3.1.5.11.2 SamrLookupNamesInDomain (Opnum 17)

msdn link

The SamrLookupNamesInDomain method translates a set of account names into a set of RIDs.

 long SamrLookupNamesInDomain(
   [in] SAMPR_HANDLE DomainHandle,
   [in, range(0,1000)] unsigned long Count,
   [in, size_is(1000), length_is(Count)] 
     RPC_UNICODE_STRING Names[*],
   [out] PSAMPR_ULONG_ARRAY RelativeIds,
   [out] PSAMPR_ULONG_ARRAY Use
 );

DomainHandle: An RPC context handle, as specified in section 2.2.7.2, representing a domain object.

Count: The number of elements in Names. The maximum value of 1,000 is chosen to limit the amount of memory that the client can force the server to allocate.

Names: An array of strings that are to be mapped to RIDs.

RelativeIds: An array of RIDs of accounts that correspond to the elements in Names.

Use: An array of SID_NAME_USE enumeration values that describe the type of account for each entry in RelativeIds.

This protocol asks the RPC runtime, via the strict_context_handle attribute, to reject the use of context handles created by a method of a different RPC interface than this one, as specified in [MS-RPCE] section 3.

On receiving this message, the server MUST process the data from the message subject to the following constraints:

  1. The server MUST return an error if DomainHandle.HandleType is not equal to "Domain".

  2. DomainHandle.GrantedAccess MUST have the required access specified in section 3.1.2.2. Otherwise, the server MUST return STATUS_ACCESS_DENIED.

  3. Let U be the set of all database objects whose objectSid's domain prefix matches the domain prefix of the domain referenced by DomainHandle.Object.

  4. For each element in Names that matches a database object's sAMAccountName attribute value in the set U, the server MUST fill in RelativeIds and Use as follows:

    1. Let 'i' be the current element of Names.

    2. RelativeIds.Element[i] is the RID of the matched object's objectSid attribute value.

    3. Use.Element[i] is set as follows.

      objectClass

      GroupType

      Use

      User

      n/a

      SidTypeUser

      Group

      GROUP_TYPE_ACCOUNT_GROUP

      SidTypeGroup

      Group

      GROUP_TYPE_UNIVERSAL_GROUP

      SidTypeGroup

      Group

      Any value not matching the above criteria for Group

      SidTypeAlias

  5. For each element in Names that does not match a database object's sAMAccountName attribute value in the set U, the server MUST fill in RelativeIds and Use as follows:

    1. Let 'i' be the current element of Names.

    2. RelativeIds.Element[i] is 0.

    3. Use.Element[i] is SidTypeUnknown.

  6. Otherwise:

    1. RelativeIds.Count MUST be set to the input parameter Count on successful completion of the method.

    2. Use.Count MUST be set to the input parameter Count on successful completion of the method.

    3. If the number of matched accounts is equal to the input parameter Count, STATUS_SUCCESS MUST be returned.

    4. If the number of matched accounts is less than the input parameter Count but greater than 0, STATUS_SOME_NOT_MAPPED MUST be returned. Note that this is not an error condition.

    5. If the number of matched accounts is 0, STATUS_NONE_MAPPED MUST be returned.