4 samr interface definition
6 import "misc.idl", "lsa.idl", "security.idl";
9 Thanks to Todd Sabin for some information from his samr.idl in acltools
12 [ uuid("12345778-1234-abcd-ef00-0123456789ac"),
14 endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
15 pointer_default(unique),
16 pointer_default_top(unique)
19 declare bitmap security_secinfo;
21 /* account control (acct_flags) bits */
22 typedef [public,bitmap32bit] bitmap {
23 ACB_DISABLED = 0x00000001, /* 1 = User account disabled */
24 ACB_HOMDIRREQ = 0x00000002, /* 1 = Home directory required */
25 ACB_PWNOTREQ = 0x00000004, /* 1 = User password not required */
26 ACB_TEMPDUP = 0x00000008, /* 1 = Temporary duplicate account */
27 ACB_NORMAL = 0x00000010, /* 1 = Normal user account */
28 ACB_MNS = 0x00000020, /* 1 = MNS logon user account */
29 ACB_DOMTRUST = 0x00000040, /* 1 = Interdomain trust account */
30 ACB_WSTRUST = 0x00000080, /* 1 = Workstation trust account */
31 ACB_SVRTRUST = 0x00000100, /* 1 = Server trust account */
32 ACB_PWNOEXP = 0x00000200, /* 1 = User password does not expire */
33 ACB_AUTOLOCK = 0x00000400, /* 1 = Account auto locked */
34 ACB_ENC_TXT_PWD_ALLOWED = 0x00000800, /* 1 = Encryped text password is allowed */
35 ACB_SMARTCARD_REQUIRED = 0x00001000, /* 1 = Smart Card required */
36 ACB_TRUSTED_FOR_DELEGATION = 0x00002000, /* 1 = Trusted for Delegation */
37 ACB_NOT_DELEGATED = 0x00004000, /* 1 = Not delegated */
38 ACB_USE_DES_KEY_ONLY = 0x00008000, /* 1 = Use DES key only */
39 ACB_DONT_REQUIRE_PREAUTH = 0x00010000, /* 1 = Preauth not required */
40 ACB_PW_EXPIRED = 0x00020000, /* 1 = Password Expired */
41 ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */
46 NTSTATUS samr_Connect (
47 /* notice the lack of [string] */
48 [in] uint16 *system_name,
49 [in] uint32 access_mask,
50 [out,ref] policy_handle *connect_handle
57 [in,out,ref] policy_handle *handle
63 NTSTATUS samr_SetSecurity (
64 [in,ref] policy_handle *handle,
65 [in] security_secinfo sec_info,
66 [in,ref] sec_desc_buf *sdbuf
72 NTSTATUS samr_QuerySecurity (
73 [in,ref] policy_handle *handle,
74 [in] security_secinfo sec_info,
75 [out] sec_desc_buf *sdbuf
82 shutdown the SAM - once you call this the SAM will be dead
84 NTSTATUS samr_Shutdown (
85 [in,ref] policy_handle *connect_handle
90 NTSTATUS samr_LookupDomain (
91 [in,ref] policy_handle *connect_handle,
92 [in,ref] lsa_String *domain_name,
107 [size_is(count)] samr_SamEntry *entries;
110 NTSTATUS samr_EnumDomains (
111 [in,ref] policy_handle *connect_handle,
112 [in,out,ref] uint32 *resume_handle,
113 [in] uint32 buf_size,
114 [out] samr_SamArray *sam,
115 [out] uint32 num_entries
119 /************************/
121 NTSTATUS samr_OpenDomain(
122 [in,ref] policy_handle *connect_handle,
123 [in] uint32 access_mask,
124 [in,ref] dom_sid2 *sid,
125 [out,ref] policy_handle *domain_handle
128 /************************/
131 typedef [v1_enum] enum {
132 SAMR_ROLE_STANDALONE = 0,
133 SAMR_ROLE_DOMAIN_MEMBER = 1,
134 SAMR_ROLE_DOMAIN_BDC = 2,
135 SAMR_ROLE_DOMAIN_PDC = 3
138 /* password properties flags */
139 typedef [public,bitmap32bit] bitmap {
140 DOMAIN_PASSWORD_COMPLEX = 0x00000001,
141 DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002,
