Export (0) Print
Expand All

2.2.16 LSAP_LOOKUP_LEVEL

The LSAP_LOOKUP_LEVEL enumeration defines different scopes for searches during translation.

typedef  enum _LSAP_LOOKUP_LEVEL
{
  LsapLookupWksta = 1,
  LsapLookupPDC,
  LsapLookupTDL,
  LsapLookupGC,
  LsapLookupXForestReferral,
  LsapLookupXForestResolve,
  LsapLookupRODCReferralToFullDC
} LSAP_LOOKUP_LEVEL, 
 *PLSAP_LOOKUP_LEVEL;

<7>

LsapLookupWksta: SIDs MUST be searched in the views under the Security Principal SID and Security Principal SID History columns in the following order:

  • Predefined Translation View, as specified in section 3.1.1.1.1.

  • Configurable Translation View, as specified in section 3.1.1.1.2.

  • Builtin Domain Principal View of the account database on the RPC server, as specified in section 3.1.1.1.3.

  • Account Domain View of account database on that machine, as specified in section 3.1.1.1.6.

    • If the machine is not joined to a domain, the search ends here.

  • If the machine is not a domain controller: the Account Domain View of the domain to which this machine is joined.

  • Forest View (section 3.1.1.1.9) of the forest of the domain to which this machine is joined, unless ClientRevision is 0x00000001 and the machine is joined to a mixed mode domain, as specified in [MS-ADTS] section 6.1.4.1.

  • Forest Views of trusted forests for the forest of the domain to which this machine is joined, unless ClientRevision is 0x00000001 and the machine is joined to a mixed mode domain, as specified in [MS-ADTS] section 6.1.4.1.

  • Account Domain Views of externally trusted domains for the domain to which this machine is joined.

LsapLookupPDC: SIDs MUST be searched in the views under the Security Principal SID and Security Principal SID History columns in the following order:

  • Account Domain View of the domain to which this machine is joined.

  • Forest View of the forest of the domain to which this machine is joined, unless ClientRevision is 0x00000001 and the machine is joined to a mixed mode domain, as specified in [MS-ADTS] section 6.1.4.1.

  • Forest Views of trusted forests for the forest of the domain to which this machine is joined, unless ClientRevision is 0x00000001 and the machine is joined to a mixed mode domain, as specified in [MS-ADTS] section 6.1.4.1.

  • Account Domain Views of externally trusted domains for the domain to which this machine is joined.

LsapLookupRODCReferralToFullDC: SIDs MUST be searched in the databases under the Security Principal SID and Security Principal SID History columns in the following order:

  • Forest Views of trusted forests for the forest of the domain to which this machine is joined, unless ClientRevision is 0x00000001 and the machine is joined to a mixed mode domain, as specified in [MS-ADTS] section 6.1.4.1.

  • Account Domain Views of externally trusted domains for the domain to which this machine is joined.

LsapLookupTDL: SIDs MUST be searched in the databases under the Security Principal SID column in the following view:

  • Account Domain View of the domain NC for the domain to which this machine is joined.

LsapLookupGC: SIDs MUST be searched in the databases under the Security Principal SID and Security Principal SID History columns in the following view:

  • Forest View of the forest of the domain to which this machine is joined.

LsapLookupXForestReferral: SIDs MUST be searched in the databases under the Security Principal SID and Security Principal SID History columns in the following views:

  • Forest Views of trusted forests for the forest of the domain to which this machine is joined.

LsapLookupXForestResolve: SIDs MUST be searched in the databases under the Security Principal SID and Security Principal SID History columns in the following view:

  • Forest View of the forest of the domain to which this machine is joined.

 
Show:
© 2014 Microsoft