3.1.5.9.2 SamrGetAliasMembership (Opnum 16)

The SamrGetAliasMembership method obtains the union of all aliases that a given set of SIDs is a member of.

 long SamrGetAliasMembership(
   [in] SAMPR_HANDLE DomainHandle,
   [in] PSAMPR_PSID_ARRAY SidArray,
   [out] PSAMPR_ULONG_ARRAY Membership
 );

DomainHandle: An RPC context handle, as specified in section 2.2.3.2, representing a domain object.

SidArray: A list of SIDs.

Membership: The union of all aliases (represented by RIDs) that all SIDs in SidArray are a member of.

This protocol asks the RPC runtime, via the strict_context_handle attribute, to reject the use of context handles created by a method of a different RPC interface than this one, as specified in [MS-RPCE] section 3.

Upon receiving this message, the server MUST process the data from the message subject to the following constraints:

  1. The server MUST return an error if DomainHandle.HandleType is not equal to "Domain".

  2. DomainHandle.GrantedAccess MUST have the required access specified in section 3.1.2.1. Otherwise, the server MUST return STATUS_ACCESS_DENIED.

  3. For each SID value in SidArray, the server MUST determine the union of all database objects in the domain referenced by DomainHandle.Object with class group and groupType GROUP_TYPE_SECURITY_RESOURCE whose member value contains the SID.

  4. The returned Membership parameter MUST contain the RIDs of the objectSid attribute of the union of all groups found by constraint 2.