NTLM is a bit more complicated than basic auth. The encoded username and domain is only included on type 3 messages. If the client uses the same connection for multiple HTTP requests, I think the type 3 message will only be sent on the first request/challenge/response exchange. So if you need to insert something from the username or domain in a custom HTTP header for every request, you might need to save the parsed username and manually insert it even if the authorization header isn't present for the current request.
Check this post for some references and options for parsing the Authorization header. If you read through the post and first link and still have questions, reply here.
Filter users authenticatiing via NTLM (MOSS) by domain name
http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=3455834634
NTLM Authentication Scheme for HTTP
http://www.innovation.ch/personal/ronald/ntlm.html
The NTLM Authentication Protocol and Security Support Provider
http://davenport.sourceforge.net/ntlm.html
Aaron