SamrRemoveMemberFromForeignDomain (Opnum 45)

The SamrRemoveMemberFromForeignDomain method removes a member from all aliases.

 long SamrRemoveMemberFromForeignDomain(
   [in] SAMPR_HANDLE DomainHandle,
   [in] PRPC_SID MemberSid

DomainHandle: An RPC context handle, as specified in section, representing a domain object.

MemberSid: The SID to remove from the membership.

This protocol asks the RPC runtime, via the strict_context_handle attribute, to reject the use of context handles created by a method of a different RPC interface than this one, as specified in [MS-RPCE] section 3.

Upon receiving this message, the server MUST process the data from the message subject to the following constraints:

  1. The server MUST return an error if DomainHandle.HandleType is not equal to "Domain".

  2. DomainHandle.GrantedAccess MUST have the required access specified in section Otherwise, the server MUST return STATUS_ACCESS_DENIED.

  3. All database operations MUST occur in a single transaction.

  4. If the server is not a domain controller, for all alias objects in the domain referenced by DomainHandle.Object, the server MUST remove any member value that references the object with the objectSid attribute value of MemberSid.

  5. If the server is a domain controller, the server MUST return STATUS_SUCCESS without making any modifications to any alias objects.