Export (0) Print
Expand All

DsEnumerateDomainTrusts function

The DsEnumerateDomainTrusts function obtains domain trust data for a specified domain.


DWORD DsEnumerateDomainTrusts(
  _In_opt_  LPTSTR ServerName,
  _In_      ULONG Flags,
  _Out_     PDS_DOMAIN_TRUSTS *Domains,
  _Out_     PULONG DomainCount


ServerName [in, optional]

Pointer to a null-terminated string that specifies the name of a computer in the domain to obtain the trust information for. This computer must be running the Windows 2000 or later operating system. If this parameter is NULL, the name of the local computer is used. The caller must be an authenticated user in this domain.

If this computer is a domain controller, this function returns the trust data immediately. If this computer is not a domain controller, this function obtains the trust data from cached data if the cached data is not expired. If the cached data is expired, this function obtains the trust data from a domain controller in the domain that this computer is a member of and updates the cache. The cached data automatically expires after five minutes.

Flags [in]

Contains a set of flags that determines which domain trusts to enumerate. This can be zero or a combination of one or more of the following values.


Enumerate domains that directly trust the domain which has ServerName as a member.


Enumerate domains directly trusted by the domain which has ServerName as a member.


Enumerate domains that are a member of the same forest which has ServerName as a member.


Enumerate domains where the primary domain is running in Windows 2000 native mode.


Enumerate domains that are the primary domain of the domain which has ServerName as a member.


Enumerate domains that are at the root of the forest which has ServerName as a member.


Domains [out]

Pointer to a PDS_DOMAIN_TRUSTS value that receives an array of DS_DOMAIN_TRUSTS structures. Each structure in this array contains trust data about a domain. The caller must free this memory when it is no longer required by calling NetApiBufferFree.

DomainCount [out]

Pointer to a ULONG value that receives the number of elements returned in the Domains array.

Return value

Returns ERROR_SUCCESS if successful or a Win32 error code otherwise. Possible error codes include those listed in the following table.

Return codeDescription

The Flags parameter contains one or more invalid flags.


No cached data is available and a domain controller cannot be located.


The client side of the trust relationship is broken and no cached data is available.


The server side of the trust relationship is broken or the password is invalid and no cached data is available.


The computer identified by ServerName does not support this function call. In particular, this error is returned if ServerName is an Windows NT 3.51 computer or if ServerName is an Windows NT 4.0 computer and DS_DOMAIN_DIRECT_INBOUND is specified.



Minimum supported client

Windows 2000 Professional [desktop apps only]

Minimum supported server

Windows 2000 Server [desktop apps only]







Unicode and ANSI names

DsEnumerateDomainTrustsW (Unicode) and DsEnumerateDomainTrustsA (ANSI)

See also

Directory Service Functions



© 2014 Microsoft