142 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004,
143 DOMAIN_PASSWORD_LOCKOUT_ADMINS = 0x00000008,
144 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010,
145 DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020
146 } samr_PasswordProperties;
149 uint16 min_password_length;
150 uint16 password_history_length;
151 samr_PasswordProperties password_properties;
152 /* yes, these are signed. They are in negative 100ns */
153 dlong max_password_age;
154 dlong min_password_age;
158 NTTIME force_logoff_time;
160 lsa_String domain_name;
161 lsa_String primary; /* PDC name if this is a BDC */
172 NTTIME force_logoff_time;
180 lsa_String domain_name;
193 NTTIME domain_create_time;
197 uint32 unknown; /* w2k3 returns 1 */
202 hyper lockout_duration;
203 hyper lockout_window;
204 uint16 lockout_threshold;
208 hyper lockout_duration;
209 hyper lockout_window;
210 uint16 lockout_threshold;
215 NTTIME domain_create_time;
220 typedef [switch_type(uint16)] union {
221 [case(1)] samr_DomInfo1 info1;
222 [case(2)] samr_DomInfo2 info2;
223 [case(3)] samr_DomInfo3 info3;
224 [case(4)] samr_DomInfo4 info4;
225 [case(5)] samr_DomInfo5 info5;
226 [case(6)] samr_DomInfo6 info6;
227 [case(7)] samr_DomInfo7 info7;
228 [case(8)] samr_DomInfo8 info8;
229 [case(9)] samr_DomInfo9 info9;
230 [case(11)] samr_DomInfo11 info11;
231 [case(12)] samr_DomInfo12 info12;
232 [case(13)] samr_DomInfo13 info13;
235 NTSTATUS samr_QueryDomainInfo(
236 [in,ref] policy_handle *domain_handle,
238 [out,switch_is(level)] samr_DomainInfo *info
241 /************************/
244 only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
247 NTSTATUS samr_SetDomainInfo(
248 [in,ref] policy_handle *domain_handle,
250 [in,switch_is(level),ref] samr_DomainInfo *info
254 /************************/
256 NTSTATUS samr_CreateDomainGroup(
257 [in,ref] policy_handle *domain_handle,
258 [in,ref] lsa_String *name,
259 [in] uint32 access_mask,
260 [out,ref] policy_handle *group_handle,
261 [out,ref] uint32 *rid
265 /************************/
267 NTSTATUS samr_EnumDomainGroups(
268 [in,ref] policy_handle *domain_handle,
269 [in,out,ref] uint32 *resume_handle,
270 [in] uint32 max_size,
271 [out] samr_SamArray *sam,
272 [out] uint32 num_entries
275 /************************/
277 NTSTATUS samr_CreateUser(
278 [in,ref] policy_handle *domain_handle,
279 [in,ref] lsa_String *account_name,
280 [in] uint32 access_mask,
281 [out,ref] policy_handle *user_handle,
282 [out,ref] uint32 *rid
285 /************************/
289 /* w2k3 treats max_size as max_users*54 and sets the
290 resume_handle as the rid of the last user sent
292 const int SAMR_ENUM_USERS_MULTIPLIER = 54;
294 NTSTATUS samr_EnumDomainUsers(
295 [in,ref] policy_handle *domain_handle,
296 [in,out,ref] uint32 *resume_handle,
297 [in] samr_AcctFlags acct_flags,
298 [in] uint32 max_size,
299 [out] samr_SamArray *sam,
300 [out] uint32 num_entries
303 /************************/
305 NTSTATUS samr_CreateDomAlias(
306 [in,ref] policy_handle *domain_handle,
307 [in,ref] lsa_String *alias_name,
308 [in] uint32 access_mask,
309 [out,ref] policy_handle *alias_handle,
310 [out,ref] uint32 *rid
313 /************************/
315 NTSTATUS samr_EnumDomainAliases(
