Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
-
procedure LookupName( flags: DWORD, formatOffered: DWORD, formatDesired: DWORD, name: unicodestring): DS_NAME_RESULT_ITEMW
Informative summary of behavior: The LookupName procedure performs the lookup of a single name in a given input format and produces the output name in the given output format.
-
rt: sequence of DSName obj: DSName fSidHistory: boolean result: DS_NAME_RESULT_ITEMW names: sequence of unicodestring domainName: unicodestring fCanonicalEx: boolean referredDomain: unicodestring if formatOffered = DS_UNKNOWN_NAME then return LookupUnknownName(flags, name, formatDesired) endif domainName := null if formatOffered = DS_FQDN_1779_NAME then rt := LookupAttr(flags, distinguishedName, name) domainName := DomainDNSNameFromDomain(RetrieveDCSuffixFromDn(name)) else if formatOffered = DS_NT4_ACCOUNT_NAME then rt := LookupAttr(flags, sAMAccountName, UserNameFromNT4AccountName(name)) domainName := DomainNameFromNT4AccountName(name) else if formatOffered = DS_USER_PRINCIPAL_NAME then rt := LookupUPNAndAltSecID(flags, false, name) domainName := DomainNameFromUPN(name) else if formatOffered = DS_CANONICAL_NAME then rt := LookupCanonicalName(name) domainName := DomainNameFromCanonicalName(name) else if formatOffered = DS_UNIQUE_ID_NAME then rt := select all o from all where o!objectGuid = GuidFromString(true, name) else if formatOffered = DS_DISPLAY_NAME then rt := LookupAttr(flags, displayName, name) else if formatOffered = DS_SERVICE_PRINCIPAL_NAME then rt := LookupSPN(flags, name) domainName := GetServiceNameFromSPN(name) else if formatOffered in {DS_SID_OR_SID_HISTORY_NAME, DS_STRING_SID_NAME} then rt := LookupSID(flags, SidFromStringSid(name)) domainName := DomainNameFromSid(DomainSidFromSid(SidFromStringSid(name))) else if formatOffered = DS_CANONICAL_NAME_EX then rt := LookupCanonicalName(CanonicalNameFromCanonicalNameEx(name)) domainName := DomainNameFromCanonicalName(name) else if formatOffered in {DS_NT4_ACCOUNT_NAME_SANS_DOMAIN, DS_NT4_ACCOUNT_NAME_SANS_DOMAIN_EX} then rt := LookupAttr(flags, sAMAccountName, name) else if formatOffered = DS_ALT_SECURITY_IDENTITIES_NAME then rt := LookupAttr(flags, altSecurityIdentities, name) else if formatOffered = DS_USER_PRINCIPAL_NAME_AND_ALTSECID then rt := LookupUPNAndAltSecID(flags, true, name) domainName := DomainNameFromUPN(name) else rt := null endif result.pName^ := null result.pDomain^ := null result.status := DS_NAME_NO_ERROR if rt = null and domainName ≠ null then result.status := DS_NAME_ERROR_DOMAIN_ONLY if formatOffered in {DS_NT4_ACCOUNT_NAME, DS_USER_PRINCIPAL_NAME, DS_SERVICE_PRINCIPAL_NAME, DS_SID_OR_SID_HISTORY_NAME, DS_STRING_SID_NAME,DS_USER_PRINCIPAL_NAME_AND_ALTSECID} then if IsDomainNameInTrustedForest(domainName, referredDomain) then result.pDomain^ := referredDomain if DS_NAME_FLAG_TRUST_REFERRAL in flags then result.status := DS_NAME_ERROR_TRUST_REFERRAL else result.status := DS_NAME_ERROR_DOMAIN_ONLY endif endif endif return result endif if rt = null then /* No match. */ result.status := DS_NAME_ERROR_NOT_FOUND return result endif if rt.length > 1 then /* Found more than one matching object. */ result.status := DS_NAME_ERROR_NOT_UNIQUE return result endif obj := rt[0] if formatOffered = DS_NT4_ACCOUNT_NAME_SANS_DOMAIN_EX then /* Check that the account is valid. */ if obj!userAccountControl ∩ {ADS_UF_ACCOUNTDISABLE, ADS_UF_TEMP_DUPLICATE_ACCOUNT} ≠ {} then result.status := DS_NAME_ERROR_NOT_FOUND return result endif endif if formatOffered = DS_STRING_SID_NAME then /* The type of the object needs to be specified in result.status. */ /* Check if the value came from sIDHistory or objectSid. */ fSidHistory := SidFromStringSid(name) in obj!sidHistory if obj!sAMAccountType in {SAM_USER_OBJECT, SAM_MACHINE_ACCOUNT, SAM_TRUST_ACCOUNT} then if fSidHistory then result.status := DS_NAME_ERROR_IS_SID_HISTORY_USER else result.status := DS_NAME_ERROR_IS_SID_USER endif else if obj!sAMAccountType in {SAM_NON_SECURITY_GROUP_OBJECT, SAM_GROUP_OBJECT} then if fSidHistory then result.status := DS_NAME_ERROR_IS_SID_HISTORY_GROUP else result.status := DS_NAME_ERROR_IS_SID_GROUP endif else if obj!sAMAccountType in {SAM_NON_SECURITY_ALIAS_OBJECT, SAM_ALIAS_OBJECT} then if fSidHistory then result.status := DS_NAME_ERROR_IS_SID_HISTORY_ALIAS else result.status := DS_NAME_ERROR_IS_SID_ALIAS endif else if fSidHistory then result.status := DS_NAME_ERROR_IS_SID_HISTORY_UNKNOWN else result.status := DS_NAME_ERROR_IS_SID_UNKNOWN endif endif endif /* Found exactly one object. Construct the output name in the * desired format. */ names := ConstructOutput(obj, formatDesired) if formatDesired not in { DS_FQDN_1779_NAME, DS_NT4_ACCOUNT_NAME, DS_DISPLAY_NAME, DS_UNIQUE_ID_NAME, DS_CANONICAL_NAME, DS_CANONICAL_NAME_EX, DS_USER_PRINCIPAL_NAME, DS_SERVICE_PRINCIPAL_NAME, DS_STRING_SID_NAME, DS_USER_PRINCIPAL_NAME_FOR_LOGON } then result.status := DS_NAME_ERROR_RESOLVING return result end if if names = null and foreignSecurityPrincipal in obj!objectClass and obj!SID ≠ null and DS_NAME_FLAG_PRIVATE_RESOLVE_FPOS in flags and formatDesired in { DS_NT4_ACCOUNT_NAME, DS_DISPLAY_NAME, DS_CANONICAL_NAME, DS_CANONICAL_NAME_EX, DS_USER_PRINCIPAL_NAME, DS_USER_PRINCIPAL_NAME_FOR_LOGON, DS_SERVICE_PRINCIPAL_NAME} then /* Found a foreign security principal for which the desired name is not * included. Use the LSAT protocol to lookup the name. Note: For any * desired format, it can only return either DS_CANONICAL_NAME or * DS_CANONICAL_NAME_EX. */ if (formatDesired=DS_CANONICAL_NAME_EX) then fCanonicalEx := true else fCanonicalEx := false endif result := LookupFPO(fCanonicalEx, obj, result) return result endif if names = null then /* Could not construct the required name format. */ result.status := DS_NAME_ERROR_NO_MAPPING return result endif if names.length > 1 then /* Too many output names. */ result.status := DS_NAME_ERROR_NOT_UNIQUE return result endif result.pName^ := names[0] result.pDomain^ := DomainDNSNameFromDomain(GetObjectNC(obj)) result.status = DS_NAME_NO_ERROR return result