📄 ntdsapi.h
字号:
NTDSAPI
DWORD
WINAPI
DsMakeSpnW(
IN LPCWSTR ServiceClass,
IN LPCWSTR ServiceName,
IN LPCWSTR InstanceName,
IN USHORT InstancePort,
IN LPCWSTR Referrer,
IN OUT DWORD *pcSpnLength,
OUT LPWSTR pszSpn
);
NTDSAPI
DWORD
WINAPI
DsMakeSpnA(
IN LPCSTR ServiceClass,
IN LPCSTR ServiceName,
IN LPCSTR InstanceName,
IN USHORT InstancePort,
IN LPCSTR Referrer,
IN OUT DWORD *pcSpnLength,
OUT LPSTR pszSpn
);
#ifdef UNICODE
#define DsMakeSpn DsMakeSpnW
#else
#define DsMakeSpn DsMakeSpnA
#endif
// ==========================================================
// DsGetSPN -- server's call to gets SPNs for a service name by which it is
// known to clients. N.B.: there may be more than one name by which clients
// know it the SPNs are then passed to DsAddAccountSpn to register them in
// the DS
//
// IN SpnNameType eType,
// IN LPCTSTR ServiceClass,
// kind of service -- "http", "ldap", "ftp", etc.
// IN LPCTSTR ServiceName OPTIONAL,
// name of service -- DN or DNS; not needed for host-based
// IN USHORT InstancePort,
// port number (0 => default) for instances
// IN USHORT cInstanceNames,
// count of extra instance names and ports (0=>use gethostbyname)
// IN LPCTSTR InstanceNames[] OPTIONAL,
// extra instance names (not used for host names)
// IN USHORT InstancePorts[] OPTIONAL,
// extra instance ports (0 => default)
// IN OUT PULONG pcSpn, // count of SPNs
// IN OUT LPTSTR * prpszSPN[]
// a bunch of SPNs for this service; free with DsFreeSpnArray
NTDSAPI
DWORD
WINAPI
DsGetSpnA(
IN DS_SPN_NAME_TYPE ServiceType,
IN LPCSTR ServiceClass,
IN LPCSTR ServiceName,
IN USHORT InstancePort,
IN USHORT cInstanceNames,
IN LPCSTR *pInstanceNames,
IN const USHORT *pInstancePorts,
OUT DWORD *pcSpn,
OUT LPSTR **prpszSpn
);
NTDSAPI
DWORD
WINAPI
DsGetSpnW(
IN DS_SPN_NAME_TYPE ServiceType,
IN LPCWSTR ServiceClass,
IN LPCWSTR ServiceName,
IN USHORT InstancePort,
IN USHORT cInstanceNames,
IN LPCWSTR *pInstanceNames,
IN const USHORT *pInstancePorts,
OUT DWORD *pcSpn,
OUT LPWSTR **prpszSpn
);
#ifdef UNICODE
#define DsGetSpn DsGetSpnW
#else
#define DsGetSpn DsGetSpnA
#endif
// ==========================================================
// DsFreeSpnArray() -- Free array returned by DsGetSpn{A,W}
NTDSAPI
void
WINAPI
DsFreeSpnArrayA(
IN DWORD cSpn,
IN OUT LPSTR *rpszSpn
);
NTDSAPI
void
WINAPI
DsFreeSpnArrayW(
IN DWORD cSpn,
IN OUT LPWSTR *rpszSpn
);
#ifdef UNICODE
#define DsFreeSpnArray DsFreeSpnArrayW
#else
#define DsFreeSpnArray DsFreeSpnArrayA
#endif
// ==========================================================
// DsCrackSpn() -- parse an SPN into the ServiceClass,
// ServiceName, and InstanceName (and InstancePort) pieces.
// An SPN is passed in, along with a pointer to the maximum length
// for each piece and a pointer to a buffer where each piece should go.
// On exit, the maximum lengths are updated to the actual length for each piece
// and the buffer contain the appropriate piece. The InstancePort is 0 if not
// present.
//
// DWORD DsCrackSpn(
// IN LPTSTR pszSPN, // the SPN to parse
// IN OUT PUSHORT pcServiceClass, // input -- max length of ServiceClass;
// output -- actual length
// OUT LPCTSTR ServiceClass, // the ServiceClass part of the SPN
// IN OUT PUSHORT pcServiceName, // input -- max length of ServiceName;
// output -- actual length
// OUT LPCTSTR ServiceName, // the ServiceName part of the SPN
// IN OUT PUSHORT pcInstance, // input -- max length of ServiceClass;
// output -- actual length
// OUT LPCTSTR InstanceName, // the InstanceName part of the SPN
// OUT PUSHORT InstancePort // instance port
//
// Note: lengths are in characters; all string lengths include terminators
// All arguments except pszSpn are optional.
//
NTDSAPI
DWORD
WINAPI
DsCrackSpnA(
IN LPCSTR pszSpn,
IN OUT LPDWORD pcServiceClass,
OUT LPSTR ServiceClass,
IN OUT LPDWORD pcServiceName,
OUT LPSTR ServiceName,
IN OUT LPDWORD pcInstanceName,
OUT LPSTR InstanceName,
OUT USHORT *pInstancePort
);
NTDSAPI
DWORD
WINAPI
DsCrackSpnW(
IN LPCWSTR pszSpn,
IN OUT DWORD *pcServiceClass,
OUT LPWSTR ServiceClass,
IN OUT DWORD *pcServiceName,
OUT LPWSTR ServiceName,
IN OUT DWORD *pcInstanceName,
OUT LPWSTR InstanceName,
OUT USHORT *pInstancePort
);
#ifdef UNICODE
#define DsCrackSpn DsCrackSpnW
#else
#define DsCrackSpn DsCrackSpnA
#endif
// ==========================================================
// DsWriteAccountSpn -- set or add SPNs for an account object
// Usually done by service itself, or perhaps by an admin.
//
// This call is RPC'd to the DC where the account object is stored, so it can
// securely enforce policy on what SPNs are allowed on the account. Direct LDAP
// writes to the SPN property are not allowed -- all writes must come through
// this RPC call. (Reads via // LDAP are OK.)
//
// The account object can be a machine accout, or a service (user) account.
//
// If called by the service to register itself, it can most easily get
// the names by calling DsGetSpn with each of the names that
// clients can use to find the service.
//
// IN SpnWriteOp eOp, // set, add
// IN LPCTSTR pszAccount, // DN of account to which to add SPN
// IN int cSPN, // count of SPNs to add to account
// IN LPCTSTR rpszSPN[] // SPNs to add to altSecID property
NTDSAPI
DWORD
WINAPI
DsWriteAccountSpnA(
IN HANDLE hDS,
IN DS_SPN_WRITE_OP Operation,
IN LPCSTR pszAccount,
IN DWORD cSpn,
IN LPCSTR *rpszSpn
);
NTDSAPI
DWORD
WINAPI
DsWriteAccountSpnW(
IN HANDLE hDS,
IN DS_SPN_WRITE_OP Operation,
IN LPCWSTR pszAccount,
IN DWORD cSpn,
IN LPCWSTR *rpszSpn
);
#ifdef UNICODE
#define DsWriteAccountSpn DsWriteAccountSpnW
#else
#define DsWriteAccountSpn DsWriteAccountSpnA
#endif
/*++
Routine Description:
Constructs a Service Principal Name suitable to identify the desired server.
The service class and part of a dns hostname must be supplied.
This routine is a simplified wrapper to DsMakeSpn.
The ServiceName is made canonical by resolving through DNS.
Guid-based dns names are not supported.
The simplified SPN constructed looks like this:
ServiceClass / ServiceName / ServiceName
The instance name portion (2nd position) is always defaulted. The port and
referrer fields are not used.
