As a follow up to what @Jim Perry provided, the hsi.useraccount.securityid is the field associated with the user account which stores the SID from Active Directory. This field is populated the first time the user authenticates via Directory Service Authentication (e.g. Active Directory). Subsequent attempts to login will compare this field in order to authenticate the user into OnBase.
However, to add on to this, a user account in OnBase can authenticate using an OnBase username and password AND domain authentication when their OnBase user account is configured with the Authentication (Config | Users | Settings) setting Standard Logon. When an OnBase user account is configured with the Standard Logon radio button selected, the user account will have a password associated. This allows the user to login with their OnBase username and password using any client configured for OnBase credentials. It also allows them to logon with Directory Service Authentication for any client configured for this method of authentication. If the user account is configured with the Authentication setting Integrated Security Logon Only, then the user will ONLY be able to logon with Directory Service Authentication.
Assuming that all of your user accounts are configured for Directory Service Authentication AND you are provisioning users upon authentication (meaning the user account is created the first time they logon to the app), then looking at the presence of the security hsi.useraccount.securityid field is likely the most accurate way to determine if users are using Active Directory authentication. You can further filter by disabled.
Best wishes.
