using System; using System.Linq; using System.Runtime.InteropServices; using Vanara.Extensions; using Vanara.InteropServices; using FILETIME = System.Runtime.InteropServices.ComTypes.FILETIME; namespace Vanara.PInvoke { ///

Functions, enumerations and structures found in ADVAPI32.DLL.

public static partial class AdvApi32 { ///

Flags that describe the password properties.

[PInvokeData("ntsecapi.h", MSDNShortId = "7dceaf70-d8de-47c0-b940-f0d6a0cca101")] [Flags] public enum DOMAIN_PASSWORD : uint { ///

/// The password must have a mix of at least two of the following types of characters: /// /// Uppercase characters /// Lowercase characters /// Numerals /// ///

DOMAIN_PASSWORD_COMPLEX = 0x00000001, ///

/// The password cannot be changed without logging on. Otherwise, if your password has expired, you can change your password and /// then log on. ///

DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002, ///

Forces the client to use a protocol that does not allow the domain controller to get the plaintext password.

DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004, ///

Allows the built-in administrator account to be locked out from network logons.

DOMAIN_LOCKOUT_ADMINS = 0x00000008, ///

The directory service is storing a plaintext password for all users instead of a hash function of the password.

DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010, ///

/// Removes the requirement that the machine account password be automatically changed every week. /// This value should not be used as it can weaken security. ///

DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020, ///

DOMAIN_NO_LM_OWF_CHANGE = 0x00000040 } ///

Auditing options for an audit event type.

[PInvokeData("ntsecapi.h")] [Flags] public enum POLICY_AUDIT_EVENT_OPTIONS : uint { ///

/// Do not change auditing options for the specified event type. /// This value is valid for the AuditSetSystemPolicy and AuditQuerySystemPolicy functions. ///

POLICY_AUDIT_EVENT_UNCHANGED = 0x00000000, ///

/// Audit successful occurrences of the specified event type. /// This value is valid for the AuditSetSystemPolicy and AuditQuerySystemPolicy functions. ///

POLICY_AUDIT_EVENT_SUCCESS = 0x00000001, ///

/// Audit failed attempts to cause the specified event type. /// This value is valid for the AuditSetSystemPolicy and AuditQuerySystemPolicy functions. ///

POLICY_AUDIT_EVENT_FAILURE = 0x00000002, ///

/// Do not audit the specified event type. /// This value is valid for the AuditSetSystemPolicy and AuditQuerySystemPolicy functions. ///

POLICY_AUDIT_EVENT_NONE = 0x00000004, } ///

The POLICY_DOMAIN_INFORMATION_CLASS enumeration defines the type of policy domain information.

// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ne-ntsecapi-_policy_domain_information_class typedef enum // _POLICY_DOMAIN_INFORMATION_CLASS { PolicyDomainQualityOfServiceInformation, PolicyDomainEfsInformation, // PolicyDomainKerberosTicketInformation } POLICY_DOMAIN_INFORMATION_CLASS, *PPOLICY_DOMAIN_INFORMATION_CLASS; [PInvokeData("ntsecapi.h", MSDNShortId = "b208c479-a262-4120-824f-677ead1ef61a")] public enum POLICY_DOMAIN_INFORMATION_CLASS { ///

[CorrespondingType(typeof(POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO), CorrespondingAction.Set)] PolicyDomainQualityOfServiceInformation = 1, ///

The information is for Encrypting File System.

[CorrespondingType(typeof(POLICY_DOMAIN_EFS_INFO))] PolicyDomainEfsInformation, ///

The information is for a Kerberos ticket.

[CorrespondingType(typeof(POLICY_DOMAIN_KERBEROS_TICKET_INFO))] PolicyDomainKerberosTicketInformation, } ///

/// The POLICY_INFORMATION_CLASS enumeration defines values that indicate the type of information to set or query in a Policy object. ///

// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ne-ntsecapi-_policy_information_class typedef enum // _POLICY_INFORMATION_CLASS { PolicyAuditLogInformation, PolicyAuditEventsInformation, PolicyPrimaryDomainInformation, // PolicyPdAccountInformation, PolicyAccountDomainInformation, PolicyLsaServerRoleInformation, PolicyReplicaSourceInformation, // PolicyDefaultQuotaInformation, PolicyModificationInformation, PolicyAuditFullSetInformation, PolicyAuditFullQueryInformation, // PolicyDnsDomainInformation, PolicyDnsDomainInformationInt, PolicyLocalAccountDomainInformation, PolicyMachineAccountInformation, // PolicyLastEntry } POLICY_INFORMATION_CLASS, *PPOLICY_INFORMATION_CLASS; [PInvokeData("ntsecapi.h", MSDNShortId = "b734b5e8-1ee9-436b-b2a9-210ae79fbaf5")] public enum POLICY_INFORMATION_CLASS { ///

This value is obsolete.