Arguments:
ServiceClass - Class of service, defined by the service, can be any
string unique to the service
ServiceName - dns hostname, fully qualified or not
Stringized IP address is also resolved if necessary
pcSpnLength - IN, maximum length of buffer, in chars
OUT, space utilized, in chars, including terminator
pszSpn - Buffer, atleast of length *pcSpnLength
Return Value:
WINAPI - Win32 error code
--*/
NTDSAPI
DWORD
WINAPI
DsClientMakeSpnForTargetServerW(
IN LPCWSTR ServiceClass,
IN LPCWSTR ServiceName,
IN OUT DWORD *pcSpnLength,
OUT LPWSTR pszSpn
);
NTDSAPI
DWORD
WINAPI
DsClientMakeSpnForTargetServerA(
IN LPCSTR ServiceClass,
IN LPCSTR ServiceName,
IN OUT DWORD *pcSpnLength,
OUT LPSTR pszSpn
);
#ifdef UNICODE
#define DsClientMakeSpnForTargetServer DsClientMakeSpnForTargetServerW
#else
#define DsClientMakeSpnForTargetServer DsClientMakeSpnForTargetServerA
#endif
/*++
Routine Description:
Register Service Principal Names for a server application.
This routine does the following:
1. Enumerates a list of server SPNs using DsGetSpn and the provided class
2. Determines the domain of the current user context
3. Determines the DN of the current user context if not supplied
4. Locates a domain controller
5. Binds to the domain controller
6. Uses DsWriteAccountSpn to write the SPNs on the named object DN
7. Unbinds
Construct server SPNs for this service, and write them to the right object.
If the userObjectDn is specified, the SPN is written to that object.
Otherwise the Dn is defaulted, to the user object, then computer.
Now, bind to the DS, and register the name on the object for the
user this service is running as. So, if we're running as local
system, we'll register it on the computer object itself. If we're
running as a domain user, we'll add the SPN to the user's object.
Arguments:
Operation - What should be done with the values: add, replace or delete
ServiceClass - Unique string identifying service
UserObjectDN - Optional, dn of object to write SPN to
Return Value:
WINAPI - Win32 error code
--*/
NTDSAPI
DWORD
WINAPI
DsServerRegisterSpnA(
IN DS_SPN_WRITE_OP Operation,
IN LPCSTR ServiceClass,
IN LPCSTR UserObjectDN
);
NTDSAPI
DWORD
WINAPI
DsServerRegisterSpnW(
IN DS_SPN_WRITE_OP Operation,
IN LPCWSTR ServiceClass,
IN LPCWSTR UserObjectDN
);
#ifdef UNICODE
#define DsServerRegisterSpn DsServerRegisterSpnW
#else
#define DsServerRegisterSpn DsServerRegisterSpnA
#endif
// DsReplicaSync. The server that this call is executing on is called the
// destination. The destination's naming context will be brought up to date
// with respect to a source system. The source system is identified by the
// uuid. The uuid is that of the source system's "NTDS Settings" object.
// The destination system must already be configured such that the source
// system is one of the systems from which it recieves replication data
// ("replication from"). This is usually done automatically by the KCC.
//
// PARAMETERS:
// pNC (DSNAME *)
// Name of the NC to synchronize.
// puuidSourceDRA (SZ)
// objectGuid of DSA with which to synchronize the replica.
// ulOptions (ULONG)
// Bitwise OR of zero or more flags
// RETURNS: WIN32 STATUS
NTDSAPI
DWORD
WINAPI
DsReplicaSyncA(
IN HANDLE hDS,
IN LPCSTR NameContext,
IN const UUID *pUuidDsaSrc,
IN ULONG Options
);
NTDSAPI
DWORD
WINAPI
DsReplicaSyncW(
IN HANDLE hDS,
IN LPCWSTR NameContext,
IN const UUID *pUuidDsaSrc,
IN ULONG Options
);
#ifdef UNICODE
#define DsReplicaSync DsReplicaSyncW
#else
#define DsReplicaSync DsReplicaSyncA
#endif
// DsReplicaAdd
//
/*
Description:
This call is executed on the destination. It causes the destination to
add a "replication from" reference to the indicated source system.
The source server is identified by string name, not uuid as with Sync.
The DsaSrcAddress parameter is the transport specific address of the source
DSA, usually its guid-based dns name. The guid in the guid-based dns name is
the object-guid of that server's ntds-dsa (settings) object.
Arguments:
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -