2.2.16 LSAP_LOOKUP_LEVEL

  • Article

The LSAP_LOOKUP_LEVEL enumeration defines different scopes for searches during translation.<8>

 typedef  enum _LSAP_LOOKUP_LEVEL
 {
   LsapLookupWksta = 1,
   LsapLookupPDC,
   LsapLookupTDL,
   LsapLookupGC,
   LsapLookupXForestReferral,
   LsapLookupXForestResolve,
   LsapLookupRODCReferralToFullDC
 } LSAP_LOOKUP_LEVEL,
  *PLSAP_LOOKUP_LEVEL;

LsapLookupWksta: SIDs MUST be searched in the views under the Security Principal SID and Security Principal SID History columns in the following order:

  • Predefined Translation View, as specified in section 3.1.1.1.1.

  • Configurable Translation View, as specified in section 3.1.1.1.2.

  • Builtin Domain Principal View of the account database on the RPC server, as specified in section 3.1.1.1.3.

  • Account Domain View of account database on that machine, as specified in section 3.1.1.1.6.

    • If the machine is not joined to a domain, the search ends here.

  • If the machine is not a domain controller: the Account Domain View of the domain to which this machine is joined.

  • Forest View (section 3.1.1.1.9) of the forest of the domain to which this machine is joined, unless ClientRevision is 0x00000001 and the machine is joined to a mixed mode domain, as specified in [MS-ADTS] section 6.1.4.1.

  • Forest Views of trusted forests for the forest of the domain to which this machine is joined, unless ClientRevision is 0x00000001 and the machine is joined to a mixed mode domain, as specified in [MS-ADTS] section 6.1.4.1.

  • Account Domain Views of externally trusted domains for the domain to which this machine is joined.

LsapLookupPDC: SIDs MUST be searched in the views under the Security Principal SID and Security Principal SID History columns in the following order:

  • Account Domain View of the domain to which this machine is joined.

  • Forest View of the forest of the domain to which this machine is joined, unless ClientRevision is 0x00000001 and the machine is joined to a mixed mode domain, as specified in [MS-ADTS] section 6.1.4.1.

  • Forest Views of trusted forests for the forest of the domain to which this machine is joined, unless ClientRevision is 0x00000001 and the machine is joined to a mixed mode domain, as specified in [MS-ADTS] section 6.1.4.1.

  • Account Domain Views of externally trusted domains for the domain to which this machine is joined.

LsapLookupRODCReferralToFullDC: SIDs MUST be searched in the databases under the Security Principal SID and Security Principal SID History columns in the following order:

  • Forest Views of trusted forests for the forest of the domain to which this machine is joined, unless ClientRevision is 0x00000001 and the machine is joined to a mixed mode domain, as specified in [MS-ADTS] section 6.1.4.1.

  • Account Domain Views of externally trusted domains for the domain to which this machine is joined.

LsapLookupTDL: SIDs MUST be searched in the databases under the Security Principal SID column in the following view:

  • Account Domain View of the domain NC for the domain to which this machine is joined.

LsapLookupGC: SIDs MUST be searched in the databases under the Security Principal SID and Security Principal SID History columns in the following view:

  • Forest View of the forest of the domain to which this machine is joined.

LsapLookupXForestReferral: SIDs MUST be searched in the databases under the Security Principal SID and Security Principal SID History columns in the following views:

  • Forest Views of trusted forests for the forest of the domain to which this machine is joined.

LsapLookupXForestResolve: SIDs MUST be searched in the databases under the Security Principal SID and Security Principal SID History columns in the following view:

  • Forest View of the forest of the domain to which this machine is joined.