ntdsapi.pas

详细Windows API大全有关知识以及相关问题

//      OUT LPCTSTR InstanceName,  // the InstanceName part of the SPN
//      OUT PUSHORT InstancePort          // instance port
//
// Note: lengths are in characters; all string lengths include terminators
// All arguments except pszSpn are optional.
//

function DsCrackSpnA(pszSpn: LPCSTR; pcServiceClass: LPDWORD; ServiceClass: LPSTR;
  pcServiceName: LPDWORD; ServiceName: LPSTR; pcInstanceName: LPDWORD;
  InstanceName: LPSTR; pInstancePort: PUSHORT): DWORD; stdcall;
{$EXTERNALSYM DsCrackSpnA}
function DsCrackSpnW(pszSpn: LPCWSTR; pcServiceClass: LPDWORD; ServiceClass: LPWSTR;
  pcServiceName: LPDWORD; ServiceName: LPWSTR; pcInstanceName: LPDWORD;
  InstanceName: LPWSTR; pInstancePort: PUSHORT): DWORD; stdcall;
{$EXTERNALSYM DsCrackSpnW}

{$IFDEF UNICODE}
function DsCrackSpn(pszSpn: LPCWSTR; pcServiceClass: LPDWORD; ServiceClass: LPWSTR;
  pcServiceName: LPDWORD; ServiceName: LPWSTR; pcInstanceName: LPDWORD;
  InstanceName: LPWSTR; pInstancePort: PUSHORT): DWORD; stdcall;
{$EXTERNALSYM DsCrackSpn}
{$ELSE}
function DsCrackSpn(pszSpn: LPCSTR; pcServiceClass: LPDWORD; ServiceClass: LPSTR;
  pcServiceName: LPDWORD; ServiceName: LPSTR; pcInstanceName: LPDWORD;
  InstanceName: LPSTR; pInstancePort: PUSHORT): DWORD; stdcall;
{$EXTERNALSYM DsCrackSpn}
{$ENDIF}


// ==========================================================
// DsWriteAccountSpn -- set or add SPNs for an account object
// Usually done by service itself, or perhaps by an admin.
//
// This call is RPC'd to the DC where the account object is stored, so it can
// securely enforce policy on what SPNs are allowed on the account. Direct LDAP
// writes to the SPN property are not allowed -- all writes must come through
// this RPC call. (Reads via // LDAP are OK.)
//
// The account object can be a machine accout, or a service (user) account.
//
// If called by the service to register itself, it can most easily get
// the names by calling DsGetSpn with each of the names that
// clients can use to find the service.
//
// IN SpnWriteOp eOp,                   // set, add
// IN LPCTSTR   pszAccount,             // DN of account to which to add SPN
// IN int       cSPN,                   // count of SPNs to add to account
// IN LPCTSTR   rpszSPN[]               // SPNs to add to altSecID property

function DsWriteAccountSpnA(hDS: HANDLE; Operation: DS_SPN_WRITE_OP;
  pszAccount: LPCSTR; cSpn: DWORD; rpszSpn: LPCSTR): DWORD; stdcall;
{$EXTERNALSYM DsWriteAccountSpnA}
function DsWriteAccountSpnW(hDS: HANDLE; Operation: DS_SPN_WRITE_OP;
  pszAccount: LPCWSTR; cSpn: DWORD; rpszSpn: LPCWSTR): DWORD; stdcall;
{$EXTERNALSYM DsWriteAccountSpnW}

{$IFDEF UNICODE}
function DsWriteAccountSpn(hDS: HANDLE; Operation: DS_SPN_WRITE_OP;
  pszAccount: LPCWSTR; cSpn: DWORD; rpszSpn: LPCWSTR): DWORD; stdcall;
{$EXTERNALSYM DsWriteAccountSpn}
{$ELSE}
function DsWriteAccountSpn(hDS: HANDLE; Operation: DS_SPN_WRITE_OP;
  pszAccount: LPCSTR; cSpn: DWORD; rpszSpn: LPCSTR): DWORD; stdcall;
{$EXTERNALSYM DsWriteAccountSpn}
{$ENDIF}

{++

Routine Description:

Constructs a Service Principal Name suitable to identify the desired server.
The service class and part of a dns hostname must be supplied.

