220.127.116.11 LsarLookupSids2 (Opnum 57)
NTSTATUS LsarLookupSids2( [in] LSAPR_HANDLE PolicyHandle, [in] PLSAPR_SID_ENUM_BUFFER SidEnumBuffer, [out] PLSAPR_REFERENCED_DOMAIN_LIST* ReferencedDomains, [in, out] PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, [in] LSAP_LOOKUP_LEVEL LookupLevel, [in, out] unsigned long* MappedCount, [in] unsigned long LookupOptions, [in] unsigned long ClientRevision );
SidEnumBuffer: Contains the SIDs to be translated. The SIDs in this structure can be that of users, groups, computers, Windows-defined well-known security principals, or domains.
ReferencedDomains: On successful return, contains the domain information for the domain to which each security principal belongs. The domain information includes a NetBIOS domain name and a domain SID for each entry in the list.
TranslatedNames: On successful return, contains the corresponding name forms for security principal SIDs in the SidEnumBuffer parameter. It MUST be ignored on input.
LookupLevel: Specifies what scopes are to be used during translation, as specified in section 2.2.16.
MappedCount: On return, contains the number of names that are translated completely to their name forms. It MUST be ignored on input.
LookupOptions: Flags that control the lookup operation. This parameter is reserved for future use and SHOULD<32> be set to 0.
ClientRevision: Version of the client, which implies the client's capabilities. For possible values and their meanings, see section 18.104.22.168.
Return Values: The following table contains a summary of the return values that an implementation MUST return, as specified by the message processing shown after the table.
Return value/code Description
The request was successfully completed.
Some of the information to be translated has not been translated.
The caller does not have the permissions to perform this operation.
One of the supplied parameters was invalid.
None of the information to be translated has been translated.
The behavior required when receiving an LsarLookupSids2 message MUST be identical to that when receiving an LsarLookupSids3 message, with the following exceptions:
This message is valid on non–domain controller machines as well as domain controllers.
LookupLevel values other than LsapLookupWksta are not valid if the RPC server is not a domain controller. For this condition, the RPC server MUST return an error in the return value.
The server MUST return STATUS_ACCESS_DENIED if neither of the following conditions are true: