY you want that info. If you are building requirements
into an application that requires the builtin administrator account.
Don't. There are companies, the smart ones, that do not use that account
and its password is sealed in an envelope in the safe of some high
ranking executive and doesn't ever come out unless the sky fell. One
company I was at, we didn't use that account for well over 5 years. If
someone came to us with an App that said that it was required, we would
have laughed and escorted them to the door.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm