4.1.4.2.10 LookupName

 procedure LookupName(
   flags: DWORD,
   formatOffered: DWORD,
   formatDesired: DWORD,
   name: unicodestring): DS_NAME_RESULT_ITEMW

Informative summary of behavior: The LookupName procedure performs the lookup of a single name in a given input format and produces the output name in the given output format.

 rt: sequence of DSName
 obj: DSName
 fSidHistory: boolean
 result: DS_NAME_RESULT_ITEMW
 names: sequence of unicodestring
 domainName: unicodestring
 fCanonicalEx: boolean
 referredDomain: unicodestring
  
 if formatOffered = DS_UNKNOWN_NAME then
   return LookupUnknownName(flags, name, formatDesired)
 endif
  
 domainName := null
  
 if formatOffered = DS_FQDN_1779_NAME then
   rt := LookupAttr(flags, distinguishedName, name)
   domainName := DomainDNSNameFromDomain(RetrieveDCSuffixFromDn(name))
 else if formatOffered = DS_NT4_ACCOUNT_NAME then
   rt := LookupAttr(flags, sAMAccountName,
                    UserNameFromNT4AccountName(name))
   domainName := DomainNameFromNT4AccountName(name)
 else if formatOffered = DS_USER_PRINCIPAL_NAME then
   rt := LookupUPNAndAltSecID(flags, false, name)
   domainName := DomainNameFromUPN(name)
 else if formatOffered = DS_CANONICAL_NAME then
   rt := LookupCanonicalName(name)
   domainName := DomainNameFromCanonicalName(name)
 else if formatOffered = DS_UNIQUE_ID_NAME then
   rt := select all o from all where o!objectGuid = GuidFromString(true, name)
 else if formatOffered = DS_DISPLAY_NAME then
   rt := LookupAttr(flags, displayName, name)
 else if formatOffered = DS_SERVICE_PRINCIPAL_NAME then
   rt := LookupSPN(flags, name)
   domainName := GetServiceNameFromSPN(name)
 else if formatOffered in {DS_SID_OR_SID_HISTORY_NAME,
                           DS_STRING_SID_NAME} then
   rt := LookupSID(flags, SidFromStringSid(name))
   domainName := DomainNameFromSid(DomainSidFromSid(SidFromStringSid(name)))
 else if formatOffered = DS_CANONICAL_NAME_EX then
   rt := LookupCanonicalName(CanonicalNameFromCanonicalNameEx(name))
   domainName := DomainNameFromCanonicalName(name)
 else if formatOffered in {DS_NT4_ACCOUNT_NAME_SANS_DOMAIN,
     DS_NT4_ACCOUNT_NAME_SANS_DOMAIN_EX} then
   rt := LookupAttr(flags, sAMAccountName, name)
 else if formatOffered = DS_ALT_SECURITY_IDENTITIES_NAME then
   rt := LookupAttr(flags, altSecurityIdentities, name)
 else if formatOffered = DS_USER_PRINCIPAL_NAME_AND_ALTSECID then
   rt := LookupUPNAndAltSecID(flags, true, name)
   domainName := DomainNameFromUPN(name)
 else
   rt := null
 endif
  
 result.pName^ := null
 result.pDomain^ := null
 result.status := DS_NAME_NO_ERROR
  
 if rt = null and domainName ≠ null then
   result.status := DS_NAME_ERROR_DOMAIN_ONLY
   if formatOffered in {DS_NT4_ACCOUNT_NAME, DS_USER_PRINCIPAL_NAME,
       DS_SERVICE_PRINCIPAL_NAME, DS_SID_OR_SID_HISTORY_NAME,
       DS_STRING_SID_NAME,DS_USER_PRINCIPAL_NAME_AND_ALTSECID} then
     if IsDomainNameInTrustedForest(domainName, referredDomain) then
       result.pDomain^ := referredDomain
       if DS_NAME_FLAG_TRUST_REFERRAL in flags then
         result.status := DS_NAME_ERROR_TRUST_REFERRAL
       else
         result.status := DS_NAME_ERROR_DOMAIN_ONLY
       endif   
     endif    
   endif
   return result
 endif
  
 if rt = null then
   /* No match. */
   result.status := DS_NAME_ERROR_NOT_FOUND
   return result
 endif
  
