Export (0) Print
Expand All

DsBindWithSpn function

The DsBindWithSpn function binds to a domain controller using the specified credentials and a specific service principal name (SPN) for mutual authentication.

This function is provided for where complete control is required for mutual authentication. Do not use this function if you expect DsBind to find a server for you, because SPNs are computer-specific, and it is unlikely that the SPN you provide will match the server that DsBind finds for you. Providing a NULLServicePrincipalName argument results in behavior that is identical to DsBindWithCred.

Syntax


DWORD DsBindWithSpn(
  _In_opt_  LPCTSTR DomainControllerName,
  _In_opt_  LPCTSTR DnsDomainName,
  _In_opt_  RPC_AUTH_IDENTITY_HANDLE AuthIdentity,
  _In_opt_  LPCTSTR ServicePrincipalName,
  _Out_     HANDLE *phDS
);

Parameters

DomainControllerName [in, optional]

Pointer to a null-terminated string that contains the fully qualified DNS name of the domain to bind to. For more information, see the DomainControllerName description in the DsBind topic.

DnsDomainName [in, optional]

Pointer to a null-terminated string that contains the fully qualified DNS name of the domain to bind to. For more information, see the DnsDomainName description in the DsBind topic.

AuthIdentity [in, optional]

Contains an RPC_AUTH_IDENTITY_HANDLE value that represents the credentials to be used for the bind. The DsMakePasswordCredentials function is used to obtain this value. If this parameter is NULL, the credentials of the calling thread are used.

DsUnBind must be called before freeing this handle with the DsFreePasswordCredentials function.

ServicePrincipalName [in, optional]

Pointer to a null-terminated string that specifies the Service Principal Name to assign to the client. Passing NULL in ServicePrincipalName is equivalent to a call to the DsBindWithCred function.

phDS [out]

Address of a HANDLE value that receives the binding handle. To close this handle, pass it to the DsUnBind function.

Return value

Returns ERROR_SUCCESS if successful or a Windows or RPC error code otherwise. The following are the most common error codes.

Return codeDescription
ERROR_INVALID_DOMAINNAME

The format of the specified DnsDomainName is invalid.

ERROR_INVALID_PARAMETER

phDS is invalid.

ERROR_NO_SUCH_DOMAIN

No domain controller is available for the specified domain or the domain does not exist.

ERROR_NOT_ENOUGH_MEMORY

A memory allocation failure occurred.

 

Requirements

Minimum supported client

Windows Vista

Minimum supported server

Windows Server 2003

Header

Ntdsapi.h

Library

Ntdsapi.lib

DLL

Ntdsapi.dll

Unicode and ANSI names

DsBindWithSpnW (Unicode) and DsBindWithSpnA (ANSI)

See also

DsBind
DsBindWithCred
DsUnBind
Domain Controller and Replication Management Functions

 

 

Show:
© 2015 Microsoft