LsaOpenTrustedDomainByName function (ntsecapi.h)

The LsaOpenTrustedDomainByName function opens the LSA policy handle of a remote trusted domain. You can pass this handle into LSA function calls in order to set or query the LSA policy of the remote machine.


NTSTATUS LsaOpenTrustedDomainByName(
  [in]  LSA_HANDLE          PolicyHandle,
  [in]  PLSA_UNICODE_STRING TrustedDomainName,
  [in]  ACCESS_MASK         DesiredAccess,
  [out] PLSA_HANDLE         TrustedDomainHandle


[in] PolicyHandle

A handle to a Policy object. This is the policy handle of the local machine. For more information, see Opening a Policy Object Handle.

[in] TrustedDomainName

Name of the trusted domain. This name can be either the flat name, or the Domain Name System (DNS) domain name.

[in] DesiredAccess

An ACCESS_MASK structure that specifies the access permissions requested on the remote trusted domain object.

[out] TrustedDomainHandle

Pointer that receives the address of the LSA policy handle of the remote trusted domain. You can pass this handle into LSA function calls in order to query and manage the LSA policy of the remote machine.

When your application no longer needs this handle, it should call LsaClose to delete the handle.

Return value

If the function succeeds, the return value is STATUS_SUCCESS.

If the function fails, the return value is an NTSTATUS code, which can be one of the following values or one of the LSA Policy Function Return Values.

Value Description
Caller does not have the appropriate access to complete the operation.
There is no Trusted Domain object in the target system's LSA Database having the specified name.

You can use the LsaNtStatusToWinError function to convert the NTSTATUS code to a Windows error code.


Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header ntsecapi.h
Library Advapi32.lib
DLL Advapi32.dll

See also