220.127.116.11.2 SamrGetAliasMembership (Opnum 16)
The SamrGetAliasMembership method obtains the union of all aliases that a given set of SIDs is a member of.
long SamrGetAliasMembership( [in] SAMPR_HANDLE DomainHandle, [in] PSAMPR_PSID_ARRAY SidArray, [out] PSAMPR_ULONG_ARRAY Membership );
SidArray: A list of SIDs.
Membership: The union of all aliases (represented by RIDs) that all SIDs in SidArray are a member of.
This protocol asks the RPC runtime, via the strict_context_handle attribute, to reject the use of context handles created by a method of a different RPC interface than this one, as specified in [MS-RPCE] section 3.
Upon receiving this message, the server MUST process the data from the message subject to the following constraints:
The server MUST return an error if DomainHandle.HandleType is not equal to "Domain".
DomainHandle.GrantedAccess MUST have the required access specified in section 18.104.22.168. Otherwise, the server MUST return STATUS_ACCESS_DENIED.
For each SID value in SidArray, the server MUST determine the union of all database objects in the domain referenced by DomainHandle.Object with class group and groupType GROUP_TYPE_SECURITY_RESOURCE whose member value contains the SID.
The returned Membership parameter MUST contain the RIDs of the objectSid attribute of the union of all groups found by constraint 2.