📄 ntdsapi.h
字号:
/*++ BUILD Version: 0001 // Increment this if a change has global effects
Copyright (c) 1996-1999 Microsoft Corporation
Module Name:
ntdsapi.h
Abstract:
This file contains structures, function prototypes, and definitions
for public NTDS APIs other than directory interfaces like LDAP.
Environment:
User Mode - Win32
Notes:
--*/
#ifndef _NTDSAPI_H_
#pragma option push -b -a8 -pc -A- /*P_O_Push*/
#define _NTDSAPI_H_
#if _MSC_VER > 1000
#pragma once
#endif
#include <schedule.h>
#if !defined(_NTDSAPI_)
#define NTDSAPI DECLSPEC_IMPORT
#else
#define NTDSAPI
#endif
#ifdef __cplusplus
extern "C" {
#endif
//////////////////////////////////////////////////////////////////////////
// //
// Data definitions //
// //
//////////////////////////////////////////////////////////////////////////
#ifdef MIDL_PASS
typedef GUID UUID;
typedef void * RPC_AUTH_IDENTITY_HANDLE;
typedef void VOID;
#endif
#define DS_DEFAULT_LOCALE \
(MAKELCID(MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US), \
SORT_DEFAULT))
#define DS_DEFAULT_LOCALE_COMPARE_FLAGS (NORM_IGNORECASE | \
NORM_IGNOREKANATYPE | \
NORM_IGNORENONSPACE | \
NORM_IGNOREWIDTH)
// When booted to DS mode, this event is signalled when the DS has completed
// its initial sync attempts. The period of time between system startup and
// this event's state being set is indeterminate from the local service's
// standpoint. In the meantime the contents of the DS should be considered
// incomplete / out-dated, and the machine will not be advertised as a domain
// controller to off-machine clients. Other local services that rely on
// information published in the DS should avoid accessing (or at least
// relying on) the contents of the DS until this event is set.
#define DS_SYNCED_EVENT_NAME "NTDSInitialSyncsCompleted"
#define DS_SYNCED_EVENT_NAME_W L"NTDSInitialSyncsCompleted"
// Permissions bits used in security descriptors in the directory.
#ifndef _DS_CONTROL_BITS_DEFINED_
#define _DS_CONTROL_BITS_DEFINED_
#define ACTRL_DS_OPEN 0x00000000
#define ACTRL_DS_CREATE_CHILD 0x00000001
#define ACTRL_DS_DELETE_CHILD 0x00000002
#define ACTRL_DS_LIST 0x00000004
#define ACTRL_DS_SELF 0x00000008
#define ACTRL_DS_READ_PROP 0x00000010
#define ACTRL_DS_WRITE_PROP 0x00000020
#define ACTRL_DS_DELETE_TREE 0x00000040
#define ACTRL_DS_LIST_OBJECT 0x00000080
#define ACTRL_DS_CONTROL_ACCESS 0x00000100
// generic read
#define DS_GENERIC_READ ((STANDARD_RIGHTS_READ) | \
(ACTRL_DS_LIST) | \
(ACTRL_DS_READ_PROP) | \
(ACTRL_DS_LIST_OBJECT))
// generic execute
#define DS_GENERIC_EXECUTE ((STANDARD_RIGHTS_EXECUTE) | \
(ACTRL_DS_LIST))
// generic right
#define DS_GENERIC_WRITE ((STANDARD_RIGHTS_WRITE) | \
(ACTRL_DS_SELF) | \
(ACTRL_DS_WRITE_PROP))
// generic all
#define DS_GENERIC_ALL ((STANDARD_RIGHTS_REQUIRED) | \
(ACTRL_DS_CREATE_CHILD) | \
(ACTRL_DS_DELETE_CHILD) | \
(ACTRL_DS_DELETE_TREE) | \
(ACTRL_DS_READ_PROP) | \
(ACTRL_DS_WRITE_PROP) | \
(ACTRL_DS_LIST) | \
(ACTRL_DS_LIST_OBJECT) | \
(ACTRL_DS_CONTROL_ACCESS) | \
(ACTRL_DS_SELF))
#endif
typedef enum
{
// unknown name type
DS_UNKNOWN_NAME = 0,
// eg: CN=Spencer Katt,OU=Users,DC=Engineering,DC=Widget,DC=Com
DS_FQDN_1779_NAME = 1,
// eg: Engineering\SpencerK
// Domain-only version includes trailing '\\'.
DS_NT4_ACCOUNT_NAME = 2,
// Probably "Spencer Katt" but could be something else. I.e. The
// display name is not necessarily the defining RDN.
DS_DISPLAY_NAME = 3,
// obsolete - see #define later
// DS_DOMAIN_SIMPLE_NAME = 4,
// obsolete - see #define later
// DS_ENTERPRISE_SIMPLE_NAME = 5,
// String-ized GUID as returned by IIDFromString().
// eg: {4fa050f0-f561-11cf-bdd9-00aa003a77b6}
DS_UNIQUE_ID_NAME = 6,
// eg: engineering.widget.com/software/spencer katt
// Domain-only version includes trailing '/'.
DS_CANONICAL_NAME = 7,
// eg: spencerk@engineering.widget.com
DS_USER_PRINCIPAL_NAME = 8,
// Same as DS_CANONICAL_NAME except that rightmost '/' is
// replaced with '\n' - even in domain-only case.
// eg: engineering.widget.com/software\nspencer katt
DS_CANONICAL_NAME_EX = 9,
// eg: www/www.widget.com@widget.com - generalized service principal
// names.
DS_SERVICE_PRINCIPAL_NAME = 10,
// This is the string representation of a SID. Invalid for formatDesired.
// See sddl.h for SID binary <--> text conversion routines.
// eg: S-1-5-21-397955417-626881126-188441444-501
DS_SID_OR_SID_HISTORY_NAME = 11
} DS_NAME_FORMAT;
// Map old name formats to closest new format so that old code builds
// against new headers w/o errors and still gets (almost) correct result.
#define DS_DOMAIN_SIMPLE_NAME DS_USER_PRINCIPAL_NAME
#define DS_ENTERPRISE_SIMPLE_NAME DS_USER_PRINCIPAL_NAME
typedef enum
{
DS_NAME_NO_FLAGS = 0x0,
// Perform a syntactical mapping at the client (if possible) without
// going out on the wire. Returns DS_NAME_ERROR_NO_SYNTACTICAL_MAPPING
// if a purely syntactical mapping is not possible.
DS_NAME_FLAG_SYNTACTICAL_ONLY = 0x1,
// Force a trip to the DC for evaluation, even if this could be
// locally cracked syntactically.
DS_NAME_FLAG_EVAL_AT_DC = 0x2
} DS_NAME_FLAGS;
typedef enum
{
DS_NAME_NO_ERROR = 0,
// Generic processing error.
DS_NAME_ERROR_RESOLVING = 1,
// Couldn't find the name at all - or perhaps caller doesn't have
// rights to see it.
DS_NAME_ERROR_NOT_FOUND = 2,
// Input name mapped to more than one output name.
DS_NAME_ERROR_NOT_UNIQUE = 3,
// Input name found, but not the associated output format.
// Can happen if object doesn't have all the required attributes.
DS_NAME_ERROR_NO_MAPPING = 4,
// Unable to resolve entire name, but was able to determine which
// domain object resides in. Thus DS_NAME_RESULT_ITEM?.pDomain
// is valid on return.
DS_NAME_ERROR_DOMAIN_ONLY = 5,
// Unable to perform a purely syntactical mapping at the client
// without going out on the wire.
DS_NAME_ERROR_NO_SYNTACTICAL_MAPPING = 6
} DS_NAME_ERROR;
#define DS_NAME_LEGAL_FLAGS (DS_NAME_FLAG_SYNTACTICAL_ONLY)
typedef enum {
// "paulle-nec.ntwksta.ms.com"
DS_SPN_DNS_HOST = 0,
// "cn=paulle-nec,ou=computers,dc=ntwksta,dc=ms,dc=com"
DS_SPN_DN_HOST = 1,
// "paulle-nec"
DS_SPN_NB_HOST = 2,
// "ntdev.ms.com"
DS_SPN_DOMAIN = 3,
// "ntdev"
DS_SPN_NB_DOMAIN = 4,
// "cn=anRpcService,cn=RPC Services,cn=system,dc=ms,dc=com"
// "cn=aWsService,cn=Winsock Services,cn=system,dc=ms,dc=com"
// "cn=aService,dc=itg,dc=ms,dc=com"
// "www.ms.com", "ftp.ms.com", "ldap.ms.com"
// "products.ms.com"
DS_SPN_SERVICE = 5
} DS_SPN_NAME_TYPE;
typedef enum { // example:
DS_SPN_ADD_SPN_OP = 0, // add SPNs
DS_SPN_REPLACE_SPN_OP = 1, // set all SPNs
DS_SPN_DELETE_SPN_OP = 2 // Delete SPNs
} DS_SPN_WRITE_OP;
typedef struct
{
DWORD status; // DS_NAME_ERROR
#ifdef MIDL_PASS
[string,unique] CHAR *pDomain; // DNS domain
[string,unique] CHAR *pName; // name in requested format
#else
LPSTR pDomain; // DNS domain
LPSTR pName; // name in requested format
#endif
} DS_NAME_RESULT_ITEMA, *PDS_NAME_RESULT_ITEMA;
typedef struct
{
DWORD cItems; // item count
#ifdef MIDL_PASS
[size_is(cItems)] PDS_NAME_RESULT_ITEMA rItems;
#else
PDS_NAME_RESULT_ITEMA rItems; // item array
#endif
} DS_NAME_RESULTA, *PDS_NAME_RESULTA;
typedef struct
{
DWORD status; // DS_NAME_ERROR
#ifdef MIDL_PASS
[string,unique] WCHAR *pDomain; // DNS domain
[string,unique] WCHAR *pName; // name in requested format
#else
LPWSTR pDomain; // DNS domain
LPWSTR pName; // name in requested format
#endif
} DS_NAME_RESULT_ITEMW, *PDS_NAME_RESULT_ITEMW;
typedef struct
{
DWORD cItems; // item count
#ifdef MIDL_PASS
[size_is(cItems)] PDS_NAME_RESULT_ITEMW rItems;
