Calling NetrLogonSendToSam

The client calling this method MUST be a BDC or RODC. The client MUST do the following:

  • Have a secure channel established with a domain controller in the domain identified by domain-name and pass its name as the PrimaryName parameter.

  • Encrypt the OpaqueBuffer parameter using the negotiated encryption algorithm (determined by bits C, O, or W, respectively, in the NegotiateFlags member of the ServerSessionInfo table entry for PrimaryName) and the session key established as the encryption key.

  • Pass a valid client Netlogon authenticator as the Authenticator parameter.

After the method returns, the client MUST verify the ReturnAuthenticator as described in section<147>

For details about how the OpaqueBuffer parameter is used, see [MS-SAMS].