When using the Current client authentication command, the command is not based on the user logged into the system but based on how the address attempted to perform a credential check against the Active Directory.

For an active directory, each user should only have one log in credential. If the system has had two instances of authenticating against the same active directory using two different accounts the Current client authentication may not return the OS logged in user.

An example of this is using credentials to connect to a networked drive if a different set of credentials from the one used to log into the system is used to authenticate and connect to a networked drive the Current client authentication may not return the user used to log into the system.

With the ideology of SSO, the users first and Single Sign-On, should be used to authenticate everything.

To add in some defensive programing to the Current system user command can be used to confirm that the user returned by Current client authentication matches.