[Obsolete] PolicyAuditLogInformation = 1, ///

/// Query or set the auditing rules of the system. You can enable or disable auditing and specify the types of events that are /// audited. Use the POLICY_AUDIT_EVENTS_INFO structure. ///

[CorrespondingType(typeof(POLICY_AUDIT_EVENTS_INFO))] PolicyAuditEventsInformation, ///

This value is obsolete. Use the PolicyDnsDomainInformation value instead.

[Obsolete] PolicyPrimaryDomainInformation, ///

This value is obsolete.

[Obsolete] PolicyPdAccountInformation, ///

Query or set the name and SID of the account domain of the system. Use the POLICY_ACCOUNT_DOMAIN_INFO structure.

[CorrespondingType(typeof(POLICY_ACCOUNT_DOMAIN_INFO))] PolicyAccountDomainInformation, ///

Query or set the role of an LSA server. Use the POLICY_LSA_SERVER_ROLE_INFO structure.

[CorrespondingType(typeof(POLICY_LSA_SERVER_ROLE_INFO))] PolicyLsaServerRoleInformation, ///

This value is obsolete.

[Obsolete] PolicyReplicaSourceInformation, ///

This value is obsolete.

[Obsolete] PolicyDefaultQuotaInformation, ///

/// Query or set information about the creation time and last modification of the LSA database. Use the POLICY_MODIFICATION_INFO structure. ///

[CorrespondingType(typeof(POLICY_MODIFICATION_INFO))] PolicyModificationInformation, ///

This value is obsolete.

[Obsolete] PolicyAuditFullSetInformation, ///

This value is obsolete.

[Obsolete] PolicyAuditFullQueryInformation, ///

/// Query or set Domain Name System (DNS) information about the account domain associated with a Policy object. Use the /// POLICY_DNS_DOMAIN_INFO structure. ///

[CorrespondingType(typeof(POLICY_DNS_DOMAIN_INFO))] PolicyDnsDomainInformation, ///

PolicyDnsDomainInformationInt, ///

PolicyLocalAccountDomainInformation, ///

PolicyMachineAccountInformation, } ///

/// The POLICY_LSA_SERVER_ROLE enumeration type defines values that indicate the role of an LSA server. The /// LsaQueryInformationPolicy and LsaSetInformationPolicy functions use this enumeration type when their InformationClass parameters /// are set to PolicyLsaServerRoleInformation. ///

// https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ne-ntsecapi-policy_lsa_server_role typedef enum // _POLICY_LSA_SERVER_ROLE { PolicyServerRoleBackup, PolicyServerRolePrimary } POLICY_LSA_SERVER_ROLE, *PPOLICY_LSA_SERVER_ROLE; [PInvokeData("ntsecapi.h", MSDNShortId = "a2bcc380-8873-436b-a0d6-e4deb23669bb")] public enum POLICY_LSA_SERVER_ROLE { ///

Indicates a backup LSA server.

PolicyServerRoleBackup = 2, ///

Indicates a primary LSA server, a workstation, or a standalone computer.

PolicyServerRolePrimary, } ///

[Undocumented] Used by POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO.

[PInvokeData("ntsecapi.h")] public enum POLICY_QOS : uint { ///

POLICY_QOS_SCHANNEL_REQUIRED = 0x00000001, ///

POLICY_QOS_OUTBOUND_INTEGRITY = 0x00000002, ///

POLICY_QOS_OUTBOUND_CONFIDENTIALITY = 0x00000004, ///

POLICY_QOS_INBOUND_INTEGRITY = 0x00000008, ///

POLICY_QOS_INBOUND_CONFIDENTIALITY = 0x00000010, ///

POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE = 0x00000020, ///

POLICY_QOS_RAS_SERVER_ALLOWED = 0x00000040, ///

POLICY_QOS_DHCP_SERVER_ALLOWED = 0x00000080, } ///

/// The POLICY_SERVER_ENABLE_STATE enumeration represents the state of the LSA server—that is, whether it is enabled or /// disabled. Some operations may only be performed on an enabled LSA server. ///

