3.1.5.7.3 SamrDeleteUser (Opnum 35)

The SamrDeleteUser method removes a user object.

 long SamrDeleteUser(
   [in, out] SAMPR_HANDLE* UserHandle
 );

UserHandle: An RPC context handle, as specified in section 2.2.7.2, representing a user object.

This protocol asks the RPC runtime, via the strict_context_handle attribute, to reject the use of context handles created by a method of a different RPC interface than this one, as specified in [MS-RPCE] section 3.

Upon receiving this message, the server MUST process the data from the message subject to the following constraints:

1. The server MUST return an error if UserHandle.HandleType is not equal to "User".

2. UserHandle.GrantedAccess MUST have the required access specified in section 3.1.2.2. Otherwise, the server MUST return STATUS_ACCESS_DENIED.

3. Let U be the object referenced by UserHandle.Object.

4. All database operations MUST occur in a single transaction.

5. If the RID of U's objectSid attribute value is less than 1000, an error MUST be returned.

6. In the DC configuration, if U is a parent to another object, an error MUST be returned.<62>

7. If the UserAccountControl attribute of U contains USER_INTERDOMAIN_TRUST_ACCOUNT and the connection does not have SchemaUpgradeInPogress set to 1 (see [MS-ADTS] section 3.1.1.3.3.14) the server must end processing and return STATUS_ACCESS_DENIED. U MUST be removed from the database.<63>

8. The server MUST delete the SamContextHandle ADM element (section 3.1.1.10) represented by UserHandle, and then MUST return 0 for the value of UserHandle and a return code of STATUS_SUCCESS.