Edit

TRUSTED_DOMAIN_INFORMATION_EX structure (ntsecapi.h)

  • Article

The TRUSTED_DOMAIN_INFORMATION_EX structure is used to retrieve extended information about a trusted domain. The LsaQueryTrustedDomainInfo function uses this structure when its InformationClass parameter is set to TrustedDomainInformationEx.

Syntax

typedef struct _TRUSTED_DOMAIN_INFORMATION_EX {
  LSA_UNICODE_STRING Name;
  LSA_UNICODE_STRING FlatName;
  PSID               Sid;
  ULONG              TrustDirection;
  ULONG              TrustType;
  ULONG              TrustAttributes;
} TRUSTED_DOMAIN_INFORMATION_EX, *PTRUSTED_DOMAIN_INFORMATION_EX;

Members

Name

An LSA_UNICODE_STRING structure that contains the name of the trusted domain. This is the DNS domain name. For non-Microsoft trusted domains, this is the identifying name of the domain.

FlatName

An LSA_UNICODE_STRING structure that contains the flat name of the trusted domain. For non-Microsoft trusted domains, this is the identifying name of the domain or it is NULL.

Sid

Pointer to the security identifier (SID) of the trusted domain. For non-Microsoft trusted domains, this member can be NULL.

TrustDirection

A value that indicates the direction of the trust. This member can be one of the following values.

Value Meaning
TRUST_DIRECTION_DISABLED
 The trust relationship exists, but it has been disabled.
TRUST_DIRECTION_INBOUND
 The trusted domain trusts the primary domain to perform operations such as name lookups and authentication.
TRUST_DIRECTION_OUTBOUND
 The primary domain trusts the trusted domain to perform operations such as name lookups and authentication.
TRUST_DIRECTION_BIDIRECTIONAL
 Both domains trust each other.

TrustType

A value that indicates the type of the trust relationship. This member can be one of the following values.

Value Meaning
TRUST_TYPE_DOWNLEVEL
 The domain controller of the trusted domain is a computer running an operating system earlier than Windows 2000.
TRUST_TYPE_UPLEVEL
 The domain controller of the Microsoft trusted domain is a computer running Windows 2000 or later.
TRUST_TYPE_MIT
 The trusted domain is an MIT Kerberos realm.
TRUST_TYPE_DCE
 The trusted domain is a DCE realm.
0x5 - 0x000FFFFF
 Reserved for future use.
0x00100000 to 0xFFF00000
 Provider-specific trust levels.

TrustAttributes

A value that indicates the attributes of a trust relationship. This member can be one of the following values.

Value Meaning
TRUST_ATTRIBUTE_NON_TRANSITIVE
 Disallow transitivity.
TRUST_ATTRIBUTE_UPLEVEL_ONLY
 The trust link is not valid for client operating systems earlier than Windows 2000.
TRUST_ATTRIBUTE_FILTER_SIDS
 Quarantine domains.
TRUST_ATTRIBUTE_FOREST_TRANSITIVE
 The trust link may contain forest trust information.
TRUST_ATTRIBUTE_CROSS_ORGANIZATION
 This trust is to a domain/forest that is not part of this enterprise.
TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
 Trust is treated as external for trust boundary purposes.
TRUST_ATTRIBUTE_WITHIN_FOREST
 Trust is internal to this forest.

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Header ntsecapi.h

See also

LSA_UNICODE_STRING

LsaCreateTrustedDomainEx

LsaQueryTrustedDomainInfo

LsaQueryTrustedDomainInfoByName

LsaSetTrustedDomainInfoByName

TRUSTED_INFORMATION_CLASS