316 [in,ref] policy_handle *domain_handle,
317 [in,out,ref] uint32 *resume_handle,
318 [in] samr_AcctFlags acct_flags,
319 [out] samr_SamArray *sam,
320 [out] uint32 num_entries
323 /************************/
327 [range(0,1024)] uint32 count;
328 [size_is(count)] uint32 *ids;
331 NTSTATUS samr_GetAliasMembership(
332 [in,ref] policy_handle *domain_handle,
333 [in,ref] lsa_SidArray *sids,
334 [out,ref] samr_Ids *rids
337 /************************/
340 NTSTATUS samr_LookupNames(
341 [in,ref] policy_handle *domain_handle,
342 [in,range(0,1000)] uint32 num_names,
343 [in,size_is(1000),length_is(num_names)] lsa_String names[],
349 /************************/
351 NTSTATUS samr_LookupRids(
352 [in,ref] policy_handle *domain_handle,
353 [in,range(0,1000)] uint32 num_rids,
354 [in,size_is(1000),length_is(num_rids)] uint32 rids[],
355 [out] lsa_Strings names,
359 /************************/
361 NTSTATUS samr_OpenGroup(
362 [in,ref] policy_handle *domain_handle,
363 [in] uint32 access_mask,
365 [out,ref] policy_handle *group_handle
368 /* Group attributes */
369 typedef [public,bitmap32bit] bitmap {
370 SE_GROUP_MANDATORY = 0x00000001,
371 SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002,
372 SE_GROUP_ENABLED = 0x00000004,
373 SE_GROUP_OWNER = 0x00000008,
374 SE_GROUP_USE_FOR_DENY_ONLY = 0x00000010,
375 SE_GROUP_RESOURCE = 0x20000000,
376 SE_GROUP_LOGON_ID = 0xC0000000
379 /************************/
384 samr_GroupAttrs attributes;
386 lsa_String description;
390 samr_GroupAttrs attributes;
391 } samr_GroupInfoAttributes;
394 lsa_String description;
395 } samr_GroupInfoDescription;
400 GROUPINFOATTRIBUTES = 3,
401 GROUPINFODESCRIPTION = 4,
403 } samr_GroupInfoEnum;
405 typedef [switch_type(samr_GroupInfoEnum)] union {
406 [case(GROUPINFOALL)] samr_GroupInfoAll all;
407 [case(GROUPINFONAME)] lsa_String name;
408 [case(GROUPINFOATTRIBUTES)] samr_GroupInfoAttributes attributes;
409 [case(GROUPINFODESCRIPTION)] lsa_String description;
410 [case(GROUPINFOALL2)] samr_GroupInfoAll all2;
413 NTSTATUS samr_QueryGroupInfo(
414 [in,ref] policy_handle *group_handle,
415 [in] samr_GroupInfoEnum level,
416 [out,switch_is(level)] samr_GroupInfo *info
419 /************************/
421 NTSTATUS samr_SetGroupInfo(
422 [in,ref] policy_handle *group_handle,
423 [in] samr_GroupInfoEnum level,
424 [in,switch_is(level),ref] samr_GroupInfo *info
427 /************************/
429 NTSTATUS samr_AddGroupMember(
430 [in,ref] policy_handle *group_handle,
435 /************************/
437 NTSTATUS samr_DeleteDomainGroup(
438 [in,out,ref] policy_handle *group_handle
441 /************************/
443 NTSTATUS samr_DeleteGroupMember(
444 [in,ref] policy_handle *group_handle,
449 /************************/
453 [size_is(count)] uint32 *rids;
454 [size_is(count)] uint32 *types;
457 NTSTATUS samr_QueryGroupMember(
458 [in,ref] policy_handle *group_handle,
459 [out] samr_RidTypeArray *rids
463 /************************/
467 win2003 seems to accept any data at all for the two integers
468 below, and doesn't seem to do anything with them that I can
469 see. Weird. I really expected the first integer to be a rid
470 and the second to be the attributes for that rid member.
472 NTSTATUS samr_SetMemberAttributesOfGroup(
473 [in,ref] policy_handle *group_handle,
474 [in] uint32 unknown1,
479 /************************/
481 NTSTATUS samr_OpenAlias (
482 [in,ref] policy_handle *domain_handle,
483 [in] uint32 access_mask,
485 [out,ref] policy_handle *alias_handle
489 /************************/
495 lsa_String description;
501 ALIASINFODESCRIPTION = 3
502 } samr_AliasInfoEnum;
504 typedef [switch_type(samr_AliasInfoEnum)] union {
505 [case(ALIASINFOALL)] samr_AliasInfoAll all;
506 [case(ALIASINFONAME)] lsa_String name;
507 [case(ALIASINFODESCRIPTION)] lsa_String description;
510 NTSTATUS samr_QueryAliasInfo(
511 [in,ref] policy_handle *alias_handle,
512 [in] samr_AliasInfoEnum level,
513 [out,switch_is(level)] samr_AliasInfo *info
516 /************************/
518 NTSTATUS samr_SetAliasInfo(
519 [in,ref] policy_handle *alias_handle,
520 [in] samr_AliasInfoEnum level,
521 [in,switch_is(level),ref] samr_AliasInfo *info
524 /************************/
526 NTSTATUS samr_DeleteDomAlias(
527 [in,out,ref] policy_handle *alias_handle
530 /************************/
532 NTSTATUS samr_AddAliasMember(
533 [in,ref] policy_handle *alias_handle,
534 [in,ref] dom_sid2 *sid
537 /************************/
539 NTSTATUS samr_DeleteAliasMember(
540 [in,ref] policy_handle *alias_handle,
541 [in,ref] dom_sid2 *sid
544 /************************/
546 NTSTATUS samr_GetMembersInAlias(
547 [in,ref] policy_handle *alias_handle,
548 [out,ref] lsa_SidArray *sids
551 /************************/
553 NTSTATUS samr_OpenUser(
554 [in,ref] policy_handle *domain_handle,
555 [in] uint32 access_mask,
557 [out,ref] policy_handle *user_handle
560 /************************/
562 NTSTATUS samr_DeleteUser(
563 [in,out,ref] policy_handle *user_handle
566 /************************/
569 lsa_String account_name;
570 lsa_String full_name;
572 lsa_String description;
578 lsa_String unknown; /* settable, but doesn't stick. probably obsolete */
583 /* this is also used in samr and netlogon */
584 typedef [public, flag(NDR_PAHEX)] struct {
585 uint16 units_per_week;
586 [size_is(1260), length_is(units_per_week/8)] uint8 *bits;
590 lsa_String account_name;
591 lsa_String full_name;
594 lsa_String home_directory;
595 lsa_String home_drive;
596 lsa_String logon_script;
597 lsa_String profile_path;
598 lsa_String workstations;
601 NTTIME last_password_change;
602 NTTIME allow_password_change;
603 NTTIME force_password_change;
604 samr_LogonHours logon_hours;
605 uint16 bad_password_count;
607 samr_AcctFlags acct_flags;
611 samr_LogonHours logon_hours;
615 lsa_String account_name;
616 lsa_String full_name;
619 lsa_String home_directory;
620 lsa_String home_drive;
621 lsa_String logon_script;
622 lsa_String profile_path;
623 lsa_String description;
624 lsa_String workstations;
627 samr_LogonHours logon_hours;
628 uint16 bad_password_count;
630 NTTIME last_password_change;
632 samr_AcctFlags acct_flags;
636 lsa_String account_name;
637 lsa_String full_name;
641 lsa_String account_name;
645 lsa_String full_name;
653 lsa_String home_directory;
654 lsa_String home_drive;
658 lsa_String logon_script;
662 lsa_String profile_path;
666 lsa_String description;
670 lsa_String workstations;
