LSA_OPEN_SAM_USER callback function (ntsecpkg.h)

Retrieves a handle to a user account in the Security Accounts Manager (SAM) database.

Syntax

LSA_OPEN_SAM_USER LsaOpenSamUser;

NTSTATUS LsaOpenSamUser(
  [in]  PSECURITY_STRING Name,
  [in]  SECPKG_NAME_TYPE NameType,
  [in]  PSECURITY_STRING Prefix,
  [in]  BOOLEAN AllowGuest,
  [in]  ULONG Reserved,
  [out] PVOID *UserHandle
)
{...}

Parameters

[in] Name

Pointer to a UNICODE_STRING structure that specifies the name of the SAM account.

[in] NameType

A SECPKG_NAME_TYPE enumeration value that specifies the type of account name in Name. This parameter can be one of the following values.

Value Meaning
SecNameSamCompatible
Name is compatible with the SAM. An example of a name in SAM-compatible format is "ExampleDomain\Username".
SecNameAlternateId
Name is in the AltSecId property of the SAM account. This value is used with the Prefix parameter.
SecNameFlat
Name is a flat user principal name (UPN)–style account name.
SecNameDN
Name is the distinguished name of the object. For more information, see Remarks.

[in] Prefix

Pointer to a UNICODE_STRING structure that specifies the prefix to use with names that use a NameType of SecNameAlternateId.

[in] AllowGuest

Specifies whether to use the Guest account if the SAM account is not found. This parameter can be one of the following values.

Value Meaning
FALSE
If the user is not found, the OpenSamUser function call fails.
TRUE
If the user is not found and the Guest account is enabled, the Guest account is used.

[in] Reserved

Reserved. Specify zero.

[out] UserHandle

Pointer to a pointer that receives a handle to the user account.

Return value

If the function succeeds, the return value is STATUS_SUCCESS.

If the function fails, the return value is one of the following NTSTATUS error codes that indicates the reason for failure.

Return code Description
STATUS_INVALID_PARAMETER
NameType is SecNameAlternateId and Prefix is NULL.
STATUS_NO_SUCH_USER
The SAM account could not be found.

Remarks

To close the handle received by the UserHandle parameter, call the CloseSamUser function.

The distinguished name of a user identifies the name, domain, and the complete path to the Active Directory object that represents the user.

A pointer to the OpenSamUser function is available in the LSA_SECPKG_FUNCTION_TABLE structure received by the SpInitialize function.

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header ntsecpkg.h

See also

CloseSamUser

LSA_SECPKG_FUNCTION_TABLE

SpInitialize