2.2.7.9 LSAPR_TRUSTED_DOMAIN_INFORMATION_EX
The LSAPR_TRUSTED_DOMAIN_INFORMATION_EX structure communicates properties of a trusted domain. The following structure corresponds to the TrustedDomainInformationEx information class. Domain trusts are specified in [MS-ADTS] section 6.1.6.
-
typedef struct _LSAPR_TRUSTED_DOMAIN_INFORMATION_EX { RPC_UNICODE_STRING Name; RPC_UNICODE_STRING FlatName; PRPC_SID Sid; unsigned long TrustDirection; unsigned long TrustType; unsigned long TrustAttributes; } LSAPR_TRUSTED_DOMAIN_INFORMATION_EX, *PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX;
Name: The DNS name of the domain. Maps to the Name field, as specified in section 3.1.1.5.
FlatName: The NetBIOS name of the trusted domain, as specified in [RFC1088]. Maps to the Flat Name field, as specified in section 3.1.1.5.
Sid: The domain SID. Maps to the Security Identifier field, as specified in section 3.1.1.5.
TrustDirection: This field contains bitmapped values that define the properties of the direction of trust between the local domain and the named domain. One or more of the valid flags can be set. If all bits are 0, the trust is said to be disabled.
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
10
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
I
O
-
I: The trust is inbound.
-
O: The trust is outbound.
-
All other bits SHOULD be 0 and ignored upon receipt.
-
Maps to the Trust Direction field, as specified in section 3.1.1.5.
TrustType: This field specifies the type of trust between the local domain and the named domain.
-
Value
Meaning
0x00000001
Trust with a Windows domain that is not running Active Directory.
0x00000002
Trust with a Windows domain that is running Active Directory.
0x00000003
Trust with a non–Windows-compliant Kerberos distribution, as specified in [RFC4120].
0x00000004
Trust with a distributed computing environment (DCE) realm. This is a historical reference and is not used.
-
Note Other values SHOULD NOT be set.
-
Maps to the Trust Type field, as specified in section 3.1.1.5.
TrustAttributes: This field contains bitmapped values that define the attributes of the trust.<34>
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1R
R
R
R
R
R
R
R
O
O
R
R
R
R
R
R
R
R
R
R
R
T A P T
T A N C
R
T A R C
T A T E
T A W F
T A C O
T A F T
T A Q D
T A U O
T A N T
-
TrustAttribute values are described in section 3.1.1.5. The following table shows how these values map to the Trust Attributes field in section 3.1.1.5.
-
Value
Mapping
TANT (TRUST_ATTRIBUTE_NON_TRANSITIVE)
Trust Attributes: Non-transitive
TAUO (TRUST_ATTRIBUTE_UPLEVEL_ONLY)
Trust Attributes: Uplevel only
TAQD (TRUST_ATTRIBUTE_QUARANTINED_DOMAIN)
Trust Attributes: Quarantined
TAFT (TRUST_ATTRIBUTE_FOREST_TRANSITIVE)
Trust Attributes: Forest trust
TACO (TRUST_ATTRIBUTE_CROSS_ORGANIZATION)
Trust Attributes: Cross organization
TAWF (TRUST_ATTRIBUTE_WITHIN_FOREST)
Trust Attributes: Within forest
TATE (TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL)
Trust Attributes: Treat as external
TARC (TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION)
Trust Attributes: Use RC4 Encryption (for more information about RC4, see [SCHNEIER] section 17.1).
TANC (TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION)
Trust Attributes: Tokens must not be trusted for delegation.
TAPT (TRUST_ATTRIBUTE_PIM_TRUST)
Trust Attributes: PrivilegedIdentityManagement (PIM) trust.
O
Obsolete. SHOULD be set to 0.
R
Reserved for future use. SHOULD be set to zero.