674 samr_AcctFlags acct_flags;
682 lsa_String parameters;
685 /* this defines the bits used for fields_present in info21 */
686 typedef [bitmap32bit] bitmap {
687 SAMR_FIELD_ACCOUNT_NAME = 0x00000001,
688 SAMR_FIELD_FULL_NAME = 0x00000002,
689 SAMR_FIELD_PRIMARY_GID = 0x00000008,
690 SAMR_FIELD_DESCRIPTION = 0x00000010,
691 SAMR_FIELD_COMMENT = 0x00000020,
692 SAMR_FIELD_HOME_DIRECTORY = 0x00000040,
693 SAMR_FIELD_HOME_DRIVE = 0x00000080,
694 SAMR_FIELD_LOGON_SCRIPT = 0x00000100,
695 SAMR_FIELD_PROFILE_PATH = 0x00000200,
696 SAMR_FIELD_WORKSTATIONS = 0x00000400,
697 SAMR_FIELD_LOGON_HOURS = 0x00002000,
698 SAMR_FIELD_ACCT_FLAGS = 0x00100000,
699 SAMR_FIELD_PARAMETERS = 0x00200000,
700 SAMR_FIELD_COUNTRY_CODE = 0x00400000,
701 SAMR_FIELD_CODE_PAGE = 0x00800000,
702 SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */
703 SAMR_FIELD_PASSWORD2 = 0x02000000 /* two bits seems to work */
704 } samr_FieldsPresent;
709 NTTIME last_password_change;
711 NTTIME allow_password_change;
712 NTTIME force_password_change;
713 lsa_String account_name;
714 lsa_String full_name;
715 lsa_String home_directory;
716 lsa_String home_drive;
717 lsa_String logon_script;
718 lsa_String profile_path;
719 lsa_String description;
720 lsa_String workstations;
722 lsa_String parameters;
727 [size_is(buf_count)] uint8 *buffer;
730 samr_AcctFlags acct_flags;
731 samr_FieldsPresent fields_present;
732 samr_LogonHours logon_hours;
733 uint16 bad_password_count;
737 uint8 nt_password_set;
738 uint8 lm_password_set;
739 uint8 password_expired;
743 typedef [public, flag(NDR_PAHEX)] struct {
745 } samr_CryptPassword;
748 samr_UserInfo21 info;
749 samr_CryptPassword password;
753 samr_CryptPassword password;
757 typedef [flag(NDR_PAHEX)] struct {
759 } samr_CryptPasswordEx;
762 samr_UserInfo21 info;
763 samr_CryptPasswordEx password;
767 samr_CryptPasswordEx password;
771 typedef [switch_type(uint16)] union {
772 [case(1)] samr_UserInfo1 info1;
773 [case(2)] samr_UserInfo2 info2;
774 [case(3)] samr_UserInfo3 info3;
775 [case(4)] samr_UserInfo4 info4;
776 [case(5)] samr_UserInfo5 info5;
777 [case(6)] samr_UserInfo6 info6;
778 [case(7)] samr_UserInfo7 info7;
779 [case(8)] samr_UserInfo8 info8;
780 [case(9)] samr_UserInfo9 info9;
781 [case(10)] samr_UserInfo10 info10;
782 [case(11)] samr_UserInfo11 info11;
783 [case(12)] samr_UserInfo12 info12;
784 [case(13)] samr_UserInfo13 info13;
785 [case(14)] samr_UserInfo14 info14;
786 [case(16)] samr_UserInfo16 info16;
787 [case(17)] samr_UserInfo17 info17;
788 [case(20)] samr_UserInfo20 info20;
789 [case(21)] samr_UserInfo21 info21;
790 [case(23)] samr_UserInfo23 info23;
791 [case(24)] samr_UserInfo24 info24;
792 [case(25)] samr_UserInfo25 info25;
793 [case(26)] samr_UserInfo26 info26;
796 NTSTATUS samr_QueryUserInfo(
797 [in,ref] policy_handle *user_handle,
799 [out,switch_is(level)] samr_UserInfo *info
803 /************************/
805 NTSTATUS samr_SetUserInfo(
806 [in,ref] policy_handle *user_handle,
808 [in,ref,switch_is(level)] samr_UserInfo *info
811 /************************/
813 typedef [public, flag(NDR_PAHEX)] struct {
818 this is a password change interface that doesn't give
819 the server the plaintext password. Depricated.
