LsaCreateTrustedDomainEx function

The LsaCreateTrustedDomainEx function establishes a new trusted domain by creating a new TrustedDomain object.

Syntax

NTSTATUS LsaCreateTrustedDomainEx(
  LSA_HANDLE                       PolicyHandle,
  PTRUSTED_DOMAIN_INFORMATION_EX   TrustedDomainInformation,
  PTRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation,
  ACCESS_MASK                      DesiredAccess,
  PLSA_HANDLE                      TrustedDomainHandle
);

Parameters

PolicyHandle

A handle to a Policy object. For the object to be created, the caller must have permission to create children on the System container. For information about policy object handles, see Opening a Policy Object Handle.

TrustedDomainInformation

Pointer to a TRUSTED_DOMAIN_INFORMATION_EX structure that contains the name and SID of the new trusted domain.

AuthenticationInformation

Pointer to a TRUSTED_DOMAIN_AUTH_INFORMATION structure that contains authentication information for the new trusted domain.

DesiredAccess

An ACCESS_MASK structure that specifies the accesses to be granted for the new trusted domain.

TrustedDomainHandle

Receives the LSA policy handle of the remote trusted domain. You can pass this handle into LSA function calls to manage the LSA policy of the trusted domain.

When your application no longer needs this handle, it should call LsaClose to delete the handle.

Return Value

If the function succeeds, the function returns STATUS_SUCCESS.

If the function fails, it returns an NTSTATUS code, which can be one of the following values or one of the LSA Policy Function Return Values.

Return code Description
STATUS_DIRECTORY_SERVICE_REQUIRED
The target system (specified in the TrustedDomainInformation parameter) for the TrustedDomain object is not a domain controller.
STATUS_INVALID_SID
The specified SID is not valid.
STATUS_UNSUCCESSFUL
Unable to determine whether the target system is a domain controller.
 

You can use the LsaNtStatusToWinError function to convert the NTSTATUS code to a Windows error code.

Remarks

LsaCreateTrustedDomainEx does not check whether the specified domain name matches the specified SID or whether the SID and name represent an actual domain.

Requirements

   
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header ntsecapi.h
Library Advapi32.lib
DLL Advapi32.dll

See Also

LsaClose

LsaDeleteTrustedDomain

LsaSetTrustedDomainInfoByName

LsaSetTrustedDomainInformation

TRUSTED_DOMAIN_AUTH_INFORMATION

TRUSTED_DOMAIN_INFORMATION_EX