Export (0) Print
Expand All

3.1.5.9.2 SamrGetAliasMembership (Opnum 16)

The SamrGetAliasMembership method obtains the union of all aliases that a given set of SIDs is a member of.

long SamrGetAliasMembership(
  [in] SAMPR_HANDLE DomainHandle,
  [in] PSAMPR_PSID_ARRAY SidArray,
  [out] PSAMPR_ULONG_ARRAY Membership
);

DomainHandle: An RPC context handle, as specified in section 2.2.3.2, representing a domain object.

SidArray: A list of SIDs.

Membership: The union of all aliases (represented by RIDs) that all SIDs in SidArray are a member of.

This protocol asks the RPC runtime, via the strict_context_handle attribute, to reject the use of context handles created by a method of a different RPC interface than this one, as specified in [MS-RPCE] section 3.

Upon receiving this message, the server MUST process the data from the message subject to the following constraints:

  1. The server MUST return an error if DomainHandle.HandleType is not equal to "Domain".

  2. DomainHandle.GrantedAccess MUST have the required access specified in section 3.1.2.1. Otherwise, the server MUST return STATUS_ACCESS_DENIED.

  3. For each SID value in SidArray, the server MUST determine the union of all database objects in the domain referenced by DomainHandle.Object with class group and groupType GROUP_TYPE_SECURITY_RESOURCE whose member value contains the SID.

  4. The returned Membership parameter MUST contain the RIDs of the objectSid attribute of the union of all groups found by constraint 2.

 
Show:
© 2014 Microsoft