821 NTSTATUS samr_ChangePasswordUser(
822 [in,ref] policy_handle *user_handle,
823 [in] boolean8 lm_present,
824 [in] samr_Password *old_lm_crypted,
825 [in] samr_Password *new_lm_crypted,
826 [in] boolean8 nt_present,
827 [in] samr_Password *old_nt_crypted,
828 [in] samr_Password *new_nt_crypted,
829 [in] boolean8 cross1_present,
830 [in] samr_Password *nt_cross,
831 [in] boolean8 cross2_present,
832 [in] samr_Password *lm_cross
835 /************************/
838 typedef [public] struct {
840 samr_GroupAttrs attributes;
841 } samr_RidWithAttribute;
843 typedef [public] struct {
845 [size_is(count)] samr_RidWithAttribute *rids;
846 } samr_RidWithAttributeArray;
848 NTSTATUS samr_GetGroupsForUser(
849 [in,ref] policy_handle *user_handle,
850 [out] samr_RidWithAttributeArray *rids
853 /************************/
859 samr_AcctFlags acct_flags;
860 lsa_String account_name;
861 lsa_String full_name;
862 lsa_String description;
863 } samr_DispEntryGeneral;
867 [size_is(count)] samr_DispEntryGeneral *entries;
868 } samr_DispInfoGeneral;
873 samr_AcctFlags acct_flags;
874 lsa_String account_name;
875 lsa_String description;
876 } samr_DispEntryFull;
880 [size_is(count)] samr_DispEntryFull *entries;
886 samr_GroupAttrs acct_flags;
887 lsa_String account_name;
888 lsa_String description;
889 } samr_DispEntryFullGroup;
893 [size_is(count)] samr_DispEntryFullGroup *entries;
894 } samr_DispInfoFullGroups;
898 lsa_AsciiString account_name;
899 } samr_DispEntryAscii;
903 [size_is(count)] samr_DispEntryAscii *entries;
904 } samr_DispInfoAscii;
906 typedef [switch_type(uint16)] union {
907 [case(1)] samr_DispInfoGeneral info1;/* users */
908 [case(2)] samr_DispInfoFull info2; /* trust accounts? */
909 [case(3)] samr_DispInfoFullGroups info3; /* groups */
910 [case(4)] samr_DispInfoAscii info4; /* users */
911 [case(5)] samr_DispInfoAscii info5; /* groups */
914 NTSTATUS samr_QueryDisplayInfo(
915 [in,ref] policy_handle *domain_handle,
917 [in] uint32 start_idx,
918 [in] uint32 max_entries,
919 [in] uint32 buf_size,
920 [out] uint32 total_size,
921 [out] uint32 returned_size,
922 [out,switch_is(level)] samr_DispInfo info
926 /************************/
930 this seems to be an alphabetic search function. The returned index
931 is the index for samr_QueryDisplayInfo needed to get names occurring
932 after the specified name. The supplied name does not need to exist
933 in the database (for example you can supply just a first letter for
934 searching starting at that letter)
936 The level corresponds to the samr_QueryDisplayInfo level
938 NTSTATUS samr_GetDisplayEnumerationIndex(
939 [in,ref] policy_handle *domain_handle,
941 [in] lsa_String name,
947 /************************/
951 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
953 NTSTATUS samr_TestPrivateFunctionsDomain(
954 [in,ref] policy_handle *domain_handle
958 /************************/
962 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
964 NTSTATUS samr_TestPrivateFunctionsUser(
965 [in,ref] policy_handle *user_handle
969 /************************/
973 uint16 min_password_length;
974 samr_PasswordProperties password_properties;
977 NTSTATUS samr_GetUserPwInfo(
978 [in,ref] policy_handle *user_handle,
979 [out] samr_PwInfo info
982 /************************/
984 NTSTATUS samr_RemoveMemberFromForeignDomain(
985 [in,ref] policy_handle *domain_handle,
986 [in,ref] dom_sid2 *sid
989 /************************/
993 how is this different from QueryDomainInfo ??
