Re: Failure of Win API LsaQueryTrustedDomainInfo(..) on a WinNT machine with IN parameter to information class as TrustedDomainInformationEx

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 12/31/04


Date: Fri, 31 Dec 2004 03:49:18 -0700

Then I would try taking this up in the MSDN forums as
it seems either something in your calling parms, or the
implemention of the APIs

-- 
Roger Abell
<soumen@gmail.com> wrote in message
news:1104478725.543661.300660@c13g2000cwb.googlegroups.com...
> > Have you tried with the NT domain at SP 6a?
>
> Yes, we did try with NT domain at SP 6a and are facing the exact same
> issues as described earlier.
>
> Regards,
> Soumen
>
> Roger Abell wrote:
> > I am only addressing the question "Is this a supported config?"
> > to which I believe the answer is no.  SP4 for NT was released
> > with some back-port of what was envisioned would be needed
> > for AD inter-op but this was back when it was still call Windows
> > NT5 instead of Windows 2000.
> > Have you tried with the NT domain at SP 6a?
> >
> > You issues of course may be due to other reasons, but I do
> > believe it is true to say that trust of W2k3 with NT4 at SP 4
> > is not a supported config.
> >
> > --
> > Roger Abell
> > Microsoft MVP (Windows  Security)
> > MCSE (W2k3,W2k,Nt4)  MCDBA
> > "Soumen Das" <soumen@gmail.com> wrote in message
> > news:cf62634e.0412290200.531670ab@posting.google.com...
> > > We have a trust relationship set up between domain servers Win 2003
> > > and WinNT PDC(SP4) machine. We have verified that an NT user could
> log
> > > on to a Win2k3 domain and vice-versa indicating mixed domain trust
> was
> > > successfully created.
> > >
> > > Question 1: Is this a supported configuration?
> > >
> > > Now, we are trying to obtain trust relationship properties for the
> Win
> > > NT PDC machine containing information as/similar stored in
> > > TRUSTED_DOMAIN_INFORMATION_EX structure.
> > >
> > > The problem is -
> > > Win API LsaQueryTrustedDomainInfo(..)  fails with "Access is
> denied"
> > > error on a Windows NT machine when the IN parameter to Information
> > > class is TrustedDomainInformationEx (even though the Trust
> > > Relationship has been successfully created).
> > >
> > > The Win API Call Sequence is
> > > -  LsaOpenPolicy (..) // null to systemname,  POLICY_ALL_ACCESS was
> > > granted to in parameter ACCESS_MASK
> > > - LsaEnumerateTrustedDomains(..) // valid SIDs of one or more
> trusted
> > > domains returned in out parameter Buffer
> > > - LsaQueryTrustedDomainInfo(..) // in parameter to Information
> class
> > > as TrustedDomainInformationEx
> > >
> > > Reference -
> > >
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmgmt/security/lsaquerytrusteddomaininfo.asp
> > > This link mentions support for WinNT server 3.51 and later.
> > >
> > > Our executable was made to run as an administrative account and/or
> as
> > > a local system user on WinNT PDC.
> > >
> > > Question 2 - Is there any alternative API to obtain trust
> relationship
> > > properties on a Win NT PDC machine containing information
> as/similar
> > > stored in TRUSTED_DOMAIN_INFORMATION_EX structure? OR Are we doing
> > > anything that is incorrect?
> > >
> > > Regards,
> > > Soumen
>


Relevant Pages

  • Re: Connecting to the Internet
    ... > APIs was a lot easier than learning Registry APIs.) ... be installed in all versions of Windows that you choose to support. ... I hope you don't mind me saying you have "missed the boat". ... Vague questions such as that are often ignored in Microsoft newsgroups ...
    (microsoft.public.vb.winapi)
  • Re: I really do like OS X but . . .
    ... >features and APIs included in 2000 and XP. ... >still lots of code on Windows that was originally written for Windows ... >> support perspective too. ... which G5s do fairly well at despite the poor optimizations. ...
    (comp.sys.mac.advocacy)
  • Re: Capture ALL movements...event?
    ... your purposes, elements of Windows itself. ... You said earlier "Alternatively some low level APIs might get you there." ... doesn't display when you are using it with Internet Explorer. ...
    (microsoft.public.word.vba.general)
  • Re: Isnt WHEEL_DELTA an identifier?
    ... I currently have Windows XP S2 installed in my ... _WIN32_WINNT is a symbol defined by YOU in YOUR project settings (or YOUR ... setting hides all of the APIs introduced after NT 3.51. ... you need to tell the compiler that you need those APIs. ...
    (microsoft.public.vc.language)
  • Re: Terminal Services Profile Tab in AD
    ... In Windows 2003 an automation interface for those APIs has been ... that it is possible to use this same DLL on Windows 2000 and XP. ... > of mass change on the attributes in this tab. ... >>anywhere when I try to browse the LDAP db. ...
    (microsoft.public.win2000.active_directory)