LookupAccountSidA function

The LookupAccountSid function accepts a security identifier (SID) as input. It retrieves the name of the account for this SID and the name of the first domain on which this SID is found.

Syntax

BOOL LookupAccountSidA(
  LPCSTR        lpSystemName,
  PSID          Sid,
  LPSTR         Name,
  LPDWORD       cchName,
  LPSTR         ReferencedDomainName,
  LPDWORD       cchReferencedDomainName,
  PSID_NAME_USE peUse
);

Parameters

lpSystemName

A pointer to a null-terminated character string that specifies the target computer. This string can be the name of a remote computer. If this parameter is NULL, the account name translation begins on the local system. If the name cannot be resolved on the local system, this function will try to resolve the name using domain controllers trusted by the local system. Generally, specify a value for lpSystemName only when the account is in an untrusted domain and the name of a computer in that domain is known.

Sid

TBD

Name

TBD

cchName

On input, specifies the size, in TCHARs, of the lpName buffer. If the function fails because the buffer is too small or if cchName is zero, cchName receives the required buffer size, including the terminating null character.

ReferencedDomainName

TBD

cchReferencedDomainName

On input, specifies the size, in TCHARs, of the lpReferencedDomainName buffer. If the function fails because the buffer is too small or if cchReferencedDomainName is zero, cchReferencedDomainName receives the required buffer size, including the terminating null character.

peUse

A pointer to a variable that receives a SID_NAME_USE value that indicates the type of the account.

Return Value

If the function succeeds, the function returns nonzero.

If the function fails, it returns zero. To get extended error information, call GetLastError.

Remarks

The LookupAccountSid function attempts to find a name for the specified SID by first checking a list of well-known SIDs. If the supplied SID does not correspond to a well-known SID, the function checks built-in and administratively defined local accounts. Next, the function checks the primary domain. Security identifiers not recognized by the primary domain are checked against the trusted domains that correspond to their SID prefixes.

If the function cannot find an account name for the SID, GetLastError returns ERROR_NONE_MAPPED. This can occur if a network time-out prevents the function from finding the name. It also occurs for SIDs that have no corresponding account name, such as a logon SID that identifies a logon session.

In addition to looking up SIDs for local accounts, local domain accounts, and explicitly trusted domain accounts, LookupAccountSid can look up SIDs for any account in any domain in the forest, including SIDs that appear only in the SIDhistory field of an account in the forest. The SIDhistory field stores former SIDs of an account that has been moved from another domain. To look up a SID, LookupAccountSid queries the global catalog of the forest.

Examples

For an example that uses this function, see Searching for a SID in an Access Token.

Requirements

   
Windows version Windows XP [desktop apps UWP apps] Windows Server 2003 [desktop apps UWP apps]
Target Platform Windows
Header winbase.h (include Windows.h)
Library Advapi32.lib
DLL Advapi32.dll

See Also

Access Control Overview

Basic Access Control Functions

EqualPrefixSid

LookupAccountName

SID

SID_NAME_USE