diff --git a/ADconnection.sh b/ADconnection.sh
index 6d391b2..806fc45 100644
--- a/ADconnection.sh
+++ b/ADconnection.sh
@@ -865,6 +865,16 @@ fi
 ############################### Reauth ##########################################
 
 Reauthenticate(){
+whoelse=$(who | head -1 | awk '{print $1}')
+homes=$( ls /home/tobii.intra/ )
+if [ "$homes" = "$whoelse" ]
+then
+echo ""
+echo "you are logged in as an AD user.. canceling request"
+echo "only administrator has permissions"
+echo ""
+exit
+else
 LEFT=$(sudo realm discover | grep configured | awk '{print $2}')
 DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}')
 SSSD=$( sudo cat /etc/sssd/sssd.conf | grep domain | awk '{print $3}' | head -1 )
@@ -917,11 +927,22 @@ read -p "Do you really want to leave the domain: $DOMAIN (y/n)?" yn
     * ) echo 'Please answer yes or no.';;
    esac
 exit
+fi
 }
 
 ########################################### Leave Realm ################################
 
 leave(){
+whoelse=$(who | head -1 | awk '{print $1}')
+homes=$( ls /home/tobii.intra/ )
+if [ "$homes" = "$whoelse" ]
+then
+echo ""
+echo "you are logged in as an AD user.. canceling request"
+echo "only administrator has permissions"
+echo ""
+exit
+else
 LEFT=$(sudo realm discover | grep configured | awk '{print $2}')
 DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}')
 SSSD=$( sudo cat /etc/sssd/sssd.conf | grep domain | awk '{print $3}' | head -1 )
@@ -970,6 +991,7 @@ read -p "Do you really want to leave the domain: $DOMAIN (y/n)?" yn
     * ) echo 'Please answer yes or no.';;
    esac
 exit
+fi
 }
 
 ########################################### info #######################################