3.1.4.7.12 LsarCreateTrustedDomain (Opnum 12)

  • Article

The LsarCreateTrustedDomain method is invoked to create an object of type trusted domain in the server's database.

 NTSTATUS LsarCreateTrustedDomain(
   [in] LSAPR_HANDLE PolicyHandle,
   [in] PLSAPR_TRUST_INFORMATION TrustedDomainInformation,
   [in] ACCESS_MASK DesiredAccess,
   [out] LSAPR_HANDLE* TrustedDomainHandle
 );

PolicyHandle: An RPC context handle obtained from either LsarOpenPolicy or LsarOpenPolicy2.

TrustedDomainInformation: Information about the new trusted domain object (TDO) to be created.

DesiredAccess: An access mask that specifies the desired access to the TDO handle.

TrustedDomainHandle: Used to return the handle for the newly created TDO.

Return Values: The following is a summary of the return values that an implementation MUST return, as specified by the message processing that follows.

Return value/code

Description

0x00000000

STATUS_SUCCESS

The request was successfully completed.

0xC0000022

STATUS_ACCESS_DENIED

The caller does not have the permissions to perform this operation.

0xC000000D

STATUS_INVALID_PARAMETER

One of the supplied arguments is invalid.

0xC0000300

STATUS_NOT_SUPPORTED_ON_SBS

The operation is not supported on a particular product.<105>

0xC00002B1

STATUS_DIRECTORY_SERVICE_REQUIRED

The Active Directory service was not available on the server.

0xC0000078

STATUS_INVALID_SID

The security identifier of the trusted domain is not valid.

0xC00002E9

STATUS_CURRENT_DOMAIN_NOT_ALLOWED

Trust cannot be established with the current domain.

0xC0000035

STATUS_OBJECT_NAME_COLLISION

Another TDO already exists that matches some of the identifying information of the supplied information.

0xC0000008

STATUS_INVALID_HANDLE

PolicyHandle is not a valid handle.

0xC0000401

STATUS_PER_USER_TRUST_QUOTA_EXCEEDED

The caller's quota for the maximum number of TDOs that can be created by control access right Create-Inbound-Trust is exceeded.

0xC0000402

STATUS_ALL_USER_TRUST_QUOTA_EXCEEDED

The combined users' quota for the maximum number of TDOs that can be created by control access right Create-Inbound-Trust is exceeded.

Processing:

This message MUST be processed in an identical manner to LsarCreateTrustedDomainEx with the following mapping as input parameters.

PolicyHandle: Same.

TrustedDomainInformation:

  • Name: Comes from TrustedDomainInformation. Name input parameter.

  • FlatName: Comes from TrustedDomainInformation. Name input parameter.

  • SID: Comes from TrustedDomainInformation. Security identifier (SID) input parameter.

  • TrustDirection: TRUST_DIRECTION_OUTBOUND.

  • TrustType: TRUST_TYPE_DOWNLEVEL.

  • TrustAttributes: 0.

AuthenticationInformation: NULL.

DesiredAccess: Same.

TrustedDomainHandle: Same.