3.5.4.8.1 NetrLogonGetTrustRid (Opnum 23)

  • Article

The NetrLogonGetTrustRid method SHOULD<233> be used to obtain the RID of the account whose password is used by domain controllers in the specified domain for establishing the secure channel from the server receiving this call. 

 NET_API_STATUS NetrLogonGetTrustRid(
   [in, unique, string] LOGONSRV_HANDLE ServerName,
   [in, string, unique] wchar_t* DomainName,
   [out] ULONG * Rid
 );

ServerName: The custom binding handle, as defined in section 3.5.4.1.

DomainName: The null-terminated Unicode string that contains the DNS or NetBIOS name of the primary or trusted domain. If this parameter is NULL, this method uses the name of the primary domain of the server.

Rid: A pointer to an unsigned long that receives the RID of the account.

Return Values: The method returns 0x00000000 on success; otherwise, it returns a nonzero error code.

The server SHOULD<234> return ERROR_ACCESS_DENIED if the caller is not local.

If ServerName equals NULL and DomainName equals NULL, the server determines if the client has sufficient privilege (as specified in section 3.5.4.2) with the Access Request mask set to NETLOGON_FTINFO_ACCESS.

Otherwise, the server determines if the client has sufficient privilege (as specified in section 3.5.4.2) with the Access Request mask set to NETLOGON_SERVICE_ACCESS.

If the client does not have sufficient privilege, the server MUST return ERROR_ACCESS_DENIED.

If ServerName equals NULL, then the call MUST be made to the local machine. If the DomainName is the same as the domain that the machine is joined to, the call MUST succeed, and the server MUST return the AccountRid of the machine in the domain. If the DomainName is a different domain, the server MUST return ERROR_NO_SUCH_DOMAIN.

If both ServerName and DomainName are NULL, the server MUST return the RID for the computer account of the caller. Otherwise, the RID for the account identified by ServerName and DomainName MUST be returned.

The server uses the server name passed in the ServerName parameter to look up the domain for the request. If the name is not found, the server MUST return ERROR_INVALID_COMPUTERNAME.

If the RID cannot be determined, the server SHOULD return ERROR_TRUSTED_RELATIONSHIP_FAILURE.