This routine is a simplified wrapper to DsMakeSpn.
The ServiceName is made canonical by resolving through DNS.
Guid-based dns names are not supported.

The simplified SPN constructed looks like this:

ServiceClass / ServiceName / ServiceName

The instance name portion (2nd position) is always defaulted.  The port and
referrer fields are not used.

Arguments:

    ServiceClass - Class of service, defined by the service, can be any
        string unique to the service

    ServiceName - dns hostname, fully qualified or not
       Stringized IP address is also resolved if necessary

    pcSpnLength - IN, maximum length of buffer, in chars
                  OUT, space utilized, in chars, including terminator

    pszSpn - Buffer, atleast of length *pcSpnLength

Return Value:

    WINAPI - Win32 error code

--}

function DsClientMakeSpnForTargetServerA(ServiceClass: LPCSTR; ServiceName: LPCSTR;
  var pcSpnLength: DWORD; pszSpn: LPSTR): DWORD; stdcall;
{$EXTERNALSYM DsClientMakeSpnForTargetServerA}
function DsClientMakeSpnForTargetServerW(ServiceClass: LPCWSTR; ServiceName: LPCWSTR;
  var pcSpnLength: DWORD; pszSpn: LPWSTR): DWORD; stdcall;
{$EXTERNALSYM DsClientMakeSpnForTargetServerW}

{$IFDEF UNICODE}
function DsClientMakeSpnForTargetServer(ServiceClass: LPCWSTR; ServiceName: LPCWSTR;
  var pcSpnLength: DWORD; pszSpn: LPWSTR): DWORD; stdcall;
{$EXTERNALSYM DsClientMakeSpnForTargetServer}
{$ELSE}
function DsClientMakeSpnForTargetServer(ServiceClass: LPCSTR; ServiceName: LPCSTR;
  var pcSpnLength: DWORD; pszSpn: LPSTR): DWORD; stdcall;
{$EXTERNALSYM DsClientMakeSpnForTargetServer}
{$ENDIF}

{++
outine Description:

Register Service Principal Names for a server application.

This routine does the following:
1. Enumerates a list of server SPNs using DsGetSpn and the provided class
2. Determines the domain of the current user context
3. Determines the DN of the current user context if not supplied
4. Locates a domain controller
5. Binds to the domain controller
6. Uses DsWriteAccountSpn to write the SPNs on the named object DN
7. Unbinds

Construct server SPNs for this service, and write them to the right object.

If the userObjectDn is specified, the SPN is written to that object.

Otherwise the Dn is defaulted, to the user object, then computer.

Now, bind to the DS, and register the name on the object for the
user this service is running as.  So, if we're running as local
system, we'll register it on the computer object itself.  If we're
running as a domain user, we'll add the SPN to the user's object.

Arguments:

    Operation - What should be done with the values: add, replace or delete
    ServiceClass - Unique string identifying service
    UserObjectDN - Optional, dn of object to write SPN to

Return Value:

    WINAPI - Win32 error code

--}

function DsServerRegisterSpnA(Operation: DS_SPN_WRITE_OP; ServiceClass: LPCSTR;
  UserObjectDN: LPCSTR): DWORD; stdcall;
{$EXTERNALSYM DsServerRegisterSpnA}
function DsServerRegisterSpnW(Operation: DS_SPN_WRITE_OP; ServiceClass: LPCWSTR;
  UserObjectDN: LPCWSTR): DWORD; stdcall;
{$EXTERNALSYM DsServerRegisterSpnW}