995 NTSTATUS samr_QueryDomainInfo2(
996 [in,ref] policy_handle *domain_handle,
998 [out,switch_is(level)] samr_DomainInfo *info
1001 /************************/
1005 how is this different from QueryUserInfo ??
1007 NTSTATUS samr_QueryUserInfo2(
1008 [in,ref] policy_handle *user_handle,
1010 [out,switch_is(level)] samr_UserInfo *info
1013 /************************/
1017 how is this different from QueryDisplayInfo??
1019 NTSTATUS samr_QueryDisplayInfo2(
1020 [in,ref] policy_handle *domain_handle,
1022 [in] uint32 start_idx,
1023 [in] uint32 max_entries,
1024 [in] uint32 buf_size,
1025 [out] uint32 total_size,
1026 [out] uint32 returned_size,
1027 [out,switch_is(level)] samr_DispInfo info
1030 /************************/
1034 how is this different from GetDisplayEnumerationIndex ??
1036 NTSTATUS samr_GetDisplayEnumerationIndex2(
1037 [in,ref] policy_handle *domain_handle,
1039 [in] lsa_String name,
1044 /************************/
1046 NTSTATUS samr_CreateUser2(
1047 [in,ref] policy_handle *domain_handle,
1048 [in,ref] lsa_String *account_name,
1049 [in] samr_AcctFlags acct_flags,
1050 [in] uint32 access_mask,
1051 [out,ref] policy_handle *user_handle,
1052 [out,ref] uint32 *access_granted,
1053 [out,ref] uint32 *rid
1057 /************************/
1061 another duplicate. There must be a reason ....
1063 NTSTATUS samr_QueryDisplayInfo3(
1064 [in,ref] policy_handle *domain_handle,
1066 [in] uint32 start_idx,
1067 [in] uint32 max_entries,
1068 [in] uint32 buf_size,
1069 [out] uint32 total_size,
1070 [out] uint32 returned_size,
1071 [out,switch_is(level)] samr_DispInfo info
1074 /************************/
1076 NTSTATUS samr_AddMultipleMembersToAlias(
1077 [in,ref] policy_handle *alias_handle,
1078 [in,ref] lsa_SidArray *sids
1081 /************************/
1083 NTSTATUS samr_RemoveMultipleMembersFromAlias(
1084 [in,ref] policy_handle *alias_handle,
1085 [in,ref] lsa_SidArray *sids
1088 /************************/
1091 NTSTATUS samr_OemChangePasswordUser2(
1092 [in] lsa_AsciiString *server,
1093 [in,ref] lsa_AsciiString *account,
1094 [in] samr_CryptPassword *password,
1095 [in] samr_Password *hash
1098 /************************/
1100 NTSTATUS samr_ChangePasswordUser2(
1101 [in] lsa_String *server,
1102 [in,ref] lsa_String *account,
1103 [in] samr_CryptPassword *nt_password,
1104 [in] samr_Password *nt_verifier,
1105 [in] boolean8 lm_change,
1106 [in] samr_CryptPassword *lm_password,
1107 [in] samr_Password *lm_verifier
1110 /************************/
1112 NTSTATUS samr_GetDomPwInfo(
1113 [in] lsa_String *domain_name,
1114 [out] samr_PwInfo info
1117 /************************/
1119 NTSTATUS samr_Connect2(
1120 [in,string,charset(UTF16)] uint16 *system_name,
1121 [in] uint32 access_mask,