 if rt.length > 1 then
   /* Found more than one matching object. */
   result.status := DS_NAME_ERROR_NOT_UNIQUE
   return result
 endif
  
 obj := rt[0]
  
 if formatOffered = DS_NT4_ACCOUNT_NAME_SANS_DOMAIN_EX then
   /* Check that the account is valid. */
   if obj!userAccountControl ∩ {ADS_UF_ACCOUNTDISABLE,
       ADS_UF_TEMP_DUPLICATE_ACCOUNT} ≠ {} then
     result.status := DS_NAME_ERROR_NOT_FOUND
     return result
   endif
 endif
  
 if formatOffered = DS_STRING_SID_NAME then
   /* The type of the object needs to be specified in result.status. */
   /* Check if the value came from sIDHistory or objectSid. */
   fSidHistory := SidFromStringSid(name) in obj!sidHistory
  
   if obj!sAMAccountType in {SAM_USER_OBJECT, SAM_MACHINE_ACCOUNT,
       SAM_TRUST_ACCOUNT} then
     if fSidHistory then
       result.status := DS_NAME_ERROR_IS_SID_HISTORY_USER
     else
       result.status := DS_NAME_ERROR_IS_SID_USER
     endif
   else if obj!sAMAccountType in {SAM_NON_SECURITY_GROUP_OBJECT,
       SAM_GROUP_OBJECT} then
     if fSidHistory then
       result.status := DS_NAME_ERROR_IS_SID_HISTORY_GROUP
     else
       result.status := DS_NAME_ERROR_IS_SID_GROUP
     endif
   else if obj!sAMAccountType in {SAM_NON_SECURITY_ALIAS_OBJECT,
       SAM_ALIAS_OBJECT} then
     if fSidHistory then
       result.status := DS_NAME_ERROR_IS_SID_HISTORY_ALIAS
     else
       result.status := DS_NAME_ERROR_IS_SID_ALIAS
     endif
   else
     if fSidHistory then
       result.status := DS_NAME_ERROR_IS_SID_HISTORY_UNKNOWN
     else
       result.status := DS_NAME_ERROR_IS_SID_UNKNOWN
     endif
   endif
 endif
  
 /* Found exactly one object. Construct the output name in the
  * desired format. */
 names := ConstructOutput(obj, formatDesired)
  
 if formatDesired not in { DS_FQDN_1779_NAME, DS_NT4_ACCOUNT_NAME, DS_DISPLAY_NAME, DS_UNIQUE_ID_NAME, DS_CANONICAL_NAME, DS_CANONICAL_NAME_EX, DS_USER_PRINCIPAL_NAME, DS_SERVICE_PRINCIPAL_NAME, DS_STRING_SID_NAME, DS_USER_PRINCIPAL_NAME_FOR_LOGON } then
   result.status := DS_NAME_ERROR_RESOLVING
   return result
 end if
  
 if names = null and 
    foreignSecurityPrincipal in obj!objectClass and
    obj!SID ≠ null and 
    DS_NAME_FLAG_PRIVATE_RESOLVE_FPOS in flags and 
    formatDesired in { DS_NT4_ACCOUNT_NAME, DS_DISPLAY_NAME,
        DS_CANONICAL_NAME, DS_CANONICAL_NAME_EX, DS_USER_PRINCIPAL_NAME,
        DS_USER_PRINCIPAL_NAME_FOR_LOGON, DS_SERVICE_PRINCIPAL_NAME} then 
   /* Found a foreign security principal for which the desired name is not
    * included. Use the LSAT protocol to lookup the name. Note: For any 
    * desired format, it can only return either DS_CANONICAL_NAME or
    * DS_CANONICAL_NAME_EX.  */ 
   if (formatDesired=DS_CANONICAL_NAME_EX) then
     fCanonicalEx := true
   else 
     fCanonicalEx := false
   endif
   result := LookupFPO(fCanonicalEx, obj, result)
   return result
 endif
  
 if names = null then
   /* Could not construct the required name format. */
   result.status := DS_NAME_ERROR_NO_MAPPING
   return result
 endif
 if names.length > 1 then
   /* Too many output names. */
   result.status := DS_NAME_ERROR_NOT_UNIQUE
   return result
 endif
  
 result.pName^ := names[0]
 result.pDomain^ := DomainDNSNameFromDomain(GetObjectNC(obj))
 result.status = DS_NAME_NO_ERROR
  
 return result
Show: