G
gremat
Guest
Hi!
Prerequisites:
Local user account named "FooBar" created
Computer/machine joined to domain named "FooBar", i.e., both strings are equal
Problem:
A call to LookupAccountName (winbase.h, Advapi32.dll) given an empty lpSystemName and using an isolated lpAccountName, i.e., "FooBar" instead of "MyMachine\FooBar", returns a SID structure that does not point to the machine-local user account "FooBar" but to the account of the domain "FooBar", i.e., SidTypeDomain (see SID_NAME_USE Enumeration).
Now, the documentation on LookupAccountName inarguably states that you have to use a "fully qualified account name [...] to ensure that LookupAccountName finds the account in the desired domain". But it also says that it will attempt to find a SID checking well-known SIDs first, then built-in and administratively defined local accounts, and only next check the primary domain.
Question:
Is the documentation ambiguous, or does it not reflect correctly what happens actually?
Best regards.
More...
Prerequisites:
Local user account named "FooBar" created
Computer/machine joined to domain named "FooBar", i.e., both strings are equal
Problem:
A call to LookupAccountName (winbase.h, Advapi32.dll) given an empty lpSystemName and using an isolated lpAccountName, i.e., "FooBar" instead of "MyMachine\FooBar", returns a SID structure that does not point to the machine-local user account "FooBar" but to the account of the domain "FooBar", i.e., SidTypeDomain (see SID_NAME_USE Enumeration).
Now, the documentation on LookupAccountName inarguably states that you have to use a "fully qualified account name [...] to ensure that LookupAccountName finds the account in the desired domain". But it also says that it will attempt to find a SID checking well-known SIDs first, then built-in and administratively defined local accounts, and only next check the primary domain.
Question:
Is the documentation ambiguous, or does it not reflect correctly what happens actually?
Best regards.
More...