How to detect missing domain controller in advance of identity translation?

In our codebase we have a chunk of code that makes some decisions based on the current user's memberships. Vastly simplified it looks like this:

foreach (var group in WindowsIdentity.GetCurrent().Groups)
{
    try
    {
        string groupName = group.Translate(typeof(NTAccount)).Value;
        if (groupName.StartsWith(..blahblahblah...)) { dosomething(); }
    }
    catch (IdentityNotMappedException) { }
}

Unfortunately I'm on a laptop outside the LAN and it's not handling the offline case. The Translate() call fails with a SystemException "The trust relationship between this workstation and the primary domain failed."

I don't want to mask SystemException for obvious reasons, and I definitely don't want to disable first-chance catching those in the debugger.

What is the correct way to test for Translate() failing due to the domain controller开发者_StackOverflow being unreachable? I don't want to mask the specific "trust relationship failed" error, just avoid attempting the Translate if it is guaranteed to fail due to network conditions.

I would perform a domain lookup that is garuanteed to succeed as long as you ar connected, for instance search for the domain it self with directorysearcher. If you are logged in to the domain and are connected to a DC this would be successful, and you can assume that subsequent lookup failures are cauced by something else other than connection problems.