LsaEnumerateTrustedDomainsEx function (ntsecapi.h)

The LsaEnumerateTrustedDomainsEx function returns information about the domains trusted by the local system.LsaEnumerateTrustedDomainsEx returns information only on direct trusts. DsEnumerateDomainTrusts is recommended for more complete trust enumeration purposes.


NTSTATUS LsaEnumerateTrustedDomainsEx(
  [in]  LSA_HANDLE              PolicyHandle,
  [in]  PLSA_ENUMERATION_HANDLE EnumerationContext,
  [out] PVOID                   *Buffer,
  [in]  ULONG                   PreferedMaximumLength,
  [out] PULONG                  CountReturned


[in] PolicyHandle

A handle to a Policy object. This call requires POLICY_VIEW_LOCAL_INFORMATION access to the Policy object. For more information, see Opening a Policy Object Handle.

[in] EnumerationContext

A pointer to an LSA_ENUMERATION_HANDLE that you can use to make multiple calls to LsaEnumerateTrustedDomainsEx to retrieve all of the trusted domain information. For more information, see Remarks.

[out] Buffer

Pointer to a buffer that receives a list of TRUSTED_DOMAIN_INFORMATION_EX structures that contain information about the enumerated trusted domains.

Your application should free this buffer when it is no longer needed by calling LsaFreeMemory.

[in] PreferedMaximumLength

Preferred maximum length, in bytes, of returned data. This is not a hard upper limit, but serves as a guide. Due to data conversion between systems with different natural data sizes, the actual amount of data returned may be greater than this value.

[out] CountReturned

Pointer to a LONG that receives the number of trusted domain objects returned.

Return value

If the function succeeds, the function returns STATUS_SUCCESS.

If the function fails, it returns an NTSTATUS code, which can be one of the following values or one of the LSA Policy Function Return Values.

Value Description
Caller does not have the appropriate access to complete the operation.
There are no more entries. This warning is returned if no objects have been enumerated because the EnumerationContext value is too high.

You can use the LsaNtStatusToWinError function to convert the NTSTATUS code to a Windows error code.


Retrieving all trust information may require more than a single LsaEnumerateTrustedDomainsEx call.

To use the EnumerationContext parameter to make multiple calls

  1. Set the variable pointed to by EnumerationContext to zero.
  2. If LsaEnumerateTrustedDomainsEx returns STATUS_SUCCESS or STATUS_MORE_ENTRIES, call the function again, passing in the EnumerationContext value returned by the previous call.
  3. The enumeration is complete when the function returns STATUS_NO_MORE_ENTRIES.


Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header ntsecapi.h
Library Advapi32.lib
DLL Advapi32.dll

See also