Edit

Share via

LsaCreateTrustedDomainEx function (ntsecapi.h)

The LsaCreateTrustedDomainEx function establishes a new trusted ___domain by creating a new TrustedDomain object.

Syntax

NTSTATUS LsaCreateTrustedDomainEx(
  [in]  LSA_HANDLE                       PolicyHandle,
  [in]  PTRUSTED_DOMAIN_INFORMATION_EX   TrustedDomainInformation,
  [in]  PTRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation,
  [in]  ACCESS_MASK                      DesiredAccess,
  [out] PLSA_HANDLE                      TrustedDomainHandle
);

Parameters

[in] PolicyHandle

A handle to a Policy object. For the object to be created, the caller must have permission to create children on the System container. For information about policy object handles, see Opening a Policy Object Handle.

[in] TrustedDomainInformation

Pointer to a TRUSTED_DOMAIN_INFORMATION_EX structure that contains the name and SID of the new trusted ___domain.

[in] AuthenticationInformation

Pointer to a TRUSTED_DOMAIN_AUTH_INFORMATION structure that contains authentication information for the new trusted ___domain.

[in] DesiredAccess

An ACCESS_MASK structure that specifies the accesses to be granted for the new trusted ___domain.

[out] TrustedDomainHandle

Receives the LSA policy handle of the remote trusted ___domain. You can pass this handle into LSA function calls to manage the LSA policy of the trusted ___domain.

When your application no longer needs this handle, it should call LsaClose to delete the handle.

Return value

If the function succeeds, the function returns STATUS_SUCCESS.

If the function fails, it returns an NTSTATUS code, which can be one of the following values or one of the LSA Policy Function Return Values.

Return code Description
STATUS_DIRECTORY_SERVICE_REQUIRED
 The target system (specified in the TrustedDomainInformation parameter) for the TrustedDomain object is not a ___domain controller.
STATUS_INVALID_SID
 The specified SID is not valid.
STATUS_UNSUCCESSFUL
 Unable to determine whether the target system is a ___domain controller.
 

You can use the LsaNtStatusToWinError function to convert the NTSTATUS code to a Windows error code.

Remarks

LsaCreateTrustedDomainEx does not check whether the specified ___domain name matches the specified SID or whether the SID and name represent an actual ___domain.

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header ntsecapi.h
Library Advapi32.lib
DLL Advapi32.dll

See also

LsaClose

LsaDeleteTrustedDomain

LsaSetTrustedDomainInfoByName

LsaSetTrustedDomainInformation

TRUSTED_DOMAIN_AUTH_INFORMATION

TRUSTED_DOMAIN_INFORMATION_EX