CredWriteDomainCredentialsW function (wincred.h)
The CredWriteDomainCredentials function writes domain credentials to the user's credential set. The credential set used is the one associated with the logon session of the current token. The token must not have the user's SID disabled.
Syntax
BOOL CredWriteDomainCredentialsW(
[in] PCREDENTIAL_TARGET_INFORMATIONW TargetInfo,
[in] PCREDENTIALW Credential,
[in] DWORD Flags
);
Parameters
[in] TargetInfo
Identifies the target server. At least one of the naming members must be non-NULL and can be NetbiosServerName, DnsServerName, NetbiosDomainName, DnsDomainName, or DnsTreeName.
[in] Credential
Credential to be written.
The credential must be one that matches TargetInfo For instance, if the TargetName is a wildcard DNS name, then the TargetName member of the credential must be a postfix of the DnsServerName member from the TargetInfo.
[in] Flags
Flags to control the operation of the API. The following flag is defined.
Return value
If the function succeeds, the function returns TRUE.
If the function fails, it returns FALSE. Call the GetLastError function to get a more specific status code. The following status codes can be returned.
Other smart card errors can be returned when writing a CRED_TYPE_CERTIFICATE credential.
Return code | Description |
---|---|
|
One or more of the parameters are not valid. Either none of the naming parameters were specified, or the credential specified did not have the Type member set to CRED_TYPE_DOMAIN_PASSWORD or CRED_TYPE_DOMAIN_CERTIFICATE, or the Credential does not match the TargetInfo. |
|
The logon session does not exist or there is no credential set associated with this logon session. Network logon sessions do not have an associated credential set. |
|
A value that is not valid was specified for the Flags parameter. |
|
The UserName member of the passed in Credential structure is not valid. For a description of valid syntaxes, see the definition of that member. |
|
CRED_PRESERVE_CREDENTIAL_BLOB was specified and there is no existing credential by the same TargetName and Type. |
|
The CRED_TYPE_CERTIFICATE credential being written requires the smart card reader to be available. |
|
The credential being written requires the smart card to be inserted. |
|
The wrong PIN was supplied for the CRED_TYPE_CERTIFICATE credential being written. |
Remarks
When this function writes a CRED_TYPE_CERTIFICATE credential, the Credential->CredentialBlob member specifies the PIN that protects the private key of the certificate specified by the Credential->UserName. The credential manager does not maintain the PIN. Rather, the PIN is passed to the CSP of the certificate for later use by the CSP and authentication packages. The CSP defines the lifetime of the PIN. For instance, most CSPs flush the PIN upon smart card removal.
CredWriteDomainCredentials differs from CredWrite in that it handles the idiosyncrasies of domain (CRED_TYPE_DOMAIN_PASSWORD or CRED_TYPE_DOMAIN_CERTIFICATE) credentials. Domain credentials contain more than one target member.
If the value of the Type member of the CREDENTIAL structure specified by the Credential parameter is CRED_TYPE_DOMAIN_EXTENDED, a namespace must be specified in the target name.
Note
The wincred.h header defines CredWriteDomainCredentials as an alias that automatically selects the ANSI or Unicode version of this function based on the definition of the UNICODE preprocessor constant. Mixing usage of the encoding-neutral alias with code that is not encoding-neutral can lead to mismatches that result in compilation or runtime errors. For more information, see Conventions for Function Prototypes.
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows XP [desktop apps only] |
Minimum supported server | Windows Server 2003 [desktop apps only] |
Target Platform | Windows |
Header | wincred.h |
Library | Advapi32.lib |
DLL | Advapi32.dll |