LsaCreateTrustedDomainEx

LsaCreateTrustedDomainEx function

The LsaCreateTrustedDomainEx function establishes a new trusted domain by creating a new TrustedDomain object.

Syntax


NTSTATUS LsaCreateTrustedDomainEx(
  _In_  LSA_HANDLE                       PolicyHandle,
  _In_  PTRUSTED_DOMAIN_INFORMATION_EX   TrustedDomainInformation,
  _In_  PTRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation,
  _In_  ACCESS_MASK                      DesiredAccess,
  _Out_ PLSA_HANDLE                      TrustedDomainHandle
);

Parameters

PolicyHandle [in]

A handle to a Policy object. For the object to be created, the caller must have permission to create children on the System container. For information about policy object handles, see Opening a Policy Object Handle.

TrustedDomainInformation [in]

Pointer to a TRUSTED_DOMAIN_INFORMATION_EX structure that contains the name and SID of the new trusted domain.

AuthenticationInformation [in]

Pointer to a TRUSTED_DOMAIN_AUTH_INFORMATION structure that contains authentication information for the new trusted domain.

DesiredAccess [in]

An ACCESS_MASK structure that specifies the accesses to be granted for the new trusted domain.

TrustedDomainHandle [out]

Receives the LSA policy handle of the remote trusted domain. You can pass this handle into LSA function calls to manage the LSA policy of the trusted domain.

When your application no longer needs this handle, it should call LsaClose to delete the handle.

Return value

If the function succeeds, the function returns STATUS_SUCCESS.

If the function fails, it returns an NTSTATUS code, which can be one of the following values or one of the LSA Policy Function Return Values.

Return codeDescription
STATUS_DIRECTORY_SERVICE_REQUIRED

The target system (specified in the TrustedDomainInformation parameter) for the TrustedDomain object is not a domain controller.

STATUS_INVALID_SID

The specified SID is not valid.

STATUS_UNSUCCESSFUL

Unable to determine whether the target system is a domain controller.

 

You can use the LsaNtStatusToWinError function to convert the NTSTATUS code to a Windows error code.

Remarks

LsaCreateTrustedDomainEx does not check whether the specified domain name matches the specified SID or whether the SID and name represent an actual domain.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Ntsecapi.h

Library

Advapi32.lib

DLL

Advapi32.dll

See also

LsaSetTrustedDomainInformation
LsaSetTrustedDomainInfoByName
LsaDeleteTrustedDomain
LsaClose
TRUSTED_DOMAIN_AUTH_INFORMATION
TRUSTED_DOMAIN_INFORMATION_EX

 

 

Show:
© 2016 Microsoft