3.1.4.7.2 LsarQueryTrustedDomainInfo (Opnum 39)

The LsarQueryTrustedDomainInfo method is invoked to retrieve information on a trusted domain object.

 NTSTATUS LsarQueryTrustedDomainInfo(
   [in] LSAPR_HANDLE PolicyHandle,
   [in] PRPC_SID TrustedDomainSid,
   [in] TRUSTED_INFORMATION_CLASS InformationClass,
   [out, switch_is(InformationClass)] 
     PLSAPR_TRUSTED_DOMAIN_INFO* TrustedDomainInformation
 );

PolicyHandle: An RPC context handle obtained from either LsarOpenPolicy or LsarOpenPolicy2.

TrustedDomainSid: A security descriptor of the trusted domain object.

InformationClass: Identifies the type of information the caller is interested in.

TrustedDomainInformation: Used to return the information on the trusted domain object to the caller.

Return Values: The following is a summary of the return values that an implementation MUST return, as specified by the message processing that follows.

Return value/code

Description

0x00000000

STATUS_SUCCESS

The request was successfully completed.

0xC0000022

STATUS_ACCESS_DENIED

The caller does not have the permissions to perform this operation.

0xC000000D

STATUS_INVALID_PARAMETER

One or more of the supplied parameters was invalid.

0xC0000002

STATUS_NOT_IMPLEMENTED

The specified information class is not supported.

0xC0000003

STATUS_INVALID_INFO_CLASS

The InformationClass argument is outside the allowed range.

0xC0000008

STATUS_INVALID_HANDLE

PolicyHandle is not a valid handle.

0xC00000DF

STATUS_NO_SUCH_DOMAIN

The specified trusted domain object does not exist.

0xC00002B1

STATUS_DIRECTORY_SERVICE_REQUIRED

The Active Directory service was not available on the server.

Processing:

If Active Directory is not running on this machine, the server MUST return STATUS_DIRECTORY_SERVICE_REQUIRED.

This message takes four arguments:

PolicyHandle: An open handle to the policy object. If the handle is not a valid context handle to the policy object or PolicyHandle.HandleType does not equal "Policy", the server MUST return STATUS_INVALID_HANDLE. The server MUST verify that PolicyHandle grants access as specified in section 3.1.4.2.2 with RequiredAccess set as specified in section 3.1.4.7.13.

TrustedDomainSid: The SID of the trusted domain object to query. The server MUST verify that the caller has supplied a valid domain SID for this parameter and fail the request with STATUS_INVALID_PARAMETER if the check fails. The server MUST verify that a trusted domain object with this SID exists in its policy database and fail the request with STATUS_NO_SUCH_DOMAIN otherwise.

InformationClass: A value from the TRUSTED_INFORMATION_CLASS enumeration that specifies which type of information the caller is requesting. Not all values are valid. For values outside the TRUSTED_INFORMATION_CLASS enumeration range, the server MUST reject the request with STATUS_INVALID_PARAMETER. For InformationClass values TrustedControllersInformation, TrustedDomainAuthInformationInternal, TrustedDomainFullInformationInternal, and for any values that would be rejected by an LsarQueryInfoTrustedDomain call, the server MUST reject the request with an implementation-specific error. For all other InformationClass values, the server MUST behave as if it is processing an LsarQueryInfoTrustedDomain call with a trusted domain handle to the trusted domain identified by the TrustedDomainSid parameter.

TrustedDomainInformation: Used to return the requested information.