2.2.7.9 LSAPR_TRUSTED_DOMAIN_INFORMATION_EX

The LSAPR_TRUSTED_DOMAIN_INFORMATION_EX structure communicates properties of a trusted domain. The following structure corresponds to the TrustedDomainInformationEx information class. Domain trusts are specified in [MS-ADTS] section 6.1.6.

 typedef struct _LSAPR_TRUSTED_DOMAIN_INFORMATION_EX {
   RPC_UNICODE_STRING Name;
   RPC_UNICODE_STRING FlatName;
   PRPC_SID Sid;
   unsigned long TrustDirection;
   unsigned long TrustType;
   unsigned long TrustAttributes;
 } LSAPR_TRUSTED_DOMAIN_INFORMATION_EX,
  *PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX;

Name: The DNS name of the domain. Maps to the Name field, as specified in section 3.1.1.5.

FlatName: The NetBIOS name of the trusted domain, as specified in [RFC1088]. Maps to the Flat Name field, as specified in section 3.1.1.5.

Sid: The domain SID. Maps to the Security Identifier field, as specified in section 3.1.1.5.

TrustDirection: This field contains bitmapped values that define the properties of the direction of trust between the local domain and the named domain. One or more of the valid flags can be set. If all bits are 0, the trust is said to be disabled.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

I

O

I: The trust is inbound.

O: The trust is outbound.

All other bits SHOULD be 0 and ignored upon receipt.

Maps to the Trust Direction field, as specified in section 3.1.1.5.

TrustType: This field specifies the type of trust between the local domain and the named domain.

Value

Meaning

0x00000001

Trust with a Windows domain that is not running Active Directory.

0x00000002

Trust with a Windows domain that is running Active Directory.

0x00000003

Trust with a non–Windows-compliant Kerberos distribution, as specified in [RFC4120].

0x00000004

Trust with a distributed computing environment (DCE) realm. This is a historical reference and is not used.

Note Other values SHOULD NOT be set.

Maps to the Trust Type field, as specified in section 3.1.1.5.

TrustAttributes: This field contains bitmapped values that define the attributes of the trust.<34>


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

R

R

R

R

R

R

R

R

O

O

R

R

R

R

R

R

R

R

R

R

R

T A P T

T A N C

R

T A R C

T A T E

T A W F

T A C O

T A F T

T A Q D

T A U O

T A N T

TrustAttribute values are described in section 3.1.1.5. The following table shows how these values map to the Trust Attributes field in section 3.1.1.5.

Value

Mapping

TANT (TRUST_ATTRIBUTE_NON_TRANSITIVE)

Trust Attributes: Non-transitive

TAUO (TRUST_ATTRIBUTE_UPLEVEL_ONLY)

Trust Attributes: Uplevel only

TAQD (TRUST_ATTRIBUTE_QUARANTINED_DOMAIN)

Trust Attributes: Quarantined

TAFT (TRUST_ATTRIBUTE_FOREST_TRANSITIVE)

Trust Attributes: Forest trust

TACO (TRUST_ATTRIBUTE_CROSS_ORGANIZATION)

Trust Attributes: Cross organization

TAWF (TRUST_ATTRIBUTE_WITHIN_FOREST)

Trust Attributes: Within forest

TATE (TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL)

Trust Attributes: Treat as external

TARC (TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION)

Trust Attributes: Use RC4 Encryption (for more information about RC4, see [SCHNEIER] section 17.1).

TANC (TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION)

Trust Attributes: Tokens must not be trusted for delegation.

TAPT (TRUST_ATTRIBUTE_PIM_TRUST)

Trust Attributes: PrivilegedIdentityManagement (PIM) trust.

O

Obsolete. SHOULD be set to 0.

R

Reserved for future use. SHOULD be set to zero.