LsaCreateTrustedDomainEx function

The LsaCreateTrustedDomainEx function establishes a new trusted domain by creating a new TrustedDomain object.

Syntax


NTSTATUS LsaCreateTrustedDomainEx(
  _In_   LSA_HANDLE PolicyHandle,
  _In_   PTRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,
  _In_   PTRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation,
  _In_   ACCESS_MASK DesiredAccess,
  _Out_  PLSA_HANDLE TrustedDomainHandle
);

Parameters

PolicyHandle [in]

A handle to a Policy object. For the object to be created, the caller must have permission to create children on the System container. For information about policy object handles, see Opening a Policy Object Handle.

TrustedDomainInformation [in]

Pointer to a TRUSTED_DOMAIN_INFORMATION_EX structure that contains the name and SID of the new trusted domain.

AuthenticationInformation [in]

Pointer to a TRUSTED_DOMAIN_AUTH_INFORMATION structure that contains authentication information for the new trusted domain.

DesiredAccess [in]

An ACCESS_MASK structure that specifies the accesses to be granted for the new trusted domain.

TrustedDomainHandle [out]

Receives the LSA policy handle of the remote trusted domain. You can pass this handle into LSA function calls to manage the LSA policy of the trusted domain.

When your application no longer needs this handle, it should call LsaClose to delete the handle.

Return value

If the function succeeds, the function returns STATUS_SUCCESS.

If the function fails, it returns an NTSTATUS code, which can be one of the following values or one of the LSA Policy Function Return Values.

Return codeDescription
STATUS_DIRECTORY_SERVICE_REQUIRED

The target system (specified in the TrustedDomainInformation parameter) for the TrustedDomain object is not a domain controller.

STATUS_INVALID_SID

The specified SID is not valid.

STATUS_UNSUCCESSFUL

Unable to determine whether the target system is a domain controller.

 

You can use the LsaNtStatusToWinError function to convert the NTSTATUS code to a Windows error code.

Remarks

LsaCreateTrustedDomainEx does not check whether the specified domain name matches the specified SID or whether the SID and name represent an actual domain.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Ntsecapi.h

Library

Advapi32.lib

DLL

Advapi32.dll

See also

LsaSetTrustedDomainInformation
LsaSetTrustedDomainInfoByName
LsaDeleteTrustedDomain
LsaClose
TRUSTED_DOMAIN_AUTH_INFORMATION
TRUSTED_DOMAIN_INFORMATION_EX

 

 

Community Additions

ADD
Show:
© 2014 Microsoft