2.2.1.4.11 NETLOGON_VALIDATION_SAM_INFO

The NETLOGON_VALIDATION_SAM_INFO structure defines account information retrieved from a database upon a successful user logon validation.

All fields of this structure, except the fields detailed following the structure definition, have the same meaning as the identically named fields in the KERB_VALIDATION_INFO structure, as specified in [MS-PAC] section 2.5. Additionally, fields of this structure that are defined as OLD_LARGE_INTEGER [MSDN-OLI] are 64-bit timestamps equivalent to the identically named fields in the KERB_VALIDATION_INFO structure of FILETIME type ([MS-DTYP] section 2.3.3). For more information see [MSDN-FILETIME].

 typedef struct _NETLOGON_VALIDATION_SAM_INFO {
   OLD_LARGE_INTEGER LogonTime;
   OLD_LARGE_INTEGER LogoffTime;
   OLD_LARGE_INTEGER KickOffTime;
   OLD_LARGE_INTEGER PasswordLastSet;
   OLD_LARGE_INTEGER PasswordCanChange;
   OLD_LARGE_INTEGER PasswordMustChange;
   UNICODE_STRING EffectiveName;
   UNICODE_STRING FullName;
   UNICODE_STRING LogonScript;
   UNICODE_STRING ProfilePath;
   UNICODE_STRING HomeDirectory;
   UNICODE_STRING HomeDirectoryDrive;
   USHORT LogonCount;
   USHORT BadPasswordCount;
   ULONG UserId;
   ULONG PrimaryGroupId;
   ULONG GroupCount;
   [size_is(GroupCount)] PGROUP_MEMBERSHIP GroupIds;
   ULONG UserFlags;
   USER_SESSION_KEY UserSessionKey;
   UNICODE_STRING LogonServer;
   UNICODE_STRING LogonDomainName;
   PRPC_SID LogonDomainId;
   ULONG ExpansionRoom[10];
 } NETLOGON_VALIDATION_SAM_INFO,
  *PNETLOGON_VALIDATION_SAM_INFO;

LogonServer: A UNICODE_STRING structure that contains the NetBIOS name of the server that populates this structure.

ExpansionRoom: A ten-element array of unsigned 32-bit integers. This member has a function similar to that of dummy fields, as detailed in section 1.3.8.1.2. Each element of the array MUST be zero when sent and MUST be ignored on receipt.