3.1.1.13.2 ExpandMemberships
-
procedure ExpandMemberships( InputSids: ARRAY(SID), OperationType: DWORD, ExpandedSids: ARRAY(SID), MaxValidityTimeHint: LARGE_INTEGER) : NTSTATUS
InputSids: An array of SIDs to be expanded.
OperationType: Specifies how the SIDs in InputSids are to be expanded. Must be a value from the REVERSE_MEMBERSHIP_OPERATION_TYPE enumeration ([MS-DRSR] section 4.1.8.1.3).
ExpandedSids: Returns the set of expanded SIDs.
MaxValidityTimeHint: Returns the smallest expiration timestamp of all memberships returned in ExpandedSids, or zero if all memberships are persistent.
Return Values: This procedure returns STATUS_SUCCESS ([MS-ERREF] section 2.3.1) to indicate success; otherwise, an NTSTATUS error code.
Note This procedure utilizes the IDL_DRSGetMemberships method ([MS-DRSR] section 4.1.8).
Logical Processing:
-
Status: NTSTATUS; OutVersion: DWORD; msgIn: DRS_MSG_REVMEMB_REQ; msgOut: DRS_MSG_REVMEMB_REPLY; MaxValidityTimeHint := 0; /* Initialize input argument for IDL_DRSGetMemberships */ msgIn.dwInVersion := 1; msgIn.cDSNames := ARRAYSIZE(InputSids); msgIn.ppDSNames := InputSids; msgIn.dwFlags := 0; msgIn.OperationType := OperationType; msgIn.pLimitingDomain := NULL; /* Invoke IDL_DRSGetMemberships locally */ Status := IDL_DRSGetMemberships(NULL, 1, &msgIn, &OutVersion, &msgOut); if Status != STATUS_SUCCESS return Status; /* Merge the returned SIDs and returned SID-history SIDs */ ExpandedSids := msgOut.ppDSNames + msgOut.ppSidHistory; if (minimum TTL of all memberships returned in ExpandedSids > 0) MaxValidityTimeHint := (minimum TTL of all memberships returned in ExpandedSids); endif return STATUS_SUCCESS;