22.214.171.124 LsarGetUserName (Opnum 45)
NTSTATUS LsarGetUserName( [in, unique, string] wchar_t* SystemName, [in, out] PRPC_UNICODE_STRING* UserName, [in, out, unique] PRPC_UNICODE_STRING* DomainName );
SystemName: This parameter has no effect on message processing in any environment. It MUST be ignored.
UserName: On return, contains the name of the security principal that is making the call. The string MUST be of the form sAMAccountName. On input, this parameter MUST be ignored. The RPC_UNICODE_STRING structure is defined in [MS-DTYP] section 2.3.10.
DomainName: On return, contains the domain name of the security principal that is invoking the method. This string MUST be a NetBIOS name. On input, this parameter MUST be ignored.
Return Values: The following table contains a summary of the return values that an implementation MUST return, as specified by the message processing shown after the table.
The request was successfully completed.
The caller does not have the permissions to perform this operation.
If GetRpcImpersonationAccessToken succeeds, the server MUST use the SID in the Token.Sids[OwnerIndex] element ([MS-DTYP] section 2.5.2) for further processing.
If GetRpcImpersonationAccessToken fails, the server MUST use the ANONYMOUS SID ([MS-DTYP] section 126.96.36.199) for further processing.
The server MUST locate the security principal that is making the request using the SID that was determined previously. To do so, a search MUST be performed in the following views and MUST end as soon as the security principal is located in some view:
Predefined Translation View.
Configurable Translation View.
Account Domain View of the account database served on that machine.
If the machine is not joined to a domain, the search ends here.
If this machine is not a domain controller: Account Domain View of the domain to which this machine is joined.
Forest View of the forest of the domain to which this machine is joined.
Forest Views of trusted forests for the forest of the domain to which this machine is joined.
Account Domain Views of externally trusted domains for the domain to which this machine is joined.
After the security principal is located, the RPC server MUST return the security principal name in the UserName parameter and MUST return the domain NetBIOS name in the DomainName parameter if DomainName is not NULL. The return value MUST be set to STATUS_SUCCESS in this case. In other cases, an implementation-specific negative value MUST be returned.