3.2 Client Details

  • Article

The client side of this protocol is simply a pass-through between the transport and the higher-layer protocol or application. There are no additional timers or other state required on the client side. Calls made by a higher-layer protocol or application are passed directly to the transport, and the results returned by the transport are passed directly back to the higher-layer protocol or application.

There are several versions of messages that provide similar functionality. Higher-level protocols or applications can use the following guidelines when deciding what message to send.<36>

For selecting between LsarLookupNames4, LsarLookupNames3, LsarLookupNames2, and LsarLookupNames:

  • Only a domain controller can process an LsarLookupNames4 message.

  • LsarLookupNames4 requires an RPC handle (specified in its RpcHandle parameter) and that the connection is authenticated using the RPC_C_AUTHN_NETLOGON security provider, as specified in [MS-RPCE] section 2.2.1.1.7.

  • If these requirements are available to the caller, LsarLookupNames4 can be used; otherwise, LsarLookupNames3 is preferred.

  • Domain controllers and non–domain controllers can process LsarLookupNames3, LsarLookupNames2, and LsarLookupNames messages.

For specifics on each message, see sections 3.1.4.5, 3.1.4.6, 3.1.4.7, and 3.1.4.8.

For selecting between LsarLookupSids3, LsarLookupSids2, and LsarLookupSids:

  • Only a domain controller can process an LsarLookupSids3 message.

  • LsarLookupSids3 requires an RPC handle (specified in its RpcHandle parameter) and that the connection is authenticated using the RPC_C_AUTHN_NETLOGON security provider, as specified in [MS-RPCE] section 2.2.1.1.7.

  • If these requirements are available to the caller, LsarLookupSids3 can be used; otherwise, LsarLookupSids2 is preferred.

  • Domain controllers and non–domain controllers can process LsarLookupSids2 and LsarLookupSids messages.

For specifics on each message, see sections 3.1.4.9, 3.1.4.10, and 3.1.4.11.