LookupAccountName fails with error 1332
Matt
LookupAccountName fails with error '1332' whenever I use "Server
Operators" as the lpAccountName argument. This call fails on both Windows
2000 Server SP2 and SP3 systems. The same code handles "Administrators" and
"System" for example with no problem.
Thanks,
Matt
Joe Richards [MVP]
is. This name could only be resolved on a domain controller.
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Matt
Thanks for your response. That was my initial thought as well. However,
the documentation for LookupAccountName states the following regarding the
lpSystemName parameter (which is NULL in my case):
If this string is NULL, the account name translation begins on the local
system. If the name cannot be resolved on the local system, this function
will try to resolve the name using domain controllers trusted by the local
system.
The way this reads to me is that if the local security authority cannot
resolve it, it will try the domain controller.
Matt
Joe Kaplan (MVP - ADSI)
I'm not sure why Administrators would work without that, but who knows...
Joe K.
"Matt" <anon...@nospam.nospam> wrote in message
news:79BFB6C1-2B76-40BB...@microsoft.com...
Rhett Gong [MSFT]
If you call LookupAccountName as following in a non-dc machine.
LookupAccountName(NULL,"system", pSid, &cbSid, buffer, &cBuf, &snu);
or
LookupAccountName(NULL,"Administrators", pSid, &cbSid, buffer, &cBuf, &snu);
You will get the ReferencedDomainName as "NT Authority" rather than your domain name. Since the "Server Operators" is a
"domain local" group, as Joe Richards pointed out, you have to call LookupAccountName on the DC to get it correctly
resolved.
Thanks,
Rhett Gong [MSFT]
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.asp&SD=msdn
This posting is provided "AS IS" with no warranties and confers no rights.
Matt
Thanks for your help and replies.
Matt