1122 [out,ref] policy_handle *connect_handle
1125 /************************/
1128 seems to be an exact alias for samr_SetUserInfo()
1130 NTSTATUS samr_SetUserInfo2(
1131 [in,ref] policy_handle *user_handle,
1133 [in,ref,switch_is(level)] samr_UserInfo *info
1136 /************************/
1139 this one is mysterious. I have a few guesses, but nothing working yet
1141 NTSTATUS samr_SetBootKeyInformation(
1142 [in,ref] policy_handle *connect_handle,
1143 [in] uint32 unknown1,
1144 [in] uint32 unknown2,
1145 [in] uint32 unknown3
1148 /************************/
1150 NTSTATUS samr_GetBootKeyInformation(
1151 [in,ref] policy_handle *domain_handle,
1152 [out] uint32 unknown
1155 /************************/
1157 NTSTATUS samr_Connect3(
1158 [in,string,charset(UTF16)] uint16 *system_name,
1159 /* this unknown value seems to be completely ignored by w2k3 */
1160 [in] uint32 unknown,
1161 [in] uint32 access_mask,
1162 [out,ref] policy_handle *connect_handle
1165 /************************/
1167 NTSTATUS samr_Connect4(
1168 [in,string,charset(UTF16)] uint16 *system_name,
1169 [in] uint32 unknown,
1170 [in] uint32 access_mask,
1171 [out,ref] policy_handle *connect_handle
1174 /************************/
1177 declare enum samr_RejectReason;
1180 samr_RejectReason reason;
1183 } samr_ChangeReject;
1185 NTSTATUS samr_ChangePasswordUser3(
1186 [in] lsa_String *server,
1187 [in,ref] lsa_String *account,
1188 [in] samr_CryptPassword *nt_password,
1189 [in] samr_Password *nt_verifier,
1190 [in] boolean8 lm_change,
1191 [in] samr_CryptPassword *lm_password,
1192 [in] samr_Password *lm_verifier,
1193 [in] samr_CryptPassword *password3,
1194 [out] samr_DomInfo1 *dominfo,
1195 [out] samr_ChangeReject *reject
1198 /************************/
1202 uint32 unknown1; /* w2k3 gives 3 */
1203 uint32 unknown2; /* w2k3 gives 0 */
1204 } samr_ConnectInfo1;
1207 [case(1)] samr_ConnectInfo1 info1;
1210 NTSTATUS samr_Connect5(
1211 [in,string,charset(UTF16)] uint16 *system_name,
1212 [in] uint32 access_mask,
1213 [in,out] uint32 level,
1214 [in,out,switch_is(level),ref] samr_ConnectInfo *info,
1215 [out,ref] policy_handle *connect_handle
1218 /************************/
1220 NTSTATUS samr_RidToSid(
1221 [in,ref] policy_handle *domain_handle,
1227 /************************/
1231 this should set the DSRM password for the server, which is used
1232 when booting into Directory Services Recovery Mode on a DC. Win2003
1233 gives me NT_STATUS_NOT_SUPPORTED
1236 NTSTATUS samr_SetDsrmPassword(
1237 [in] lsa_String *name,
1238 [in] uint32 unknown,
1239 [in] samr_Password *hash
1243 /************************/
1246 I haven't been able to work out the format of this one yet.
1247 Seems to start with a switch level for a union?
1249 NTSTATUS samr_ValidatePassword();