/packages/winunits-jedi/src/jwantdsapi.pas
Pascal | 5268 lines | 2848 code | 687 blank | 1733 comment | 1 complexity | 2fa5e6104dbfdbaeef6739aea0fb8c06 MD5 | raw file
Possible License(s): LGPL-2.0, LGPL-2.1, LGPL-3.0
Large files files are truncated, but you can click here to view the full file
- {******************************************************************************}
- { }
- { DC and Replication Management API interface Unit for Object Pascal }
- { }
- { Portions created by Microsoft are Copyright (C) 1995-2001 Microsoft }
- { Corporation. All Rights Reserved. }
- { }
- { The original file is: ntdsapi.h, released June 2000. The original Pascal }
- { code is: NtDsApi.pas, released December 2000. The initial developer of the }
- { Pascal code is Marcel van Brakel (brakelm att chello dott nl). }
- { }
- { Portions created by Marcel van Brakel are Copyright (C) 1999-2001 }
- { Marcel van Brakel. All Rights Reserved. }
- { }
- { Obtained through: Joint Endeavour of Delphi Innovators (Project JEDI) }
- { }
- { You may retrieve the latest version of this file at the Project JEDI }
- { APILIB home page, located at http://jedi-apilib.sourceforge.net }
- { }
- { The contents of this file are used with permission, subject to the Mozilla }
- { Public License Version 1.1 (the "License"); you may not use this file except }
- { in compliance with the License. You may obtain a copy of the License at }
- { http://www.mozilla.org/MPL/MPL-1.1.html }
- { }
- { Software distributed under the License is distributed on an "AS IS" basis, }
- { WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for }
- { the specific language governing rights and limitations under the License. }
- { }
- { Alternatively, the contents of this file may be used under the terms of the }
- { GNU Lesser General Public License (the "LGPL License"), in which case the }
- { provisions of the LGPL License are applicable instead of those above. }
- { If you wish to allow use of your version of this file only under the terms }
- { of the LGPL License and not to allow others to use your version of this file }
- { under the MPL, indicate your decision by deleting the provisions above and }
- { replace them with the notice and other provisions required by the LGPL }
- { License. If you do not delete the provisions above, a recipient may use }
- { your version of this file under either the MPL or the LGPL License. }
- { }
- { For more information about the LGPL: http://www.gnu.org/copyleft/lesser.html }
- { }
- {******************************************************************************}
- // $Id: JwaNtDsApi.pas,v 1.12 2007/09/05 11:58:51 dezipaitor Exp $
- {$IFNDEF JWA_OMIT_SECTIONS}
- unit JwaNtDsApi;
- {$WEAKPACKAGEUNIT}
- {$ENDIF JWA_OMIT_SECTIONS}
- {$HPPEMIT ''}
- {$HPPEMIT '#include "ntdsapi.h"'}
- {$HPPEMIT ''}
- {$HPPEMIT 'typedef PDS_REPSYNCALL_ERRINFOW *PPDS_REPSYNCALL_ERRINFOW'}
- {$HPPEMIT 'typedef PDS_REPSYNCALL_ERRINFOA *PPDS_REPSYNCALL_ERRINFOA'}
- {$HPPEMIT '#ifdef UNICODE'}
- {$HPPEMIT 'typedef PPDS_REPSYNCALL_ERRINFOW PPDS_REPSYNCALL_ERRINFO'}
- {$HPPEMIT '#else'}
- {$HPPEMIT 'typedef PPDS_REPSYNCALL_ERRINFOA PPDS_REPSYNCALL_ERRINFO'}
- {$HPPEMIT '#endif'}
- {$HPPEMIT ''}
- {$IFNDEF JWA_OMIT_SECTIONS}
- {$I jediapilib.inc}
- interface
- uses
- JwaWinBase, JwaWinType, JwaWinNT, JwaWinNLS, JwaRpcDce, JwaSchedule;
- {$ENDIF JWA_OMIT_SECTIONS}
- {$IFNDEF JWA_IMPLEMENTATIONSECTION}
- //////////////////////////////////////////////////////////////////////////
- // //
- // Data definitions //
- // //
- //////////////////////////////////////////////////////////////////////////
- // Following constants define the Active Directory Behavior
- // Version numbers.
- const
- DS_BEHAVIOR_WIN2000 = 0;
- {$EXTERNALSYM DS_BEHAVIOR_WIN2000}
- DS_BEHAVIOR_WIN_DOT_NET_WITH_MIXED_DOMAINS = 1;
- {$EXTERNALSYM DS_BEHAVIOR_WIN_DOT_NET_WITH_MIXED_DOMAINS}
- DS_BEHAVIOR_WIN_DOT_NET = 2;
- {$EXTERNALSYM DS_BEHAVIOR_WIN_DOT_NET}
- // (MAKELCID(MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US), SORT_DEFAULT))
- DS_DEFAULT_LOCALE = DWORD((DWORD(SORT_DEFAULT) shl 16) or ((SUBLANG_ENGLISH_US shl 10) or LANG_ENGLISH));
- {$EXTERNALSYM DS_DEFAULT_LOCALE}
- DS_DEFAULT_LOCALE_COMPARE_FLAGS = (NORM_IGNORECASE or NORM_IGNOREKANATYPE or
- NORM_IGNORENONSPACE or NORM_IGNOREWIDTH or SORT_STRINGSORT);
- {$EXTERNALSYM DS_DEFAULT_LOCALE_COMPARE_FLAGS}
- // When booted to DS mode, this event is signalled when the DS has completed
- // its initial sync attempts. The period of time between system startup and
- // this event's state being set is indeterminate from the local service's
- // standpoint. In the meantime the contents of the DS should be considered
- // incomplete / out-dated, and the machine will not be advertised as a domain
- // controller to off-machine clients. Other local services that rely on
- // information published in the DS should avoid accessing (or at least
- // relying on) the contents of the DS until this event is set.
- DS_SYNCED_EVENT_NAME = 'NTDSInitialSyncsCompleted';
- {$EXTERNALSYM DS_SYNCED_EVENT_NAME}
- DS_SYNCED_EVENT_NAME_W = 'NTDSInitialSyncsCompleted';
- {$EXTERNALSYM DS_SYNCED_EVENT_NAME_W}
- {$IFNDEF JWA_INCLUDEMODE}
- // Permissions bits used in security descriptors in the directory.
- ACTRL_DS_OPEN = $00000000;
- {$EXTERNALSYM ACTRL_DS_OPEN}
- ACTRL_DS_CREATE_CHILD = $00000001;
- {$EXTERNALSYM ACTRL_DS_CREATE_CHILD}
- ACTRL_DS_DELETE_CHILD = $00000002;
- {$EXTERNALSYM ACTRL_DS_DELETE_CHILD}
- ACTRL_DS_LIST = $00000004;
- {$EXTERNALSYM ACTRL_DS_LIST}
- ACTRL_DS_SELF = $00000008;
- {$EXTERNALSYM ACTRL_DS_SELF}
- ACTRL_DS_READ_PROP = $00000010;
- {$EXTERNALSYM ACTRL_DS_READ_PROP}
- ACTRL_DS_WRITE_PROP = $00000020;
- {$EXTERNALSYM ACTRL_DS_WRITE_PROP}
- ACTRL_DS_DELETE_TREE = $00000040;
- {$EXTERNALSYM ACTRL_DS_DELETE_TREE}
- ACTRL_DS_LIST_OBJECT = $00000080;
- {$EXTERNALSYM ACTRL_DS_LIST_OBJECT}
- ACTRL_DS_CONTROL_ACCESS = $00000100;
- {$EXTERNALSYM ACTRL_DS_CONTROL_ACCESS}
- {$ENDIF JWA_INCLUDEMODE}
- // generic read
- DS_GENERIC_READ = STANDARD_RIGHTS_READ or ACTRL_DS_LIST or ACTRL_DS_READ_PROP or
- ACTRL_DS_LIST_OBJECT;
- {$EXTERNALSYM DS_GENERIC_READ}
- // generic execute
- DS_GENERIC_EXECUTE = STANDARD_RIGHTS_EXECUTE or ACTRL_DS_LIST;
- {$EXTERNALSYM DS_GENERIC_EXECUTE}
- // generic right
- DS_GENERIC_WRITE = STANDARD_RIGHTS_WRITE or ACTRL_DS_SELF or ACTRL_DS_WRITE_PROP;
- {$EXTERNALSYM DS_GENERIC_WRITE}
- // generic all
- DS_GENERIC_ALL = STANDARD_RIGHTS_REQUIRED or ACTRL_DS_CREATE_CHILD or
- ACTRL_DS_DELETE_CHILD or ACTRL_DS_DELETE_TREE or ACTRL_DS_READ_PROP or
- ACTRL_DS_WRITE_PROP or ACTRL_DS_LIST or ACTRL_DS_LIST_OBJECT or
- ACTRL_DS_CONTROL_ACCESS or ACTRL_DS_SELF;
- {$EXTERNALSYM DS_GENERIC_ALL}
- type
- DS_NAME_FORMAT = (
- // unknown name type
- DS_UNKNOWN_NAME,
- // eg: CN=User Name,OU=Users,DC=Example,DC=Microsoft,DC=Com
- DS_FQDN_1779_NAME,
- // eg: Exmaple\UserName
- // Domain-only version includes trailing '\\'.