#else
PDS_NAME_RESULT_ITEMW rItems; // item array
#endif
} DS_NAME_RESULTW, *PDS_NAME_RESULTW;
#ifdef UNICODE
#define DS_NAME_RESULT DS_NAME_RESULTW
#define PDS_NAME_RESULT PDS_NAME_RESULTW
#define DS_NAME_RESULT_ITEM DS_NAME_RESULT_ITEMW
#define PDS_NAME_RESULT_ITEM PDS_NAME_RESULT_ITEMW
#else
#define DS_NAME_RESULT DS_NAME_RESULTA
#define PDS_NAME_RESULT PDS_NAME_RESULTA
#define DS_NAME_RESULT_ITEM DS_NAME_RESULT_ITEMA
#define PDS_NAME_RESULT_ITEM PDS_NAME_RESULT_ITEMA
#endif
// Public replication option flags
// ********************
// Replica Sync flags
// ********************
// Perform this operation asynchronously.
// Required when using DS_REPSYNC_ALL_SOURCES
#define DS_REPSYNC_ASYNCHRONOUS_OPERATION 0x00000001
// Writeable replica. Otherwise, read-only.
#define DS_REPSYNC_WRITEABLE 0x00000002
// This is a periodic sync request as scheduled by the admin.
#define DS_REPSYNC_PERIODIC 0x00000004
// Use inter-site messaging
#define DS_REPSYNC_INTERSITE_MESSAGING 0x00000008
// Sync from all sources.
#define DS_REPSYNC_ALL_SOURCES 0x00000010
// Sync starting from scratch (i.e., at the first USN).
#define DS_REPSYNC_FULL 0x00000020
// This is a notification of an update that was marked urgent.
#define DS_REPSYNC_URGENT 0x00000040
// Don't discard this synchronization request, even if a similar
// sync is pending.
#define DS_REPSYNC_NO_DISCARD 0x00000080
// Sync even if link is currently disabled.
#define DS_REPSYNC_FORCE 0x00000100
// Causes the source DSA to check if a reps-to is present for the local DSA
// (aka the destination). If not, one is added. This ensures that
// source sends change notifications.
#define DS_REPSYNC_ADD_REFERENCE 0x00000200
// A sync from this source has never completed (e.g., a new source).
#define DS_REPSYNC_NEVER_COMPLETED 0x00000400
// When this sync is complete, requests a sync in the opposite direction.
#define DS_REPSYNC_TWO_WAY 0x00000800
// ********************
// Replica Add flags
// ********************
// Perform this operation asynchronously.
#define DS_REPADD_ASYNCHRONOUS_OPERATION 0x00000001
// Create a writeable replica. Otherwise, read-only.
#define DS_REPADD_WRITEABLE 0x00000002
// Sync the NC from this source when the DSA is started.
#define DS_REPADD_INITIAL 0x00000004
// Sync the NC from this source periodically, as defined by the
// schedule passed in the preptimesSync argument.
#define DS_REPADD_PERIODIC 0x00000008
// Sync from the source DSA via an Intersite Messaging Service (ISM) transport
// (e.g., SMTP) rather than native DS RPC.
#define DS_REPADD_INTERSITE_MESSAGING 0x00000010
// Don't replicate the NC now -- just save enough state such that we
// know to replicate it later.
#define DS_REPADD_ASYNCHRONOUS_REPLICA 0x00000020
// Disable notification-based synchronization for the NC from this source.
// This is expected to be a temporary state; the similar flag
// DS_REPADD_NEVER_NOTIFY should be used if the disable is to be more permanent.
#define DS_REPADD_DISABLE_NOTIFICATION 0x00000040
// Disable periodic synchronization for the NC from this source
#define DS_REPADD_DISABLE_PERIODIC 0x00000080
// Use compression when replicating. Saves message size (e.g., network
// bandwidth) at the expense of extra CPU overhead at both the source and
// destination servers.
#define DS_REPADD_USE_COMPRESSION 0x00000100
// Do not request change notifications from this source. When this flag is
// set, the source will not notify the destination when changes occur.
// Recommended for all intersite replication, which may occur over WAN links.
// This is expected to be a more or less permanent state; the similar flag
// DS_REPADD_DISABLE_NOTIFICATION should be used if notifications are to be
// disabled only temporarily.
#define DS_REPADD_NEVER_NOTIFY 0x00000200
// ********************
// Replica Delete flags
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -