3.1.4.7.11 LsarCreateTrustedDomainEx (Opnum 51)

  • Article

The LsarCreateTrustedDomainEx method is invoked to create a new trusted domain object (TDO).

 NTSTATUS LsarCreateTrustedDomainEx(
   [in] LSAPR_HANDLE PolicyHandle,
   [in] PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,
   [in] PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation,
   [in] ACCESS_MASK DesiredAccess,
   [out] LSAPR_HANDLE* TrustedDomainHandle
 );

PolicyHandle: An RPC context handle obtained from either LsarOpenPolicy or LsarOpenPolicy2.

TrustedDomainInformation: Information about the new TDO to be created.

AuthenticationInformation: Encrypted authentication information for the new TDO.

DesiredAccess: An access mask that specifies desired access to the TDO handle.

TrustedDomainHandle: Used to return the handle for the newly created TDO.

Return Values: The following is a summary of the return values that an implementation MUST return, as specified by the message processing that follows.

Return value/code

Description

0x00000000

STATUS_SUCCESS

The request was successfully completed.

0xC0000022

STATUS_ACCESS_DENIED

The caller does not have the permissions to perform this operation.

0xC000000D

STATUS_INVALID_PARAMETER

One of the supplied arguments is invalid.

0xC0000300

STATUS_NOT_SUPPORTED_ON_SBS

The operation is not supported on a particular product.<104>

0xC00000DD

STATUS_INVALID_DOMAIN_STATE

The operation cannot complete in the current state of the domain.

0xC00002B1

STATUS_DIRECTORY_SERVICE_REQUIRED

The Active Directory service was not available on the server.

0xC0000078

STATUS_INVALID_SID

The security identifier of the trusted domain is not valid.

0xC00002E9

STATUS_CURRENT_DOMAIN_NOT_ALLOWED

Trust cannot be established with the current domain.

0xC0000035

STATUS_OBJECT_NAME_COLLISION

Another TDO already exists that matches some of the identifying information of the supplied information.

0xC0000008

STATUS_INVALID_HANDLE

PolicyHandle is not a valid handle.

0xC0000401

STATUS_PER_USER_TRUST_QUOTA_EXCEEDED

The caller's quota for the maximum number of TDOs that can be created by control access right Create-Inbound-Trust is exceeded.

0xC0000402

STATUS_ALL_USER_TRUST_QUOTA_EXCEEDED

The combined users' quota for the maximum number of TDOs that can be created by control access right Create-Inbound-Trust is exceeded.

Processing:

This message MUST be processed in an identical manner to LsarCreateTrustedDomainEx2, with the following exceptions.

AuthenticationInformation is a structure containing authentication information for the trusted domain. The authentication information is not encrypted, which makes this an insecure message to call. As a result, callers SHOULD NOT invoke this message and SHOULD instead call LsarCreateTrustedDomainEx2.