- DS_NT4_ACCOUNT_NAME,
- // Probably "User Name" but could be something else. I.e. The
- // display name is not necessarily the defining RDN.
- DS_DISPLAY_NAME,
- // obsolete - see #define later
- // DS_DOMAIN_SIMPLE_NAME,
- DS_STUB_4,
- // obsolete - see #define later
- // DS_ENTERPRISE_SIMPLE_NAME,
- DS_STUB_5,
- // String-ized GUID as returned by IIDFromString().
- // eg: {4fa050f0-f561-11cf-bdd9-00aa003a77b6}
- DS_UNIQUE_ID_NAME,
- // eg: example.microsoft.com/software/user name
- // Domain-only version includes trailing '/'.
- DS_CANONICAL_NAME,
- // eg: usern@example.microsoft.com
- DS_USER_PRINCIPAL_NAME,
- // Same as DS_CANONICAL_NAME except that rightmost '/' is
- // replaced with '\n' - even in domain-only case.
- // eg: example.microsoft.com/software\nuser name
- DS_CANONICAL_NAME_EX,
- // eg: www/www.microsoft.com@example.com - generalized service principal
- // names.
- DS_SERVICE_PRINCIPAL_NAME,
- // This is the string representation of a SID. Invalid for formatDesired.
- // See sddl.h for SID binary <--> text conversion routines.
- // eg: S-1-5-21-397955417-626881126-188441444-501
- DS_SID_OR_SID_HISTORY_NAME,
- // Pseudo-name format so GetUserNameEx can return the DNS domain name to
- // a caller. This level is not supported by the DS APIs.
- DS_DNS_DOMAIN_NAME);
- {$EXTERNALSYM DS_NAME_FORMAT}
- TDsNameFormat = DS_NAME_FORMAT;
- // Map old name formats to closest new format so that old code builds
- // against new headers w/o errors and still gets (almost) correct result.
- const
- DS_DOMAIN_SIMPLE_NAME = DS_USER_PRINCIPAL_NAME;
- {$EXTERNALSYM DS_DOMAIN_SIMPLE_NAME}
- DS_ENTERPRISE_SIMPLE_NAME = DS_USER_PRINCIPAL_NAME;
- {$EXTERNALSYM DS_ENTERPRISE_SIMPLE_NAME}
- type
- DS_NAME_FLAGS = DWORD;
- {$EXTERNALSYM DS_NAME_FLAGS}
- TDsNameFlags = DS_NAME_FLAGS;
- const
- DS_NAME_NO_FLAGS = $0;
- {$EXTERNALSYM DS_NAME_NO_FLAGS}
- // Perform a syntactical mapping at the client (if possible) without
- // going out on the wire. Returns DS_NAME_ERROR_NO_SYNTACTICAL_MAPPING
- // if a purely syntactical mapping is not possible.
- DS_NAME_FLAG_SYNTACTICAL_ONLY = $1;
- {$EXTERNALSYM DS_NAME_FLAG_SYNTACTICAL_ONLY}
- // Force a trip to the DC for evaluation, even if this could be
- // locally cracked syntactically.
- DS_NAME_FLAG_EVAL_AT_DC = $2;
- {$EXTERNALSYM DS_NAME_FLAG_EVAL_AT_DC}
- // The call fails if the DC is not a GC
- DS_NAME_FLAG_GCVERIFY = $4;
- {$EXTERNALSYM DS_NAME_FLAG_GCVERIFY}
- // Enable cross forest trust referral
- DS_NAME_FLAG_TRUST_REFERRAL = $8;
- {$EXTERNALSYM DS_NAME_FLAG_TRUST_REFERRAL}
- type
- DS_NAME_ERROR = (
- DS_NAME_NO_ERROR,
- // Generic processing error.
- DS_NAME_ERROR_RESOLVING,
- // Couldn't find the name at all - or perhaps caller doesn't have
- // rights to see it.
- DS_NAME_ERROR_NOT_FOUND,
- // Input name mapped to more than one output name.
- DS_NAME_ERROR_NOT_UNIQUE,
- // Input name found, but not the associated output format.
- // Can happen if object doesn't have all the required attributes.
- DS_NAME_ERROR_NO_MAPPING,
- // Unable to resolve entire name, but was able to determine which
- // domain object resides in. Thus DS_NAME_RESULT_ITEM?.pDomain
- // is valid on return.
- DS_NAME_ERROR_DOMAIN_ONLY,
- // Unable to perform a purely syntactical mapping at the client
- // without going out on the wire.
- DS_NAME_ERROR_NO_SYNTACTICAL_MAPPING,
- // The name is from an external trusted forest.
- DS_NAME_ERROR_TRUST_REFERRAL);
- {$EXTERNALSYM DS_NAME_ERROR}
- TDsNameError = DS_NAME_ERROR;
- const
- DS_NAME_LEGAL_FLAGS = DS_NAME_FLAG_SYNTACTICAL_ONLY;
- {$EXTERNALSYM DS_NAME_LEGAL_FLAGS}
- type
- DS_SPN_NAME_TYPE = (
- // "paulle-nec.ntwksta.ms.com"
- DS_SPN_DNS_HOST,
- // "cn=paulle-nec,ou=computers,dc=ntwksta,dc=ms,dc=com"
- DS_SPN_DN_HOST,
- // "paulle-nec"
- DS_SPN_NB_HOST,
- // "ntdev.ms.com"
- DS_SPN_DOMAIN,
- // "ntdev"
- DS_SPN_NB_DOMAIN,
- // "cn=anRpcService,cn=RPC Services,cn=system,dc=ms,dc=com"
- // "cn=aWsService,cn=Winsock Services,cn=system,dc=ms,dc=com"
- // "cn=aService,dc=itg,dc=ms,dc=com"
- // "www.ms.com", "ftp.ms.com", "ldap.ms.com"
- // "products.ms.com"
- DS_SPN_SERVICE);
- {$EXTERNALSYM DS_SPN_NAME_TYPE}
- TDsSpnNameType = DS_SPN_NAME_TYPE;
- DS_SPN_WRITE_OP = (
- DS_SPN_ADD_SPN_OP, // add SPNs
- DS_SPN_REPLACE_SPN_OP, // set all SPNs
- DS_SPN_DELETE_SPN_OP); // Delete SPNs
- {$EXTERNALSYM DS_SPN_WRITE_OP}
- TDsSpnWriteOp = DS_SPN_WRITE_OP;
- PDS_NAME_RESULT_ITEMA = ^DS_NAME_RESULT_ITEMA;
- {$EXTERNALSYM PDS_NAME_RESULT_ITEMA}
- DS_NAME_RESULT_ITEMA = record
- status: DWORD; // DS_NAME_ERROR
- pDomain: LPSTR; // DNS domain
- pName: LPSTR; // name in requested format
- end;
- {$EXTERNALSYM DS_NAME_RESULT_ITEMA}
- TDsNameResultItemA = DS_NAME_RESULT_ITEMA;
- PDsNameResultItemA = PDS_NAME_RESULT_ITEMA;
- PDS_NAME_RESULTA = ^DS_NAME_RESULTA;
- {$EXTERNALSYM PDS_NAME_RESULTA}
- DS_NAME_RESULTA = record
- cItems: DWORD; // item count
- rItems: PDS_NAME_RESULT_ITEMA; // item array
- end;
- {$EXTERNALSYM DS_NAME_RESULTA}
- TDsNameResultA = DS_NAME_RESULTA;
- PDsNameResultA = PDS_NAME_RESULTA;
- PDS_NAME_RESULT_ITEMW = ^DS_NAME_RESULT_ITEMW;
- {$EXTERNALSYM PDS_NAME_RESULT_ITEMW}
- DS_NAME_RESULT_ITEMW = record
- status: DWORD; // DS_NAME_ERROR
- pDomain: LPWSTR; // DNS domain
- pName: LPWSTR; // name in requested format
- end;
- {$EXTERNALSYM DS_NAME_RESULT_ITEMW}
- TDsNameResultItemW = DS_NAME_RESULT_ITEMW;
- PDsNameResultItemW = PDS_NAME_RESULT_ITEMW;
- PDS_NAME_RESULTW = ^DS_NAME_RESULTW;
- {$EXTERNALSYM PDS_NAME_RESULTW}
- DS_NAME_RESULTW = record
- cItems: DWORD; // item count
- rItems: PDS_NAME_RESULT_ITEMW; // item array
- end;
- {$EXTERNALSYM DS_NAME_RESULTW}
- TDsNameResultW = DS_NAME_RESULTW;
- PDsNameResultW = PDS_NAME_RESULTW;
- {$IFDEF UNICODE}
- DS_NAME_RESULT = DS_NAME_RESULTW;
- {$EXTERNALSYM DS_NAME_RESULT}
- PDS_NAME_RESULT = PDS_NAME_RESULTW;
- {$EXTERNALSYM PDS_NAME_RESULT}
- DS_NAME_RESULT_ITEM = DS_NAME_RESULT_ITEMW;
- {$EXTERNALSYM DS_NAME_RESULT_ITEM}
- PDS_NAME_RESULT_ITEM = PDS_NAME_RESULT_ITEMW;
- {$EXTERNALSYM PDS_NAME_RESULT_ITEM}
- TDsNameResult = TDsNameResultW;
- PDsNameResult = PDsNameResultW;
- TDsNameResultItem = TDsNameResultItemW;
- PDsNameResultItem = PDsNameResultItemW;
- {$ELSE}
- DS_NAME_RESULT = DS_NAME_RESULTA;
- {$EXTERNALSYM DS_NAME_RESULT}
- PDS_NAME_RESULT = PDS_NAME_RESULTA;
- {$EXTERNALSYM PDS_NAME_RESULT}
- DS_NAME_RESULT_ITEM = DS_NAME_RESULT_ITEMA;
- {$EXTERNALSYM DS_NAME_RESULT_ITEM}
- PDS_NAME_RESULT_ITEM = PDS_NAME_RESULT_ITEMA;
- {$EXTERNALSYM PDS_NAME_RESULT_ITEM}
- TDsNameResult = TDsNameResultA;
- PDsNameResult = PDsNameResultA;
- TDsNameResultItem = TDsNameResultItemA;
- PDsNameResultItem = PDsNameResultItemA;
- {$ENDIF UNICODE}
- // Public replication option flags
- // ********************
- // DsBindWithSpnEx flags
- // ********************
- // Allow the Bind to use delegate service level, so that you can
- // do ntdsapi operations that require delegation, such as
- // DsAddSidHistory, and DsReplicaSyncAll(). Most operations do
- // not require DELEGATE so this flag should only be specified
- // if you need it, because if you bind to a rogue server with
- // the DELEGATE flag, you'll allow the rogue server to use your
- // credentials to connect back to a non-rogue server and perform
- // operations other than you intended.
- const
- NTDSAPI_BIND_ALLOW_DELEGATION = $00000001;
- {$EXTERNALSYM NTDSAPI_BIND_ALLOW_DELEGATION}
- // ********************
- // Replica Sync flags
- // These flag values are used both as input to DsReplicaSync and
- // as output from DsReplicaGetInfo, PENDING_OPS, DS_REPL_OPW.ulOptions
- // ********************
- // Perform this operation asynchronously.
- // Required when using DS_REPSYNC_ALL_SOURCES
- const
- DS_REPSYNC_ASYNCHRONOUS_OPERATION = $00000001;
- {$EXTERNALSYM DS_REPSYNC_ASYNCHRONOUS_OPERATION}
- // Writeable replica. Otherwise, read-only.
- DS_REPSYNC_WRITEABLE = $00000002;
- {$EXTERNALSYM DS_REPSYNC_WRITEABLE}
- // This is a periodic sync request as scheduled by the admin.
- DS_REPSYNC_PERIODIC = $00000004;
- {$EXTERNALSYM DS_REPSYNC_PERIODIC}
- // Use inter-site messaging
- DS_REPSYNC_INTERSITE_MESSAGING = $00000008;
- {$EXTERNALSYM DS_REPSYNC_INTERSITE_MESSAGING}
- // Sync from all sources.
- DS_REPSYNC_ALL_SOURCES = $00000010;
- {$EXTERNALSYM DS_REPSYNC_ALL_SOURCES}
- // Sync starting from scratch (i.e., at the first USN).
- DS_REPSYNC_FULL = $00000020;
- {$EXTERNALSYM DS_REPSYNC_FULL}
- // This is a notification of an update that was marked urgent.
- DS_REPSYNC_URGENT = $00000040;
- {$EXTERNALSYM DS_REPSYNC_URGENT}
- // Don't discard this synchronization request, even if a similar
- // sync is pending.
- DS_REPSYNC_NO_DISCARD = $00000080;
- {$EXTERNALSYM DS_REPSYNC_NO_DISCARD}
- // Sync even if link is currently disabled.
- DS_REPSYNC_FORCE = $00000100;
- {$EXTERNALSYM DS_REPSYNC_FORCE}
- // Causes the source DSA to check if a reps-to is present for the local DSA
- // (aka the destination). If not, one is added. This ensures that
- // source sends change notifications.
- DS_REPSYNC_ADD_REFERENCE = $00000200;
- {$EXTERNALSYM DS_REPSYNC_ADD_REFERENCE}
- // A sync from this source has never completed (e.g., a new source).
- DS_REPSYNC_NEVER_COMPLETED = $00000400;
- {$EXTERNALSYM DS_REPSYNC_NEVER_COMPLETED}
- // When this sync is complete, requests a sync in the opposite direction.
- DS_REPSYNC_TWO_WAY = $00000800;
- {$EXTERNALSYM DS_REPSYNC_TWO_WAY}
- // Do not request change notifications from this source.
- DS_REPSYNC_NEVER_NOTIFY = $00001000;
- {$EXTERNALSYM DS_REPSYNC_NEVER_NOTIFY}
- // Sync the NC from this source when the DSA is started.
- DS_REPSYNC_INITIAL = $00002000;
- {$EXTERNALSYM DS_REPSYNC_INITIAL}
- // Use compression when replicating. Saves message size (e.g., network
- // bandwidth) at the expense of extra CPU overhead at both the source and
- // destination servers.
- DS_REPSYNC_USE_COMPRESSION = $00004000;
- {$EXTERNALSYM DS_REPSYNC_USE_COMPRESSION}
- // Sync was abandoned for lack of updates
- DS_REPSYNC_ABANDONED = $00008000;
- {$EXTERNALSYM DS_REPSYNC_ABANDONED}
- // Initial sync in progress
- DS_REPSYNC_INITIAL_IN_PROGRESS = $00010000;
- {$EXTERNALSYM DS_REPSYNC_INITIAL_IN_PROGRESS}
- // Partial Attribute Set sync in progress
- DS_REPSYNC_PARTIAL_ATTRIBUTE_SET = $00020000;
- {$EXTERNALSYM DS_REPSYNC_PARTIAL_ATTRIBUTE_SET}
- // Sync is being retried
- DS_REPSYNC_REQUEUE = $00040000;
- {$EXTERNALSYM DS_REPSYNC_REQUEUE}
- // Sync is a notification request from a source
- DS_REPSYNC_NOTIFICATION = $00080000;
- {$EXTERNALSYM DS_REPSYNC_NOTIFICATION}
- // Sync is a special form which requests to establish contact
- // now and do the rest of the sync later
- DS_REPSYNC_ASYNCHRONOUS_REPLICA = $00100000;
- {$EXTERNALSYM DS_REPSYNC_ASYNCHRONOUS_REPLICA}
- // Request critical objects only
- DS_REPSYNC_CRITICAL = $00200000;
- {$EXTERNALSYM DS_REPSYNC_CRITICAL}
- // A full synchronization is in progress
- DS_REPSYNC_FULL_IN_PROGRESS = $00400000;
- {$EXTERNALSYM DS_REPSYNC_FULL_IN_PROGRESS}
- // Synchronization request was previously preempted
- DS_REPSYNC_PREEMPTED = $00800000;
- {$EXTERNALSYM DS_REPSYNC_PREEMPTED}
- // ********************
- // Replica Add flags
- // ********************
- // Perform this operation asynchronously.
- DS_REPADD_ASYNCHRONOUS_OPERATION = $00000001;
- {$EXTERNALSYM DS_REPADD_ASYNCHRONOUS_OPERATION}
- // Create a writeable replica. Otherwise, read-only.
- DS_REPADD_WRITEABLE = $00000002;
- {$EXTERNALSYM DS_REPADD_WRITEABLE}
- // Sync the NC from this source when the DSA is started.
- DS_REPADD_INITIAL = $00000004;
- {$EXTERNALSYM DS_REPADD_INITIAL}
- // Sync the NC from this source periodically, as defined by the
- // schedule passed in the preptimesSync argument.
- DS_REPADD_PERIODIC = $00000008;
- {$EXTERNALSYM DS_REPADD_PERIODIC}
- // Sync from the source DSA via an Intersite Messaging Service (ISM) transport
- // (e.g., SMTP) rather than native DS RPC.
- DS_REPADD_INTERSITE_MESSAGING = $00000010;
- {$EXTERNALSYM DS_REPADD_INTERSITE_MESSAGING}
- // Don't replicate the NC now -- just save enough state such that we
- // know to replicate it later.
- DS_REPADD_ASYNCHRONOUS_REPLICA = $00000020;
- {$EXTERNALSYM DS_REPADD_ASYNCHRONOUS_REPLICA}
- // Disable notification-based synchronization for the NC from this source.
- // This is expected to be a temporary state; the similar flag
- // DS_REPADD_NEVER_NOTIFY should be used if the disable is to be more permanent.
- DS_REPADD_DISABLE_NOTIFICATION = $00000040;
- {$EXTERNALSYM DS_REPADD_DISABLE_NOTIFICATION}
- // Disable periodic synchronization for the NC from this source
- DS_REPADD_DISABLE_PERIODIC = $00000080;
- {$EXTERNALSYM DS_REPADD_DISABLE_PERIODIC}
- // Use compression when replicating. Saves message size (e.g., network
- // bandwidth) at the expense of extra CPU overhead at both the source and
- // destination servers.
- DS_REPADD_USE_COMPRESSION = $00000100;
- {$EXTERNALSYM DS_REPADD_USE_COMPRESSION}
- // Do not request change notifications from this source. When this flag is
- // set, the source will not notify the destination when changes occur.
- // Recommended for all intersite replication, which may occur over WAN links.
- // This is expected to be a more or less permanent state; the similar flag
- // DS_REPADD_DISABLE_NOTIFICATION should be used if notifications are to be
- // disabled only temporarily.
- DS_REPADD_NEVER_NOTIFY = $00000200;
- {$EXTERNALSYM DS_REPADD_NEVER_NOTIFY}
- // When this sync is complete, requests a sync in the opposite direction.
- DS_REPADD_TWO_WAY = $00000400;
- {$EXTERNALSYM DS_REPADD_TWO_WAY}
- // Request critical objects only
- // Critical only is only allowed while installing
- // A critical only sync does not bring all objects in the partition. It
- // replicates just the ones necessary for minimal directory operation.
- // A normal, non-critical sync must be performed before the partition
- // can be considered fully synchronized.
- DS_REPADD_CRITICAL = $00000800;
- {$EXTERNALSYM DS_REPADD_CRITICAL}
- // ********************
- // Replica Delete flags
- // ********************
- // Perform this operation asynchronously.
- DS_REPDEL_ASYNCHRONOUS_OPERATION = $00000001;
- {$EXTERNALSYM DS_REPDEL_ASYNCHRONOUS_OPERATION}
- // The replica being deleted is writeable.
- DS_REPDEL_WRITEABLE = $00000002;
- {$EXTERNALSYM DS_REPDEL_WRITEABLE}
- // Replica is a mail-based replica
- DS_REPDEL_INTERSITE_MESSAGING = $00000004;
- {$EXTERNALSYM DS_REPDEL_INTERSITE_MESSAGING}
- // Ignore any error generated by contacting the source to tell it to scratch
- // this server from its Reps-To for this NC.
- DS_REPDEL_IGNORE_ERRORS = $00000008;
- {$EXTERNALSYM DS_REPDEL_IGNORE_ERRORS}
- // Do not contact the source telling it to scratch this server from its
- // Rep-To for this NC. Otherwise, if the link is RPC-based, the source will
- // be contacted.
- DS_REPDEL_LOCAL_ONLY = $00000010;
- {$EXTERNALSYM DS_REPDEL_LOCAL_ONLY}
- // Delete all the objects in the NC
- // "No source" is incompatible with (and rejected for) writeable NCs. This is
- // valid only for read-only NCs, and then only if the NC has no source. This
- // can occur when the NC has been partially deleted (in which case the KCC
- // periodically calls the delete API with the "no source" flag set).
- DS_REPDEL_NO_SOURCE = $00000020;
- {$EXTERNALSYM DS_REPDEL_NO_SOURCE}
- // Allow deletion of read-only replica even if it sources
- // other read-only replicas.
- DS_REPDEL_REF_OK = $00000040;
- {$EXTERNALSYM DS_REPDEL_REF_OK}
- // ********************
- // Replica Modify flags
- // ********************
- // Perform this operation asynchronously.
- DS_REPMOD_ASYNCHRONOUS_OPERATION = $00000001;
- {$EXTERNALSYM DS_REPMOD_ASYNCHRONOUS_OPERATION}
- // The replica is writeable.
- DS_REPMOD_WRITEABLE = $00000002;
- {$EXTERNALSYM DS_REPMOD_WRITEABLE}
- // ********************
- // Replica Modify fields
- // ********************
- DS_REPMOD_UPDATE_FLAGS = $00000001;
- {$EXTERNALSYM DS_REPMOD_UPDATE_FLAGS}
- DS_REPMOD_UPDATE_ADDRESS = $00000002;
- {$EXTERNALSYM DS_REPMOD_UPDATE_ADDRESS}
- DS_REPMOD_UPDATE_SCHEDULE = $00000004;
- {$EXTERNALSYM DS_REPMOD_UPDATE_SCHEDULE}
- DS_REPMOD_UPDATE_RESULT = $00000008;
- {$EXTERNALSYM DS_REPMOD_UPDATE_RESULT}
- DS_REPMOD_UPDATE_TRANSPORT = $00000010;
- {$EXTERNALSYM DS_REPMOD_UPDATE_TRANSPORT}
- // ********************
- // Update Refs fields
- // ********************
- // Perform this operation asynchronously.
- DS_REPUPD_ASYNCHRONOUS_OPERATION = $00000001;
- {$EXTERNALSYM DS_REPUPD_ASYNCHRONOUS_OPERATION}
- // The replica being deleted is writeable.
- DS_REPUPD_WRITEABLE = $00000002;
- {$EXTERNALSYM DS_REPUPD_WRITEABLE}
- // Add a reference
- DS_REPUPD_ADD_REFERENCE = $00000004;
- {$EXTERNALSYM DS_REPUPD_ADD_REFERENCE}
- // Remove a reference
- DS_REPUPD_DELETE_REFERENCE = $00000008;
- {$EXTERNALSYM DS_REPUPD_DELETE_REFERENCE}
- // ********************
- // NC Related Flags
- // ********************
- //
- // Instance Type bits, specifies flags for NC head creation.
- //
- DS_INSTANCETYPE_IS_NC_HEAD = $00000001; // This if what to specify on an object to indicate it's an NC Head.
- {$EXTERNALSYM DS_INSTANCETYPE_IS_NC_HEAD}
- DS_INSTANCETYPE_NC_IS_WRITEABLE = $00000004; // This is to indicate that the NC Head is writeable.
- {$EXTERNALSYM DS_INSTANCETYPE_NC_IS_WRITEABLE}
- DS_INSTANCETYPE_NC_COMING = $00000010; // This is to indicate that this NC is still replicating in objects to this DC, and may not be a complete NC.
- {$EXTERNALSYM DS_INSTANCETYPE_NC_COMING}
- DS_INSTANCETYPE_NC_GOING = $00000020; // This is to indicate that this NC is in the process of being removed from this DC, and may not be a complete NC.
- {$EXTERNALSYM DS_INSTANCETYPE_NC_GOING}
- // ********************
- // xxx_OPT_xxx Flags
- // ********************
- // These macros define bit flags which can be set in the "options" attribute
- // of objects of the specified object class.
- // Bit flags valid for options attribute on NTDS-DSA objects.
- //
- NTDSDSA_OPT_IS_GC = 1 shl 0; // DSA is a global catalog
- {$EXTERNALSYM NTDSDSA_OPT_IS_GC}
- NTDSDSA_OPT_DISABLE_INBOUND_REPL = 1 shl 1; // disable inbound replication
- {$EXTERNALSYM NTDSDSA_OPT_DISABLE_INBOUND_REPL}
- NTDSDSA_OPT_DISABLE_OUTBOUND_REPL = 1 shl 2; // disable outbound replication
- {$EXTERNALSYM NTDSDSA_OPT_DISABLE_OUTBOUND_REPL}
- NTDSDSA_OPT_DISABLE_NTDSCONN_XLATE = 1 shl 3; // disable logical conn xlation
- {$EXTERNALSYM NTDSDSA_OPT_DISABLE_NTDSCONN_XLATE}
- // Bit flags for options attribute on NTDS-Connection objects.
- //
- // The reasons that two bits are required to control notification are as follows.
- // We must support existing connections with the old behavior and the UI does not
- // create manual connections with the new bit set.
- // The default for existing and manually created connections with bits 2 and 3
- // clear must be the standard prior behavior: notification for intra-site and
- // no notification for inter-site.
- // We need a way to distinguish a old connection which desires the default
- // notification rules, and a new connection for which we desire to explicitly
- // control the notification state as passed down from a site link. Thus we
- // have a new bit to say we are overriding the default, and a new bit to indicate
- // what the overridden default shall be.
- //
- NTDSCONN_OPT_IS_GENERATED = 1 shl 0; // object generated by DS, not admin
- {$EXTERNALSYM NTDSCONN_OPT_IS_GENERATED}
- NTDSCONN_OPT_TWOWAY_SYNC = 1 shl 1; // force sync in opposite direction at end of sync
- {$EXTERNALSYM NTDSCONN_OPT_TWOWAY_SYNC}
- NTDSCONN_OPT_OVERRIDE_NOTIFY_DEFAULT = 1 shl 2; // Do not use defaults to determine notification
- {$EXTERNALSYM NTDSCONN_OPT_OVERRIDE_NOTIFY_DEFAULT}
- NTDSCONN_OPT_USE_NOTIFY = 1 shl 3; // Does source notify destination
- {$EXTERNALSYM NTDSCONN_OPT_USE_NOTIFY}
- // For intra-site connections, this bit has no meaning.
- // For inter-site connections, this bit means:
- // 0 - Compression of replication data enabled
- // 1 - Compression of replication data disabled
- NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION = 1 shl 4;
- {$EXTERNALSYM NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION}
- // For connections whose IS_GENERATED bit is 0, this bit has no effect.
- // For KCC-generated connections, this bit indicates that the schedule attribute
- // is owned by the user and should not be touched by the KCC.
- NTDSCONN_OPT_USER_OWNED_SCHEDULE = 1 shl 5;
- {$EXTERNALSYM NTDSCONN_OPT_USER_OWNED_SCHEDULE}
- //
- // The high 4 bits of the options attribute are used by NTFRS to assign priority
- // for inbound connections. Bit 31 is used to force FRS to ignore schedule during
- // the initial sync. Bits 30 - 28 are used to specify a priority between 0-7.
- //
- FRSCONN_PRIORITY_MASK = $70000000;
- {$EXTERNALSYM FRSCONN_PRIORITY_MASK}
- FRSCONN_MAX_PRIORITY = $8;
- {$EXTERNALSYM FRSCONN_MAX_PRIORITY}
- DSCONN_OPT_IGNORE_SCHEDULE_MASK = DWORD($80000000);
- {$EXTERNALSYM DSCONN_OPT_IGNORE_SCHEDULE_MASK}
- function NTDSCONN_IGNORE_SCHEDULE(_options_: DWORD): DWORD;
- {$EXTERNALSYM NTDSCONN_IGNORE_SCHEDULE}
- function FRSCONN_GET_PRIORITY(_options_: DWORD): DWORD;
- {$EXTERNALSYM FRSCONN_GET_PRIORITY}
- // Bit flags for options attribute on NTDS-Site-Settings objects.
- //
- const
- NTDSSETTINGS_OPT_IS_AUTO_TOPOLOGY_DISABLED = 1 shl 0; // automatic topology gen disabled
- {$EXTERNALSYM NTDSSETTINGS_OPT_IS_AUTO_TOPOLOGY_DISABLED}
- NTDSSETTINGS_OPT_IS_TOPL_CLEANUP_DISABLED = 1 shl 1; // automatic topology cleanup disabled
- {$EXTERNALSYM NTDSSETTINGS_OPT_IS_TOPL_CLEANUP_DISABLED}
- NTDSSETTINGS_OPT_IS_TOPL_MIN_HOPS_DISABLED = 1 shl 2; // automatic minimum hops topology disabled
- {$EXTERNALSYM NTDSSETTINGS_OPT_IS_TOPL_MIN_HOPS_DISABLED}
- NTDSSETTINGS_OPT_IS_TOPL_DETECT_STALE_DISABLED = 1 shl 3; // automatic stale server detection disabled
- {$EXTERNALSYM NTDSSETTINGS_OPT_IS_TOPL_DETECT_STALE_DISABLED}
- NTDSSETTINGS_OPT_IS_INTER_SITE_AUTO_TOPOLOGY_DISABLED = 1 shl 4; // automatic inter-site topology gen disabled
- {$EXTERNALSYM NTDSSETTINGS_OPT_IS_INTER_SITE_AUTO_TOPOLOGY_DISABLED}
- NTDSSETTINGS_OPT_IS_GROUP_CACHING_ENABLED = 1 shl 5; // group memberships for users enabled
- {$EXTERNALSYM NTDSSETTINGS_OPT_IS_GROUP_CACHING_ENABLED}
- NTDSSETTINGS_OPT_FORCE_KCC_WHISTLER_BEHAVIOR = 1 shl 6; // force KCC to operate in Whistler behavior mode
- {$EXTERNALSYM NTDSSETTINGS_OPT_FORCE_KCC_WHISTLER_BEHAVIOR}
- NTDSSETTINGS_OPT_FORCE_KCC_W2K_ELECTION = 1 shl 7; // force KCC to use the Windows 2000 ISTG election algorithm
- {$EXTERNALSYM NTDSSETTINGS_OPT_FORCE_KCC_W2K_ELECTION}
- NTDSSETTINGS_OPT_IS_RAND_BH_SELECTION_DISABLED = 1 shl 8; // prevent the KCC from randomly picking a bridgehead when creating a connection
- {$EXTERNALSYM NTDSSETTINGS_OPT_IS_RAND_BH_SELECTION_DISABLED}
- NTDSSETTINGS_OPT_IS_SCHEDULE_HASHING_ENABLED = 1 shl 9; // allow the KCC to use hashing when creating a replication schedule
- {$EXTERNALSYM NTDSSETTINGS_OPT_IS_SCHEDULE_HASHING_ENABLED}
- // Bit flags for options attribute on Inter-Site-Transport objects
- //
- // Note, the sense of the flag should be such that the default state or
- // behavior corresponds to the flag NOT being present. Put another way, the
- // flag should state the OPPOSITE of the default
- //
- // default: schedules are significant
- NTDSTRANSPORT_OPT_IGNORE_SCHEDULES = 1 shl 0; // Schedules disabled
- {$EXTERNALSYM NTDSTRANSPORT_OPT_IGNORE_SCHEDULES}
- // default: links transitive (bridges not required)
- NTDSTRANSPORT_OPT_BRIDGES_REQUIRED = 1 shl 1; // siteLink bridges are required
- {$EXTERNALSYM NTDSTRANSPORT_OPT_BRIDGES_REQUIRED}
- // Bit flags for options attribute on site-Connection objects
- //
- // These are not realized in the DS, but are built up in the KCC
- NTDSSITECONN_OPT_USE_NOTIFY = 1 shl 0; // Use notification on this link
- {$EXTERNALSYM NTDSSITECONN_OPT_USE_NOTIFY}
- NTDSSITECONN_OPT_TWOWAY_SYNC = 1 shl 1; // force sync in opposite direction at end of sync
- {$EXTERNALSYM NTDSSITECONN_OPT_TWOWAY_SYNC}
- // This bit means:
- // 0 - Compression of replication data across this site connection enabled
- // 1 - Compression of replication data across this site connection disabled
- NTDSSITECONN_OPT_DISABLE_COMPRESSION = 1 shl 2;
- {$EXTERNALSYM NTDSSITECONN_OPT_DISABLE_COMPRESSION}
- // Bit flags for options attribute on site-Link objects
- // Note that these options are AND-ed along a site-link path
- //
- NTDSSITELINK_OPT_USE_NOTIFY = 1 shl 0; // Use notification on this link
- {$EXTERNALSYM NTDSSITELINK_OPT_USE_NOTIFY}
- NTDSSITELINK_OPT_TWOWAY_SYNC = 1 shl 1; // force sync in opposite direction at end of sync
- {$EXTERNALSYM NTDSSITELINK_OPT_TWOWAY_SYNC}
- // This bit means:
- // 0 - Compression of replication data across this site link enabled
- // 1 - Compression of replication data across this site link disabled
- NTDSSITELINK_OPT_DISABLE_COMPRESSION = 1 shl 2;
- {$EXTERNALSYM NTDSSITELINK_OPT_DISABLE_COMPRESSION}
- // ***********************
- // Well Known Object Guids
- // ***********************
- GUID_USERS_CONTAINER_A = 'a9d1ca15768811d1aded00c04fd8d5cd';
- {$EXTERNALSYM GUID_USERS_CONTAINER_A}
- GUID_COMPUTRS_CONTAINER_A = 'aa312825768811d1aded00c04fd8d5cd';
- {$EXTERNALSYM GUID_COMPUTRS_CONTAINER_A}
- GUID_SYSTEMS_CONTAINER_A = 'ab1d30f3768811d1aded00c04fd8d5cd';
- {$EXTERNALSYM GUID_SYSTEMS_CONTAINER_A}
- GUID_DOMAIN_CONTROLLERS_CONTAINER_A = 'a361b2ffffd211d1aa4b00c04fd7d83a';
- {$EXTERNALSYM GUID_DOMAIN_CONTROLLERS_CONTAINER_A}
- GUID_INFRASTRUCTURE_CONTAINER_A = '2fbac1870ade11d297c400c04fd8d5cd';
- {$EXTERNALSYM GUID_INFRASTRUCTURE_CONTAINER_A}
- GUID_DELETED_OBJECTS_CONTAINER_A = '18e2ea80684f11d2b9aa00c04f79f805';
- {$EXTERNALSYM GUID_DELETED_OBJECTS_CONTAINER_A}
- GUID_LOSTANDFOUND_CONTAINER_A = 'ab8153b7768811d1aded00c04fd8d5cd';
- {$EXTERNALSYM GUID_LOSTANDFOUND_CONTAINER_A}
- GUID_FOREIGNSECURITYPRINCIPALS_CONTAINER_A = '22b70c67d56e4efb91e9300fca3dc1aa';
- {$EXTERNALSYM GUID_FOREIGNSECURITYPRINCIPALS_CONTAINER_A}
- GUID_PROGRAM_DATA_CONTAINER_A = '09460c08ae1e4a4ea0f64aee7daa1e5a';
- {$EXTERNALSYM GUID_PROGRAM_DATA_CONTAINER_A}
- GUID_MICROSOFT_PROGRAM_DATA_CONTAINER_A = 'f4be92a4c777485e878e9421d53087db';
- {$EXTERNALSYM GUID_MICROSOFT_PROGRAM_DATA_CONTAINER_A}
- GUID_USERS_CONTAINER_W = WideString('a9d1ca15768811d1aded00c04fd8d5cd');
- {$EXTERNALSYM GUID_USERS_CONTAINER_W}
- GUID_COMPUTRS_CONTAINER_W = WideString('aa312825768811d1aded00c04fd8d5cd');
- {$EXTERNALSYM GUID_COMPUTRS_CONTAINER_W}
- GUID_SYSTEMS_CONTAINER_W = WideString('ab1d30f3768811d1aded00c04fd8d5cd');
- {$EXTERNALSYM GUID_SYSTEMS_CONTAINER_W}
- GUID_DOMAIN_CONTROLLERS_CONTAINER_W = WideString('a361b2ffffd211d1aa4b00c04fd7d83a');
- {$EXTERNALSYM GUID_DOMAIN_CONTROLLERS_CONTAINER_W}
- GUID_INFRASTRUCTURE_CONTAINER_W = WideString('2fbac1870ade11d297c400c04fd8d5cd');
- {$EXTERNALSYM GUID_INFRASTRUCTURE_CONTAINER_W}
- GUID_DELETED_OBJECTS_CONTAINER_W = WideString('18e2ea80684f11d2b9aa00c04f79f805');
- {$EXTERNALSYM GUID_DELETED_OBJECTS_CONTAINER_W}
- GUID_LOSTANDFOUND_CONTAINER_W = WideString('ab8153b7768811d1aded00c04fd8d5cd');
- {$EXTERNALSYM GUID_LOSTANDFOUND_CONTAINER_W}
- GUID_FOREIGNSECURITYPRINCIPALS_CONTAINER_W = WideString('22b70c67d56e4efb91e9300fca3dc1aa');
- {$EXTERNALSYM GUID_FOREIGNSECURITYPRINCIPALS_CONTAINER_W}
- GUID_PROGRAM_DATA_CONTAINER_W = WideString('09460c08ae1e4a4ea0f64aee7daa1e5a');
- {$EXTERNALSYM GUID_PROGRAM_DATA_CONTAINER_W}
- GUID_MICROSOFT_PROGRAM_DATA_CONTAINER_W = WideString('f4be92a4c777485e878e9421d53087db');
- {$EXTERNALSYM GUID_MICROSOFT_PROGRAM_DATA_CONTAINER_W}
- GUID_USERS_CONTAINER_BYTE = '\xa9\xd1\xca\x15\x76\x88\x11\xd1\xad\xed\x00\xc0\x4f\xd8\xd5\xcd';
- {$EXTERNALSYM GUID_USERS_CONTAINER_BYTE}
- GUID_COMPUTRS_CONTAINER_BYTE = '\xaa\x31\x28\x25\x76\x88\x11\xd1\xad\xed\x00\xc0\x4f\xd8\xd5\xcd';
- {$EXTERNALSYM GUID_COMPUTRS_CONTAINER_BYTE}
- GUID_SYSTEMS_CONTAINER_BYTE = '\xab\x1d\x30\xf3\x76\x88\x11\xd1\xad\xed\x00\xc0\x4f\xd8\xd5\xcd';
- {$EXTERNALSYM GUID_SYSTEMS_CONTAINER_BYTE}
- GUID_DOMAIN_CONTROLLERS_CONTAINER_BYTE = '\xa3\x61\xb2\xff\xff\xd2\x11\xd1\xaa\x4b\x00\xc0\x4f\xd7\xd8\x3a';
- {$EXTERNALSYM GUID_DOMAIN_CONTROLLERS_CONTAINER_BYTE}
- GUID_INFRASTRUCTURE_CONTAINER_BYTE = '\x2f\xba\xc1\x87\x0a\xde\x11\xd2\x97\xc4\x00\xc0\x4f\xd8\xd5\xcd';
- {$EXTERNALSYM GUID_INFRASTRUCTURE_CONTAINER_BYTE}
- GUID_DELETED_OBJECTS_CONTAINER_BYTE = '\x18\xe2\xea\x80\x68\x4f\x11\xd2\xb9\xaa\x00\xc0\x4f\x79\xf8\x05';
- {$EXTERNALSYM GUID_DELETED_OBJECTS_CONTAINER_BYTE}
- GUID_LOSTANDFOUND_CONTAINER_BYTE = '\xab\x81\x53\xb7\x76\x88\x11\xd1\xad\xed\x00\xc0\x4f\xd8\xd5\xcd';
- {$EXTERNALSYM GUID_LOSTANDFOUND_CONTAINER_BYTE}
- GUID_FOREIGNSECURITYPRINCIPALS_CONTAINER_BYTE = '\x22\xb7\x0c\x67\xd5\x6e\x4e\xfb\x91\xe9\x30\x0f\xca\x3d\xc1\xaa';
- {$EXTERNALSYM GUID_FOREIGNSECURITYPRINCIPALS_CONTAINER_BYTE}
- GUID_PROGRAM_DATA_CONTAINER_BYTE = '\x09\x46\x0c\x08\xae\x1e\x4a\x4e\xa0\xf6\x4a\xee\x7d\xaa\x1e\x5a';
- {$EXTERNALSYM GUID_PROGRAM_DATA_CONTAINER_BYTE}
- GUID_MICROSOFT_PROGRAM_DATA_CONTAINER_BYTE = '\xf4\xbe\x92\xa4\xc7\x77\x48\x5e\x87\x8e\x94\x21\xd5\x30\x87\xdb';
- {$EXTERNALSYM GUID_MICROSOFT_PROGRAM_DATA_CONTAINER_BYTE}
- type
- _DS_MANGLE_FOR = (
- DS_MANGLE_UNKNOWN,
- DS_MANGLE_OBJECT_RDN_FOR_DELETION,
- DS_MANGLE_OBJECT_RDN_FOR_NAME_CONFLICT);
- {$EXTERNALSYM _DS_MANGLE_FOR}
- DS_MANGLE_FOR = _DS_MANGLE_FOR;
- {$EXTERNALSYM DS_MANGLE_FOR}
- TDsMangleFor = DS_MANGLE_FOR;
- PDsMangleFor = ^DS_MANGLE_FOR;
- //////////////////////////////////////////////////////////////////////////
- // //
- // Prototypes //
- // //
- //////////////////////////////////////////////////////////////////////////
- // DSBind takes two optional input parameters which identify whether the
- // caller found a domain controller themselves via DsGetDcName or whether
- // a domain controller should be found using default parameters.
- // Behavior of the possible combinations are outlined below.
- //
- // DomainControllerName(value), DnsDomainName(NULL)
- //
- // The value for DomainControllerName is assumed to have been
- // obtained via DsGetDcName (i.e. Field with the same name in a
- // DOMAIN_CONTROLLER_INFO struct on return from DsGetDcName call.)
- // The client is bound to the domain controller at this name.
- //
- // Mutual authentication will be performed using an SPN of
- // LDAP/DomainControllerName provided DomainControllerName
- // is not a NETBIOS name or IP address - i.e. it must be a
- // DNS host name.
- //
- // DomainControllerName(value), DnsDomainName(value)
- //
- // DsBind will connect to the server identified by DomainControllerName.
- //
- // Mutual authentication will be performed using an SPN of
- // LDAP/DomainControllerName/DnsDomainName provided neither value
- // is a NETBIOS names or IP address - i.e. they must be
- // valid DNS names.
- //
- // DomainControllerName(NULL), DnsDomainName(NULL)
- //
- // DsBind will attempt to find to a global catalog and fail if one
- // can not be found.
- //
- // Mutual authentication will be performed using an SPN of
- // GC/DnsHostName/ForestName where DnsHostName and ForestName
- // represent the DomainControllerName and DnsForestName fields
- // respectively of the DOMAIN_CONTROLLER_INFO returned by the
- // DsGetDcName call used to find a global catalog.
- //
- // DomainControllerName(NULL), DnsDomainName(value)
- //
- // DsBind will attempt to find a domain controller for the domain
- // identified by DnsDomainName and fail if one can not be found.
- //
- // Mutual authentication will be performed using an SPN of
- // LDAP/DnsHostName/DnsDomainName where DnsDomainName is that
- // provided by the caller and DnsHostName is that returned by
- // DsGetDcName for the domain specified - provided DnsDomainName
- // is a valid DNS domain name - i.e. not a NETBIOS domain name.
- function DsBindA(DomainControllerName: LPCSTR; DnsDomainName: LPCSTR;
- var phDS: HANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsBindA}
- function DsBindW(DomainControllerName: LPCWSTR; DnsDomainName: LPCWSTR;
- var phDS: HANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsBindW}
- function DsBind(DomainControllerName: LPCTSTR; DnsDomainName: LPCTSTR;
- var phDS: HANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsBind}
- function DsBindWithCredA(DomainControllerName: LPCSTR; DnsDomainName: LPCSTR;
- AuthIdentity: RPC_AUTH_IDENTITY_HANDLE; var phDS: HANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsBindWithCredA}
- function DsBindWithCredW(DomainControllerName: LPCWSTR; DnsDomainName: LPCWSTR;
- AuthIdentity: RPC_AUTH_IDENTITY_HANDLE; var phDS: HANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsBindWithCredW}
- function DsBindWithCred(DomainControllerName: LPCTSTR; DnsDomainName: LPCTSTR;
- AuthIdentity: RPC_AUTH_IDENTITY_HANDLE; var phDS: HANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsBindWithCred}
- //
- // DsBindWithSpn{A|W} allows the caller to specify the service principal
- // name (SPN) which will be used for mutual authentication against
- // the destination server. Do not provide an SPN if you are expecting
- // DsBind to find a server for you as SPNs are machine specific and its
- // unlikely the SPN you provide matches the server DsBind finds for you.
- // Providing a NULL ServicePrincipalName argument results in behavior
- // identical to DsBindWithCred{A|W}.
- //
- function DsBindWithSpnA(DomainControllerName: LPCSTR; DnsDomainName: LPCSTR;
- AuthIdentity: RPC_AUTH_IDENTITY_HANDLE; ServicePrincipalName: LPCSTR;
- var phDS: HANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsBindWithSpnA}
- function DsBindWithSpnW(DomainControllerName: LPCWSTR; DnsDomainName: LPCWSTR;
- AuthIdentity: RPC_AUTH_IDENTITY_HANDLE; ServicePrincipalName: LPCWSTR;
- var phDS: HANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsBindWithSpnW}
- function DsBindWithSpn(DomainControllerName: LPCTSTR; DnsDomainName: LPCTSTR;
- AuthIdentity: RPC_AUTH_IDENTITY_HANDLE; ServicePrincipalName: LPCTSTR;
- var phDS: HANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsBindWithSpn}
- //
- // DsBindWithSpnEx{A|W} allows you all the options of the previous
- // DsBindWithSpn(), plus the added benefit of specifying some optional
- // Binding flags. Currently if you pass NTDSAPI_BIND_ALLOW_DELEGATION,
- // you will get the exact old behaviour. If you can avoid it, you
- // should not specify this flag, see flag above for details.
- //
- function DsBindWithSpnExW(DomainControllerName, DnsDomainName: LPCWSTR; AuthIdentity: RPC_AUTH_IDENTITY_HANDLE;
- ServicePrincipalName: LPCWSTR; BindFlags: DWORD; phDS: LPHANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsBindWithSpnExW}
- function DsBindWithSpnExA(DomainControllerName, DnsDomainName: LPCSTR; AuthIdentity: RPC_AUTH_IDENTITY_HANDLE;
- ServicePrincipalName: LPCSTR; BindFlags: DWORD; phDS: LPHANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsBindWithSpnExA}
- function DsBindWithSpnEx(DomainControllerName, DnsDomainName: LPCTSTR; AuthIdentity: RPC_AUTH_IDENTITY_HANDLE;
- ServicePrincipalName: LPCTSTR; BindFlags: DWORD; phDS: LPHANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsBindWithSpnEx}
- //
- // DsBindToISTG{A|W} allows the caller to bind to the server which
- // holds the Inter-Site Topology Generator role in the specified site.
- // The site name should be the RDN of a site. If no site is specified,
- // the function will try to bind to the ISTG in a nearby site.
- //
- function DsBindToISTGW(SiteName: LPCWSTR; phDS: LPHANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsBindToISTGW}
- function DsBindToISTGA(SiteName: LPCSTR; phDS: LPHANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsBindToISTGA}
- function DsBindToISTG(SiteName: LPCTSTR; phDS: LPHANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsBindToISTG}
- //
- // DsBindingSetTimeout allows the caller to specify a timeout value
- // which will be honored by all RPC calls using the specified binding
- // handle. RPC calls which take longer the timeout value are canceled.
- //
- function DsBindingSetTimeout(hDS: HANDLE; cTimeoutSecs: ULONG): DWORD; stdcall;
- {$EXTERNALSYM DsBindingSetTimeout}
- //
- // DsUnBind
- //
- function DsUnBindA(var phDS: HANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsUnBindA}
- function DsUnBindW(var phDS: HANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsUnBindW}
- function DsUnBind(var phDS: HANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsUnBind}
- //
- // DsMakePasswordCredentials
- //
- // This function constructs a credential structure which is suitable for input
- // to the DsBindWithCredentials function, or the ldap_open function(winldap.h)
- // The credential must be freed using DsFreeCredential.
- //
- // None of the input parameters may be present indicating a null, default
- // credential. Otherwise the username must be present. If the domain or
- // password are null, they default to empty strings. The domain name may be
- // null when the username is fully qualified, for example UPN format.
- //
- function DsMakePasswordCredentialsA(User: LPCSTR; Domain: LPCSTR;
- Password: LPCSTR; var pAuthIdentity: RPC_AUTH_IDENTITY_HANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsMakePasswordCredentialsA}
- function DsMakePasswordCredentialsW(User: LPCWSTR; Domain: LPCWSTR;
- Password: LPCWSTR; var pAuthIdentity: RPC_AUTH_IDENTITY_HANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsMakePasswordCredentialsW}
- function DsMakePasswordCredentials(User: LPCTSTR; Domain: LPCTSTR;
- Password: LPCTSTR; var pAuthIdentity: RPC_AUTH_IDENTITY_HANDLE): DWORD; stdcall;
- {$EXTERNALSYM DsMakePasswordCredentials}
- procedure DsFreePasswordCredentialsA(AuthIdentity: RPC_AUTH_IDENTITY_HANDLE); stdcall;
- {$EXTERNALSYM DsFreePasswordCredentialsA}
- procedure DsFreePasswordCredentialsW(AuthIdentity: RPC_AUTH_IDENTITY_HANDLE); stdcall;
- {$EXTERNALSYM DsFreePasswordCredentialsW}
- procedure DsFreePasswordCredentials(AuthIdentity: RPC_AUTH_IDENTITY_HANDLE); stdcall;
- {$EXTERNALSYM DsFreePasswordCredentials}
- //
- // DsCrackNames
- //
- function DsCrackNamesA(hDS: HANDLE; flags: DS_NAME_FLAGS;
- formatOffered: DS_NAME_FORMAT; formatDesired: DS_NAME_FORMAT; cNames: DWORD;
- rpNames: LPCSTR; var ppResult: PDS_NAME_RESULTA): DWORD; stdcall;
- {$EXTERNALSYM DsCrackNamesA}
- function DsCrackNamesW(hDS: HANDLE; flags: DS_NAME_FLAGS;
- formatOffered: DS_NAME_FORMAT; formatDesired: DS_NAME_FORMAT; cNames: DWORD;
- rpNames: LPCWSTR; var ppResult: PDS_NAME_RESULTW): DWORD; stdcall;
- {$EXTERNALSYM DsCrackNamesW}
- function DsCrackNames(hDS: HANDLE; flags: DS_NAME_FLAGS;
- formatOffered: DS_NAME_FORMAT; formatDesired: DS_NAME_FORMAT; cNames: DWORD;
- rpNames: LPCTSTR; var ppResult: PDS_NAME_RESULT): DWORD; stdcall;
- {$EXTERNALSYM DsCrackNames}
- //
- // DsFreeNameResult
- //
- procedure DsFreeNameResultA(pResult: PDS_NAME_RESULTA); stdcall;
- {$EXTERNALSYM DsFreeNameResultA}
- procedure DsFreeNameResultW(pResult: PDS_NAME_RESULTW); stdcall;
- {$EXTERNALSYM DsFreeNameResultW}
- procedure DsFreeNameResult(pResult: PDS_NAME_RESULT); stdcall;
- {$EXTERNALSYM DsFreeNameResult}
- // ==========================================================
- // DSMakeSpn -- client call to create SPN for a service to which it wants to
- // authenticate.
- // This name is then passed to "pszTargetName" of InitializeSecurityContext().
- //
- // Notes:
- // If the service name is a DNS host name, or canonical DNS service name
- // e.g. "www.ms.com", i.e., caller resolved with gethostbyname, then instance
- // name should be NULL.
- // Realm is host name minus first component, unless it is in the exception list
- //
- // If the service name is NetBIOS machine name, then instance name should be
- // NULL
- // Form must be <domain>\<machine>
- // Realm will be <domain>
- //
- // If the service name is that of a replicated service, where each replica has
- // its own account (e.g., with SRV records) then the caller must supply the
- // instance name then realm name is same as ServiceName
- //
- // If the service name is a DN, then must also supply instance name
- // (DN could be name of service object (incl RPC or Winsock), name of machine
- // account, name of domain object)
- // then realm name is domain part of the DN
- //
- // If the service name is NetBIOS domain name, then must also supply instance
- // name; realm name is domain name
- //
- // If the service is named by an IP address -- then use referring service name
- // as service name
- //
- // ServiceClass - e.g. "http", "ftp", "ldap", GUID
- // ServiceName - DNS or DN; assumes we can compute domain from service name
- // InstanceName OPTIONAL- DNS name of host for instance of service
- // InstancePort - port number for instance (0 if default)
- // Referrer OPTIONAL- DNS name of host that gave this referral
- // pcSpnLength - in -- max length IN CHARACTERS of principal name;
- // out -- actual
- // Length includes terminator
- // pszSPN - server principal name
- //
- // If buffer is not large enough, ERROR_BUFFER_OVERFLOW is returned and the
- // needed length is returned in pcSpnLength.
- //
- //
- function DsMakeSpnA(ServiceClass: LPCSTR; ServiceName: LPCSTR;
- InstanceName: LPCSTR; InstancePort: USHORT; Referrer: LPCSTR;
- var pcSpnLength: DWORD; pszSpn: LPSTR): DWORD; stdcall;
- {$EXTERNALSYM DsMakeSpnA}
- function DsMakeSpnW(ServiceClass: LPCWSTR; ServiceName: LPCWSTR;
- InstanceName: LPCWSTR; InstancePort: USHORT; Referrer: LPCWSTR;
- var pcSpnLength: DWORD; pszSpn: LPWSTR): DWORD; stdcall;
- {$EXTERNALSYM DsMakeSpnW}
- function DsMakeSpn(ServiceClass: LPCTSTR; ServiceName: LPCTSTR;
- InstanceName: LPCTSTR; InstancePort: USHORT; Referrer: LPCTSTR;
- var pcSpnLength: DWORD; pszSpn: LPTSTR): DWORD; stdcall;
- {$EXTERNALSYM DsMakeSpn}
- // ==========================================================
- // DsGetSPN -- server's call to gets SPNs for a service name by which it is
- // known to clients. N.B.: there may be more than one name by which clients
- // …
Large files files are truncated, but you can click here to view the full file