Thanks, I figured it out. As long as the user is logged into our domain, I can get the ID.
The problem is that some users are not on our domain, rather in workgroups in field offices who basically VPN in through a router. I can capture their ID fine, but they would have to log into our domain first, which they would get prompted for the first time they try to open the page. We want to avoid having them log in in order to get their ID