{$IFDEF UNICODE}
function DsServerRegisterSpn(Operation: DS_SPN_WRITE_OP; ServiceClass: LPCWSTR;
  UserObjectDN: LPCWSTR): DWORD; stdcall;
{$EXTERNALSYM DsServerRegisterSpn}
{$ELSE}
function DsServerRegisterSpn(Operation: DS_SPN_WRITE_OP; ServiceClass: LPCSTR;
  UserObjectDN: LPCSTR): DWORD; stdcall;
{$EXTERNALSYM DsServerRegisterSpn}
{$ENDIF}

// DsReplicaSync.  The server that this call is executing on is called the
// destination.  The destination's naming context will be brought up to date
// with respect to a source system.  The source system is identified by the
// uuid.  The uuid is that of the source system's "NTDS Settings" object.
// The destination system must already be configured such that the source
// system is one of the systems from which it recieves replication data
// ("replication from"). This is usually done automatically by the KCC.
//
//  PARAMETERS:
//      pNC (DSNAME *)
//          Name of the NC to synchronize.
//      puuidSourceDRA (SZ)
//          objectGuid of DSA with which to synchronize the replica.
//      ulOptions (ULONG)
//          Bitwise OR of zero or more flags
//   RETURNS: WIN32 STATUS

function DsReplicaSyncA(hDS: HANDLE; NameContext: LPCSTR; pUuidDsaSrc: LPUUID;
  Options: ULONG): DWORD; stdcall;
{$EXTERNALSYM DsReplicaSyncA}
function DsReplicaSyncW(hDS: HANDLE; NameContext: LPCWSTR; pUuidDsaSrc: LPUUID;
  Options: ULONG): DWORD; stdcall;
{$EXTERNALSYM DsReplicaSyncW}

{$IFDEF UNICODE}
function DsReplicaSync(hDS: HANDLE; NameContext: LPCWSTR; pUuidDsaSrc: LPUUID;
  Options: ULONG): DWORD; stdcall;
{$EXTERNALSYM DsReplicaSync}
{$ELSE}
function DsReplicaSync(hDS: HANDLE; NameContext: LPCSTR; pUuidDsaSrc: LPUUID;
  Options: ULONG): DWORD; stdcall;
{$EXTERNALSYM DsReplicaSync}
{$ENDIF}

// DsReplicaAdd
//
{
Description:
   This call is executed on the destination.  It causes the destination to
   add a "replication from" reference to the indicated source system.

The source server is identified by string name, not uuid as with Sync.
The DsaSrcAddress parameter is the transport specific address of the source
DSA, usually its guid-based dns name.  The guid in the guid-based dns name is
the object-guid of that server's ntds-dsa (settings) object.

Arguments:

    pNC (IN) - NC for which to add the replica.  The NC record must exist
        locally as either an object (instantiated or not) or a reference
        phantom (i.e., a phantom with a guid).

    pSourceDsaDN (IN) - DN of the source DSA's ntdsDsa object.  Required if
        ulOptions includes DS_REPADD_ASYNCHRONOUS_REPLICA; ignored otherwise.

    pTransportDN (IN) - DN of the interSiteTransport object representing the
        transport by which to communicate with the source server.  Required if
        ulOptions includes INTERSITE_MESSAGING; ignored otherwise.

    pszSourceDsaAddress (IN) - Transport-specific address of the source DSA.

    pSchedule (IN) - Schedule by which to replicate the NC from this
        source in the future.

    ulOptions (IN) - flags
    RETURNS: WIN32 STATUS
}

function DsReplicaAddA(hDS: HANDLE; NameContext: LPCSTR; SourceDsaDn: LPCSTR;
  TransportDn: LPCSTR; SourceDsaAddress: LPCSTR; pSchedule: PSCHEDULE;
  Options: DWORD): DWORD; stdcall;
{$EXTERNALSYM DsReplicaAddA}
function DsReplicaAddW(hDS: HANDLE; NameContext: LPCWSTR; SourceDsaDn: LPCWSTR;
  TransportDn: LPCWSTR; SourceDsaAddress: LPCWSTR; pSchedule: PSCHEDULE;
  Options: DWORD): DWORD; stdcall;
{$EXTERNALSYM DsReplicaAddW}

