6.1.6.9.3.1 Record

Each Record is represented in the following manner.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

RecordLen

Flags

Timestamp

...

RecordType

ForestTrustData (variable)

...

...

RecordLen (4 bytes): Length, in bytes, of the entire record, not including RecordLen.

Flags (4 bytes): Individual bit flags that control how the forest trust information in this record can be used.

If RecordType = 0 or 1, the Flags field, represented here in big-endian byte order, can have one or more of the following bits.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

T
D
C

T
D
A

T
D
N

X: Unused. Must be zero and ignored.

TDN (LSA_TLN_DISABLED_NEW, 0x00000001): Entry is not yet enabled.

TDA (LSA_TLN_DISABLED_ADMIN, 0x00000002): Entry is disabled by administrator.

TDC (LSA_TLN_DISABLED_CONFLICT, 0x00000004): Entry is disabled due to a conflict with another trusted domain.

If RecordType = 2, the Flags field, represented here in big-endian byte order, can have one or more of the following bits.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

N D C

N D A

S D C

S D A

SDA (LSA_SID_DISABLED_ADMIN, 0x00000001): Entry is disabled for SID, NetBIOS, and DNS name–based matches by the administrator.

SDC (LSA_SID_DISABLED_CONFLICT, 0x00000002): Entry is disabled for SID, NetBIOS, and DNS name–based matches due to a SID or DNS name–based conflict with another trusted domain.

NDA (LSA_NB_DISABLED_ADMIN, 0x00000004): Entry is disabled for NetBIOS name–based matches by the administrator.

NDC (LSA_NB_DISABLED_CONFLICT, 0x00000008): Entry is disabled for NetBIOS name–based matches due to a NetBIOS domain name conflict with another trusted domain.

For RecordType = 2, NETBIOS_DISABLED_MASK is defined as a mask on the lower 4 bits of the Flags field.

For all record types, LSA_FTRECORD_DISABLED_REASONS is defined as a mask on the lower 16 bits of the Flags field. Unused bits covered by the mask are reserved for future use.

Timestamp (8 bytes): 64-bit timestamp value indicating when this entry was created, in system time (see the FILETIME structure in [MS-DTYP] section 2.3.3).

RecordType (1 byte): 8-bit value specifying the type of record contained in this specific entry. The structure of the content in the next field depends on this value. The current version of the protocol defines the behavior of the next field ForestTrustData if the value of RecordType is one of the three values below.

Name

Value

ForestTrustTopLevelName

0

ForestTrustTopLevelNameEx

1

ForestTrustDomainInfo

2

ForestTrustData (variable): Variable-length type-specific record, depending on the RecordType value, containing a specific type of data about the forest trust relationship.

IMPORTANT NOTE: The type-specific ForestTrustData record is not necessarily aligned to a 32-bit boundary. Each record starts at the byte following the RecordType field.

There are three different type-specific records. Depending on the value of the RecordType field, the structure of the type-specific record differs as follows:

  • If RecordType = 0 or RecordType = 1, then the type-specific record is represented in the following manner.


    0


    1


    2


    3


    4


    5


    6


    7


    8


    9

    1
    0


    1


    2


    3


    4


    5


    6


    7


    8


    9

    2
    0


    1


    2


    3


    4


    5


    6


    7


    8


    9

    3
    0


    1

    NameLen

    Name (variable)

    ...

    NameLen: Length, in bytes, of the following Name field.

    Name (variable): The top level name (TLN) of the trusted forest, in UTF-8 format.

  • If RecordType = 2, then the type-specific record is represented in the following manner. Note that the record contains the following structures one after another. It is important to note here that none of the data shown is necessarily aligned to 32-bit boundaries.


    0


    1


    2


    3


    4


    5


    6


    7


    8


    9

    1
    0


    1


    2


    3


    4


    5


    6


    7


    8


    9

    2
    0


    1


    2


    3


    4


    5


    6


    7


    8


    9

    3
    0


    1

    SidLen

    Sid (variable)

    ...

    DnsNameLen

    DnsName (variable)

    ...

    NetbiosNameLen

    NetbiosName (variable)

    ...

    SidLen: Length, in bytes, of the following Sid field.

    Sid: The SID of a domain in the trusted forest, specified as a SID structure, which is defined in [MS-DTYP] section 2.4.2.

    DnsNameLen: Length, in bytes, of the following DnsName field.

    DnsName: The DNS name of a domain in the trusted forest, in UTF-8 format.

    NetbiosNameLen: Length, in bytes, of the following NetbiosName field.

    NetbiosName: The NetBIOS name of a domain in the trusted forest, in UTF-8 format.

  • If RecordType is not one of the preceding values, the current version of the protocol does not define the behavior for the record data. The type-specific record is represented in the following manner.


    0


    1


    2


    3


    4


    5


    6


    7


    8


    9

    1
    0


    1


    2


    3


    4


    5


    6


    7


    8


    9

    2
    0


    1


    2


    3


    4


    5


    6


    7


    8


    9

    3
    0


    1

    BinaryDataLen

    BinaryData (variable)

    ...

    BinarydataLen: Length, in bytes, of the following BinaryData field.

    BinaryData: The record data. If the BinarydataLen field has a value other than 0, this field MUST NOT be NULL.

Show: