3.1.5.11.3 SamrLookupIdsInDomain (Opnum 18)

  • Article

msdn link

The SamrLookupIdsInDomain method translates a set of RIDs into account names.

 long SamrLookupIdsInDomain(
   [in] SAMPR_HANDLE DomainHandle,
   [in, range(0,1000)] unsigned long Count,
   [in, size_is(1000), length_is(Count)] 
     unsigned long* RelativeIds,
   [out] PSAMPR_RETURNED_USTRING_ARRAY Names,
   [out] PSAMPR_ULONG_ARRAY Use
 );

DomainHandle: An RPC context handle, as specified in section 2.2.7.2, representing a domain object.

Count: The number of elements in RelativeIds. The maximum value of 1,000 is chosen to limit the amount of memory that the client can force the server to allocate.

RelativeIds: An array of RIDs that are to be mapped to account names.

Names: A structure containing an array of account names that correspond to the elements in RelativeIds.

Use: A structure containing an array of SID_NAME_USE enumeration values that describe the type of account for each entry in RelativeIds.

This protocol asks the RPC runtime, via the strict_context_handle attribute, to reject the use of context handles created by a method of a different RPC interface than this one, as specified in [MS-RPCE] section 3.

On receiving this message, the server MUST process the data from the message subject to the following constraints:

  1. The server MUST return an error if DomainHandle.HandleType is not equal to "Domain".

  2. DomainHandle.GrantedAccess MUST have the required access specified in section 3.1.2.2. Otherwise, the server MUST return STATUS_ACCESS_DENIED.

  3. Let U be the set of all database objects whose objectSid's domain prefix matches the domain prefix of the domain referenced by DomainHandle.Object.

  4. For each element in RelativeIds that matches the RID of a database object's objectSid attribute value in the set U, the server MUST fill in Names and Use as follows:

    1. Let 'i' be the current element of RelativeIds.

    2. Names.Element[i] is the sAMAccoutName attribute value of the matched object.

    3. Use.Element[i] is set as follows.

      objectClass

      GroupType

      Use

      User

      n/a

      SidTypeUser

      Group

      GROUP_TYPE_ACCOUNT_GROUP

      SidTypeGroup

      Group

      GROUP_TYPE_UNIVERSAL_GROUP

      SidTypeGroup

      Group

      Any value not matching the above criteria for Group

      SidTypeAlias

  5. For each element in RelativeIds that does not match the RID of a database object's objectSid attribute value, the server MUST fill in Names and Use as follows:

    1. Let 'i' be the current element of RelativeIds.

    2. All fields of Names.Element[i] MUST be set to 0.

    3. Use.Element[i] is SidTypeUnknown.

  6. Otherwise:

    1. Names.Count MUST be set to the input parameter Count on successful completion of the method.

    2. Use.Count MUST be set to the input parameter Count on successful completion of the method.

    3. If the number of matched accounts is equal to the input parameter Count, 0 MUST be returned.

    4. If the number of matched accounts is less than the input parameter Count but greater than 0, STATUS_SOME_NOT_MAPPED MUST be returned. Note that this is not an error condition.

    5. If the number of matched accounts is 0, STATUS_NONE_MAPPED MUST be returned.