Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All NetrLogonGetDomainInfo (Opnum 29)

The NetrLogonGetDomainInfo method<254> returns information that describes the current domain to which the specified client belongs.

 NTSTATUS NetrLogonGetDomainInfo(
   [in, string] LOGONSRV_HANDLE ServerName,
   [in, string, unique] wchar_t* ComputerName,
   [in] PNETLOGON_AUTHENTICATOR Authenticator,
   [in, out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator,
   [in] DWORD Level,
   [in, switch_is(Level)] PNETLOGON_WORKSTATION_INFORMATION WkstaBuffer,
   [out, switch_is(Level)] PNETLOGON_DOMAIN_INFORMATION DomBuffer

ServerName: The custom RPC binding handle, as specified in section

ComputerName: The null-terminated Unicode string that contains the name of the client computer issuing the request.

Authenticator: A pointer to a NETLOGON_AUTHENTICATOR structure, as specified in section, that contains the client authenticator.

ReturnAuthenticator: A pointer to a NETLOGON_AUTHENTICATOR structure, as specified in section, that contains the server return authenticator.

Level: The information level requested by the client. The DomBuffer parameter contains one of the following structures, based on the value of this field.




The DomBuffer contains a NETLOGON_DOMAIN_INFO structure.


The DomBuffer contains a NETLOGON_LSA_POLICY_INFO structure.

WkstaBuffer: A pointer to a NETLOGON_WORKSTATION_INFORMATION structure, as specified in section, that contains information about the client workstation.

DomBuffer: A pointer to a NETLOGON_DOMAIN_INFORMATION structure, as specified in section, that contains information about the domain or policy information.

Return Values: The method returns 0x00000000 on success; otherwise, it returns a nonzero error code.

On receiving this call, the server MUST perform the following validation steps:

  • Apply Common Error Processing Rule A, specified in section 3.

  • Verify that the WkstaBuffer parameter is not NULL. If it is, the server SHOULD return STATUS_INVALID_PARAMETER.<255>

  • Verify that the Level parameter is set to 1 or 2. All other values are invalid, and STATUS_INVALID_LEVEL MUST be returned.

  • Using the ComputerName for the secure channel to find the corresponding record in the ClientSessionInfo table, verify the Authenticator parameter (section If the Authenticator parameter is valid, compute the ReturnAuthenticator parameter returned (section Otherwise, the server MUST return STATUS_ACCESS_DENIED.

If the Level parameter is set to 1, the return structure pointed to by DomBuffer MUST be generated as follows:

  • NETLOGON_DOMAIN_INFO.PrimaryDomain.DomainName MUST be set to NetbiosDomainName.

  • NETLOGON_DOMAIN_INFO.PrimaryDomain.DnsDomainName MUST be set to DnsDomainName.

  • NETLOGON_DOMAIN_INFO.PrimaryDomain.DnsForestName MUST be set to DnsForestName.

  • NETLOGON_DOMAIN_INFO.PrimaryDomain.DomainGuid MUST be set to DomainGuid.

  • NETLOGON_DOMAIN_INFO.PrimaryDomain.DomainSid MUST be set to DomainSid.

  • NETLOGON_DOMAIN_INFO.WorkstationFlags MUST be set with the bitwise AND of NETLOGON_WORKSTATION_INFORMATION.WorkstationInfo.WorkstationFlags and 0x3.

  • NETLOGON_DOMAIN_INFO.TrustedDomainCount MUST be set to the number of elements of the trusted domain list returned by performing the external behavior consistent with locally invoking LsarEnumerateTrustedDomainsEx ([MS-LSAD] section The EnumerationContext parameter MUST be set to 0 and PreferredMaximumLength SHOULD be set to 4096.<256> A policy handle is not needed locally.

  • NETLOGON_DOMAIN_INFO.TrustedDomains MUST be set to a TrustedDomainCount-sized array of NETLOGON_ONE_DOMAIN_INFO structures. Each structure MUST be generated as follows:

    • NETLOGON_ONE_DOMAIN_INFO.DomainName MUST be set to the NetBIOS domain name of the trusted domain.

    • NETLOGON_ONE_DOMAIN_INFO.DnsDomainName MUST be set to the DNS domain name of the trusted domain.

    • NETLOGON_ONE_DOMAIN_INFO.DnsForestName MUST be set to NULL string.

    • NETLOGON_ONE_DOMAIN_INFO.DomainGuid MUST be set to the domain GUID of the trusted domain.

    • NETLOGON_ONE_DOMAIN_INFO.DomainSid MUST be set to the domain SID of the trusted domain.<257>

  • NETLOGON_DOMAIN_INFO.SupportedEncTypes MUST be set to the value of the msDS-SupportedEncryptionTypes attribute ([MS-ADA2] section 2.458) of the ComputerName account. If the msDS-SupportedEncryptionTypes attribute does not exist, then set NETLOGON_DOMAIN_INFO.SupportedEncTypes to 0xFFFFFFFF.

  •  Structure



    For details, see section


    For details, see section


    For details, see section


    For details, see section

If the Level parameter is set to 2:

  • NETLOGON_DOMAIN_INFO.LsaPolicy.LsaPolicySize MUST be set to 0.

  • NETLOGON_DOMAIN_INFO.LsaPolicy.LsaPolicy MUST be set to NULL.

If the WkstaBuffer.WorkstationInfo pointer is NULL, no further processing occurs and NERR_Success MUST be returned.

If WkstaBuffer.WorkstationInfo.WorkstationFlags has the 0x2 bit set, NETLOGON_DOMAIN_INFO.DnsHostNameInDs is set to the dNSHostName ([MS-ADA1] section 2.185) of the client account. If there was a change in domain naming, this value holds the previous DNS host name since the AD query is done prior to changing the value. If WkstaBuffer.WorkstationInfo.WorkstationFlags does not have the 0x2 bit set, the server adds the following SPNs to the ServicePrincipalName attribute of the clients account:

  • HOST/<Netbios name>

  • HOST/<FQDN name>

WkstaBuffer.WorkstationInfo.OsName and WkstaBuffer.WorkstationInfo.OsVersion SHOULD be processed as specified in section If WkstaBuffer.WorkstationInfo.OsName and WkstaBuffer.WorkstationInfo.OsVersion are not specified, then a generic string SHOULD be used to update the operatingSystem attribute ("Windows unknown version"). If WkstaBuffer.WorkstationInfo.OsVersion is specified but WkstaBuffer.WorkstationInfo.OsName is not, then a different generic string SHOULD be used to update the operatingSystem attribute, depending on the value of WkstaBuffer.WorkstationInfo.OsVersion.wProductType. If the wProductType is VER_NT_WORKSTATION, then the string that SHOULD be used is "Windows Workstation", otherwise the string SHOULD be "Windows Server".<258>

If WkstaBuffer.WorkstationInfo.KerberosSupportedEncryptionTypes is set, NETLOGON_DOMAIN_INFO.SupportedEncTypes is set to the msDS-SupportedEncryptionTypes attribute ([MS-ADA2] section 2.458) of the client account.

This method can only be called by a machine that has established a secure channel with the server.

© 2015 Microsoft