LsaCreateTrustedDomainEx function
The LsaCreateTrustedDomainEx function establishes a new trusted domain by creating a new TrustedDomain object.
Syntax
NTSTATUS LsaCreateTrustedDomainEx( _In_ LSA_HANDLE PolicyHandle, _In_ PTRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation, _In_ PTRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation, _In_ ACCESS_MASK DesiredAccess, _Out_ PLSA_HANDLE TrustedDomainHandle );
Parameters
- PolicyHandle [in]
-
A handle to a Policy object. For the object to be created, the caller must have permission to create children on the System container. For information about policy object handles, see Opening a Policy Object Handle.
- TrustedDomainInformation [in]
-
Pointer to a TRUSTED_DOMAIN_INFORMATION_EX structure that contains the name and SID of the new trusted domain.
- AuthenticationInformation [in]
-
Pointer to a TRUSTED_DOMAIN_AUTH_INFORMATION structure that contains authentication information for the new trusted domain.
- DesiredAccess [in]
-
An ACCESS_MASK structure that specifies the accesses to be granted for the new trusted domain.
- TrustedDomainHandle [out]
-
Receives the LSA policy handle of the remote trusted domain. You can pass this handle into LSA function calls to manage the LSA policy of the trusted domain.
When your application no longer needs this handle, it should call LsaClose to delete the handle.
Return value
If the function succeeds, the function returns STATUS_SUCCESS.
If the function fails, it returns an NTSTATUS code, which can be one of the following values or one of the LSA Policy Function Return Values.
| Return code | Description |
|---|---|
|
The target system (specified in the TrustedDomainInformation parameter) for the TrustedDomain object is not a domain controller. |
|
The specified SID is not valid. |
|
Unable to determine whether the target system is a domain controller. |
You can use the LsaNtStatusToWinError function to convert the NTSTATUS code to a Windows error code.
Remarks
LsaCreateTrustedDomainEx does not check whether the specified domain name matches the specified SID or whether the SID and name represent an actual domain.
Requirements
|
Minimum supported client |
Windows XP [desktop apps only] |
|---|---|
|
Minimum supported server |
Windows Server 2003 [desktop apps only] |
|
Header |
|
|
Library |
|
|
DLL |
|
See also
- LsaSetTrustedDomainInformation
- LsaSetTrustedDomainInfoByName
- LsaDeleteTrustedDomain
- LsaClose
- TRUSTED_DOMAIN_AUTH_INFORMATION
- TRUSTED_DOMAIN_INFORMATION_EX