3.1.4.1 LsarGetAvailableCAPIDs (Opnum 0)

This method returns a list of the CAPIDs of all the central access policies available on the specified remote machine. These identifiers are equivalent to the SIDs of the central access policy objects as they are stored in Active Directory.

 NTSTATUS LsarGetAvailableCAPIDs(
         [in] handle_t BindingHandle,
         [out] LSAPR_WRAPPED_CAPID_SET* WrappedCAPIDs);
  

BindingHandle: A handle to an RPC binding for the specified remote machine.

WrappedCAPIDs: A pointer to LSAPR_WRAPPED_CAPID_SET, as defined in section 2.2.1.1.

Return Values:

If the method succeeds, the function MUST return 0x00000000 (ERROR_SUCCESS).

If the method fails, it MUST return a nonzero error code from the values defined in [MS-ERREF].

When processing this call, the server MUST return an LSAPR_WRAPPED_CAPID_SET constructed as follows:

  1. The server MUST ensure that an authentication level identifier (as specified in [MS-RPCE] section 2.2.1.1.8) other than RPCE_C_AUTHN_LEVEL_NONE is present in the RPC message. Otherwise, the server MUST return STATUS_ACCESS_DENIED.

  2. The Entries field of the LSAPR_WRAPPED_CAPID_SET MUST be set to the number of CentralAccessPolicy objects in the CentralAccessPoliciesList ADM element.

  3. The SidInfo field of the LSAPR_WRAPPED_CAPID_SET structures MUST be set to an array of pointers to LSAPR_SID_INFORMATION structures. There MUST be one LSAPR_SID_INFORMATION structure in the array for each CentralAccessPolicy object in the CentralAccessPoliciesList ADM element. Each LSAPR_SID_INFORMATION structure MUST be set to the CAPID field of the corresponding CentralAccessPolicy object.