3.4.5.5.6 Calling NetrServerGetTrustInfo
The client MUST do the following:
Have a secure channel established with a domain controller in the domain identified by domain-name and pass its name as the TrustedDcName parameter.
After the method returns, the client MUST verify the ReturnAuthenticator, as defined in section 3.1.4.5.
On receiving STATUS_ACCESS_DENIED, the client SHOULD<125> reestablish the secure channel with the domain controller.