{$IFDEF UNICODE}
function DsReplicaAdd(hDS: HANDLE; NameContext: LPCWSTR; SourceDsaDn: LPCWSTR;
  TransportDn: LPCWSTR; SourceDsaAddress: LPCWSTR; pSchedule: PSCHEDULE;
  Options: DWORD): DWORD; stdcall;
{$EXTERNALSYM DsReplicaAdd}
{$ELSE}
function DsReplicaAdd(hDS: HANDLE; NameContext: LPCSTR; SourceDsaDn: LPCSTR;
  TransportDn: LPCSTR; SourceDsaAddress: LPCSTR; pSchedule: PSCHEDULE;
  Options: DWORD): DWORD; stdcall;
{$EXTERNALSYM DsReplicaAdd}
{$ENDIF}

// DsReplicaDel
//
// The server that this call is executing on is the destination.  The call
// causes the destination to remove a "replication from" reference to the
// indicated source server.
// The source server is identified by string name, not uuid as with Sync.
// The DsaSrc parameter is the transport specific address of the source DSA,
// usually its guid-based dns name.  The guid in the guid-based dns name is
// the object-guid of that server's ntds-dsa (settings) object.
//
//  PARAMETERS:
//      pNC (DSNAME *)
//          Name of the NC for which to delete a source.
//      pszSourceDRA (SZ)
//          DSA for which to delete the source.
//      ulOptions (ULONG)
//          Bitwise OR of zero or more flags
//   RETURNS: WIN32 STATUS

function DsReplicaDelA(hDS: HANDLE; NameContext: LPCSTR; DsaSrc: LPCSTR;
  Options: ULONG): DWORD; stdcall;
{$EXTERNALSYM DsReplicaDelA}
function DsReplicaDelW(hDS: HANDLE; NameContext: LPCWSTR; DsaSrc: LPCWSTR;
  Options: ULONG): DWORD; stdcall;
{$EXTERNALSYM DsReplicaDelW}

{$IFDEF UNICODE}
function DsReplicaDel(hDS: HANDLE; NameContext: LPCWSTR; DsaSrc: LPCWSTR;
  Options: ULONG): DWORD; stdcall;
{$EXTERNALSYM DsReplicaDel}
{$ELSE}
function DsReplicaDel(hDS: HANDLE; NameContext: LPCSTR; DsaSrc: LPCSTR;
  Options: ULONG): DWORD; stdcall;
{$EXTERNALSYM DsReplicaDel}
{$ENDIF}

// DsReplicaModify
//
//
//  Modify a source for a given naming context
//
//  The value must already exist.
//
//  Either the UUID or the address may be used to identify the current value.
//  If a UUID is specified, the UUID will be used for comparison.  Otherwise,
//  the address will be used for comparison.
//
//  PARAMETERS:
//      pNC (DSNAME *)
//          Name of the NC for which the Reps-From should be modified.
//      puuidSourceDRA (UUID *)
//          Invocation-ID of the referenced DRA.  May be NULL if:
//            . ulModifyFields does not include DS_REPMOD_UPDATE_ADDRESS and
//            . pmtxSourceDRA is non-NULL.
//      puuidTransportObj (UUID *)
//          objectGuid of the transport by which replication is to be performed
//          Ignored if ulModifyFields does not include
//          DS_REPMOD_UPDATE_TRANSPORT.
//      pszSourceDRA (SZ)
//          DSA for which the reference should be added or deleted.  Ignored if
//          puuidSourceDRA is non-NULL and ulModifyFields does not include
//          DS_REPMOD_UPDATE_ADDRESS.
//      prtSchedule (REPLTIMES *)
//          Periodic replication schedule for this replica.  Ignored if
//          ulModifyFields does not include DS_REPMOD_UPDATE_SCHEDULE.
//      ulReplicaFlags (ULONG)
//          Flags to set for this replica.  Ignored if ulModifyFields does not
//          include DS_REPMOD_UPDATE_FLAGS.
//      ulModifyFields (ULONG)
//          Fields to update.  One or more of the following bit flags: