NetrLogonGetCapabilities (Opnum 21)

The NetrLogonGetCapabilities method is used by clients to confirm the server capabilities after a secure channel has been established. <261>

 NTSTATUS NetrLogonGetCapabilities(
   [in, string] LOGONSRV_HANDLE ServerName,
   [in, string, unique] wchar_t* ComputerName,
   [in] PNETLOGON_AUTHENTICATOR Authenticator,
   [in, out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator,
   [in] DWORD QueryLevel,
   [out, switch_is(QueryLevel)] PNETLOGON_CAPABILITIES ServerCapabilities

ServerName: A LOGONSRV_HANDLE Unicode string handle of the server that is handling the request.

ComputerName: A string that contains the name of the computer.

Authenticator: A pointer to a NETLOGON_AUTHENTICATOR structure that contains the client authenticator.

ReturnAuthenticator: A pointer to a NETLOGON_AUTHENTICATOR structure that contains the server return authenticator.

QueryLevel: Specifies the level of information to return from the domain controller being queried. A value of 0x00000001 causes return of a NETLOGON_CAPABILITIES structure that contains server capabilities.

ServerCapabilities: A pointer to a 32-bit set of bit flags that identify the server's capabilities.<262>

Return Values: The method returns 0x00000000 on success; otherwise, it returns a nonzero error code.

Upon receiving this call, the server MUST perform the following validation steps:<263>

  • Apply Common Error Processing Rule A, specified in section 3.

  • Verify that the QueryLevel parameter is set to 1. All other values are invalid, and STATUS_INVALID_LEVEL MUST be returned.

  • Using the ComputerName for the secure channel to find the corresponding record in the ClientSessionInfo table, verify the Authenticator parameter (section If the Authenticator parameter is valid, compute the ReturnAuthenticator parameter returned (section Otherwise, the server MUST return STATUS_ACCESS_DENIED.

If ServerCapabilities bit W is true, then  ServerCapabilities MUST be set to the ServerSessionInfo.NegotiateFlags being used by the secure channel of the calling client. Otherwise, the server MUST return STATUS_NOT_IMPLEMENTED.