Re: Failure of Win API LsaQueryTrustedDomainInfo(..) on a WinNT machine with IN parameter to information class as TrustedDomainInformationEx
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 12/31/04
- Previous message: Roger Abell: "Re: Cannot log in locally"
- In reply to: soumen_at_gmail.com: "Re: Failure of Win API LsaQueryTrustedDomainInfo(..) on a WinNT machine with IN parameter to information class as TrustedDomainInformationEx"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 31 Dec 2004 03:49:18 -0700
Then I would try taking this up in the MSDN forums as
it seems either something in your calling parms, or the
implemention of the APIs
-- Roger Abell <soumen@gmail.com> wrote in message news:1104478725.543661.300660@c13g2000cwb.googlegroups.com... > > Have you tried with the NT domain at SP 6a? > > Yes, we did try with NT domain at SP 6a and are facing the exact same > issues as described earlier. > > Regards, > Soumen > > Roger Abell wrote: > > I am only addressing the question "Is this a supported config?" > > to which I believe the answer is no. SP4 for NT was released > > with some back-port of what was envisioned would be needed > > for AD inter-op but this was back when it was still call Windows > > NT5 instead of Windows 2000. > > Have you tried with the NT domain at SP 6a? > > > > You issues of course may be due to other reasons, but I do > > believe it is true to say that trust of W2k3 with NT4 at SP 4 > > is not a supported config. > > > > -- > > Roger Abell > > Microsoft MVP (Windows Security) > > MCSE (W2k3,W2k,Nt4) MCDBA > > "Soumen Das" <soumen@gmail.com> wrote in message > > news:cf62634e.0412290200.531670ab@posting.google.com... > > > We have a trust relationship set up between domain servers Win 2003 > > > and WinNT PDC(SP4) machine. We have verified that an NT user could > log > > > on to a Win2k3 domain and vice-versa indicating mixed domain trust > was > > > successfully created. > > > > > > Question 1: Is this a supported configuration? > > > > > > Now, we are trying to obtain trust relationship properties for the > Win > > > NT PDC machine containing information as/similar stored in > > > TRUSTED_DOMAIN_INFORMATION_EX structure. > > > > > > The problem is - > > > Win API LsaQueryTrustedDomainInfo(..) fails with "Access is > denied" > > > error on a Windows NT machine when the IN parameter to Information > > > class is TrustedDomainInformationEx (even though the Trust > > > Relationship has been successfully created). > > > > > > The Win API Call Sequence is > > > - LsaOpenPolicy (..) // null to systemname, POLICY_ALL_ACCESS was > > > granted to in parameter ACCESS_MASK > > > - LsaEnumerateTrustedDomains(..) // valid SIDs of one or more > trusted > > > domains returned in out parameter Buffer > > > - LsaQueryTrustedDomainInfo(..) // in parameter to Information > class > > > as TrustedDomainInformationEx > > > > > > Reference - > > > > > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmgmt/security/lsaquerytrusteddomaininfo.asp > > > This link mentions support for WinNT server 3.51 and later. > > > > > > Our executable was made to run as an administrative account and/or > as > > > a local system user on WinNT PDC. > > > > > > Question 2 - Is there any alternative API to obtain trust > relationship > > > properties on a Win NT PDC machine containing information > as/similar > > > stored in TRUSTED_DOMAIN_INFORMATION_EX structure? OR Are we doing > > > anything that is incorrect? > > > > > > Regards, > > > Soumen >
- Previous message: Roger Abell: "Re: Cannot log in locally"
- In reply to: soumen_at_gmail.com: "Re: Failure of Win API LsaQueryTrustedDomainInfo(..) on a WinNT machine with IN parameter to information class as TrustedDomainInformationEx"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
