3.1.4.11 LsarLookupSids (Opnum 15)
The LsarLookupSids method translates a batch of security principal SIDs to their name forms. It also returns the domains that these names are a part of.
-
NTSTATUS LsarLookupSids( [in] LSAPR_HANDLE PolicyHandle, [in] PLSAPR_SID_ENUM_BUFFER SidEnumBuffer, [out] PLSAPR_REFERENCED_DOMAIN_LIST* ReferencedDomains, [in, out] PLSAPR_TRANSLATED_NAMES TranslatedNames, [in] LSAP_LOOKUP_LEVEL LookupLevel, [in, out] unsigned long* MappedCount );
PolicyHandle: Context handle obtained by an LsarOpenPolicy or LsarOpenPolicy2 call.
SidEnumBuffer: Contains the SIDs to be translated. The SIDs in this structure can be that of users, groups, computers, Windows-defined well-known security principals, or domains.
ReferencedDomains: On successful return, contains the domain information for the domain to which each security principal belongs. The domain information includes a NetBIOS domain name and a domain SID for each entry in the list.
TranslatedNames: On successful return, contains the corresponding name form for security principal SIDs in the SidEnumBuffer parameter. It MUST be ignored on input.
LookupLevel: Specifies what scopes are to be used during translation, as specified in section 2.2.16.
MappedCount: On successful return, contains the number of names that are translated completely to their Name forms. It MUST be ignored on input.
Return Values: The following table contains a summary of the return values that an implementation MUST return, as specified by the message processing shown after the table.
-
Return value/code
Description
0x00000000
STATUS_SUCCESS
The request was successfully completed.
0x00000107
STATUS_SOME_NOT_MAPPED
Some of the information to be translated has not been translated.
0xC0000022
STATUS_ACCESS_DENIED
The caller does not have the permissions to perform this operation.
0xC000000D
STATUS_INVALID_PARAMETER
One of the supplied parameters was invalid.
0xC0000073
STATUS_NONE_MAPPED
None of the information to be translated has been translated.
The behavior required when receiving an LsarLookupSids message MUST be identical to that when receiving an LsarLookupSids2 message, with the following exceptions:
Elements in the TranslatedNames output structure do not contain a Flags field.
Due to the absence of LookupOptions and ClientRevision parameters, the RPC server MUST assume that LookupOptions is 0 and ClientRevision is 1.
The server MUST return STATUS_ACCESS_DENIED if neither of the following conditions is true: