2.2.1.4.13 NETLOGON_VALIDATION_SAM_INFO4

The NETLOGON_VALIDATION_SAM_INFO4 structure extends NETLOGON_VALIDATION_SAM_INFO2, as specified in section 2.2.1.4.12, by storing the FQDN of the domain of the user account and the user principal.

All fields of this structure, except the fields detailed following the structure definition, have the same meaning as the identically named fields in the KERB_VALIDATION_INFO structure, as specified in [MS-PAC] section 2.5. Additionally, fields of this structure that are defined as OLD_LARGE_INTEGER are 64-bit timestamps equivalent to the identically named fields in the KERB_VALIDATION_INFO structure of FILETIME type ([MS-DTYP] section 2.3.3).

 typedef struct _NETLOGON_VALIDATION_SAM_INFO4 {
   OLD_LARGE_INTEGER LogonTime;
   OLD_LARGE_INTEGER LogoffTime;
   OLD_LARGE_INTEGER KickOffTime;
   OLD_LARGE_INTEGER PasswordLastSet;
   OLD_LARGE_INTEGER PasswordCanChange;
   OLD_LARGE_INTEGER PasswordMustChange;
   RPC_UNICODE_STRING EffectiveName;
   RPC_UNICODE_STRING FullName;
   RPC_UNICODE_STRING LogonScript;
   RPC_UNICODE_STRING ProfilePath;
   RPC_UNICODE_STRING HomeDirectory;
   RPC_UNICODE_STRING HomeDirectoryDrive;
   unsigned short LogonCount;
   unsigned short BadPasswordCount;
   unsigned long UserId;
   unsigned long PrimaryGroupId;
   unsigned long GroupCount;
   [size_is(GroupCount)] PGROUP_MEMBERSHIP GroupIds;
   unsigned long UserFlags;
   USER_SESSION_KEY UserSessionKey;
   RPC_UNICODE_STRING LogonServer;
   RPC_UNICODE_STRING LogonDomainName;
   PRPC_SID LogonDomainId;
   unsigned char LMKey[8];
   ULONG UserAccountControl;
   ULONG SubAuthStatus;
   OLD_LARGE_INTEGER LastSuccessfulILogon;
   OLD_LARGE_INTEGER LastFailedILogon;
   ULONG FailedILogonCount;
   ULONG Reserved4[1];
   unsigned long SidCount;
   [size_is(SidCount)] PNETLOGON_SID_AND_ATTRIBUTES ExtraSids;
   RPC_UNICODE_STRING DnsLogonDomainName;
   RPC_UNICODE_STRING Upn;
   RPC_UNICODE_STRING ExpansionString1;
   RPC_UNICODE_STRING ExpansionString2;
   RPC_UNICODE_STRING ExpansionString3;
   RPC_UNICODE_STRING ExpansionString4;
   RPC_UNICODE_STRING ExpansionString5;
   RPC_UNICODE_STRING ExpansionString6;
   RPC_UNICODE_STRING ExpansionString7;
   RPC_UNICODE_STRING ExpansionString8;
   RPC_UNICODE_STRING ExpansionString9;
   RPC_UNICODE_STRING ExpansionString10;
 } NETLOGON_VALIDATION_SAM_INFO4,
  *PNETLOGON_VALIDATION_SAM_INFO4;

LogonServer: An RPC_UNICODE_STRING structure that contains the NetBIOS name of the server that populates this structure.

LMKey: Contains the first 8 bytes of the LMOWF ([MS-NLMP] section 3.3.1) if NTLMV1 is used, or the first 8 bytes of the KXKEY ([MS-NLMP] section 3.4.5.1) if NTLMV2 is used.

Reserved4: An unsigned 32-bit integer. This member is reserved. MUST be zero when sent and MUST be ignored on receipt.

DnsLogonDomainName: Contains the FQDN of the domain of the user account.

Upn: Contains the user principal name (UPN).

ExpansionString1: A STRING structure, defined in section 2.2.1.1.2, that MUST contain 0 for the Length field, 0 for the MaximumLength field, and NULL for the Buffer field. It is ignored upon receipt. Expansion strings have a function similar to that of dummy fields, as defined in section 1.3.8.1.2.

ExpansionString2: See definition for ExpansionString1.

ExpansionString3: See definition for ExpansionString1.

ExpansionString4: See definition for ExpansionString1.

ExpansionString5: See definition for ExpansionString1.

ExpansionString6: See definition for ExpansionString1.

ExpansionString7: See definition for ExpansionString1.

ExpansionString8: See definition for ExpansionString1.

ExpansionString9: See definition for ExpansionString1.

ExpansionString10: See definition for ExpansionString1.