// https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ne-ntsecapi-policy_server_enable_state typedef enum // _POLICY_SERVER_ENABLE_STATE { PolicyServerEnabled, PolicyServerDisabled } POLICY_SERVER_ENABLE_STATE, *PPOLICY_SERVER_ENABLE_STATE; [PInvokeData("ntsecapi.h", MSDNShortId = "aae5875e-ca55-4571-a9a4-684280ae8aa0")] public enum POLICY_SERVER_ENABLE_STATE { ///

The LSA server is enabled.

PolicyServerEnabled = 2, ///

The LSA server is disabled.

PolicyServerDisabled, } ///

/// Specifies one of the following values to indicate the type of authentication information in the AuthInfo buffer. ///

public enum TRUST_AUTH_TYPE { ///

The format is unknown and will be ignored.

TRUST_AUTH_TYPE_NONE = 0, ///

/// The Windows NT 4.0 one-way format (OWF) of a plaintext password. Note that you cannot derive the clear password back from the /// OWF form of the password. The system sets this information. ///

TRUST_AUTH_TYPE_NT4OWF = 1, ///

Plaintext password to use for the trust.

TRUST_AUTH_TYPE_CLEAR = 2, ///

Plaintext password version number.

TRUST_AUTH_TYPE_VERSION = 3, } ///

Indicates the attributes of a trust relationship.

[PInvokeData("ntsecapi.h", MSDNShortId = "acf9a2b5-f301-4e6a-a515-df338658ad56")] [Flags] public enum TrustAttributes : uint { ///

Disallow transitivity.

TRUST_ATTRIBUTE_NON_TRANSITIVE = 0x00000001, ///

The trust link is not valid for client operating systems earlier than Windows 2000.

TRUST_ATTRIBUTE_UPLEVEL_ONLY = 0x00000002, ///

Undocumented.

TRUST_ATTRIBUTE_TREE_PARENT = 0x00400000, ///

Undocumented.

TRUST_ATTRIBUTE_TREE_ROOT = 0x00800000, ///

Quarantine domains.

TRUST_ATTRIBUTE_FILTER_SIDS = 0x00000004, ///

The trust link may contain forest trust information.

TRUST_ATTRIBUTE_FOREST_TRANSITIVE = 0x00000008, ///

This trust is to a domain/forest that is not part of this enterprise.

TRUST_ATTRIBUTE_CROSS_ORGANIZATION = 0x00000010, ///

Trust is internal to this forest.

TRUST_ATTRIBUTE_WITHIN_FOREST = 0x00000020, ///

Trust is treated as external for trust boundary purposes.

TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL = 0x00000040, ///

Undocumented.

TRUST_ATTRIBUTE_TRUST_USES_RC4_ENCRYPTION = 0x00000080, ///

Undocumented.

TRUST_ATTRIBUTE_TRUST_USES_AES_KEYS = 0x00000100, ///

Undocumented.

TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION = 0x00000200, ///

Undocumented.

TRUST_ATTRIBUTE_PIM_TRUST = 0x00000400, } ///

Indicates the direction of the trust.

[PInvokeData("ntsecapi.h", MSDNShortId = "acf9a2b5-f301-4e6a-a515-df338658ad56")] public enum TrustDirection : uint { ///

The trust relationship exists, but it has been disabled.

TRUST_DIRECTION_DISABLED = 0x00000000, ///

The trusted domain trusts the primary domain to perform operations such as name lookups and authentication.

TRUST_DIRECTION_INBOUND = 0x00000001, ///

The primary domain trusts the trusted domain to perform operations such as name lookups and authentication.

TRUST_DIRECTION_OUTBOUND = 0x00000002, ///

Both domains trust each other.

TRUST_DIRECTION_BIDIRECTIONAL = TRUST_DIRECTION_INBOUND | TRUST_DIRECTION_OUTBOUND } ///

/// /// The TRUSTED_INFORMATION_CLASS enumeration type defines values that indicate the type of information to set or query for a /// trusted domain. /// /// /// Each value has an associated structure that the LsaQueryTrustedDomainInfo and LsaSetTrustedDomainInformation functions use to /// store the information. /// ///

// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ne-ntsecapi-_trusted_information_class typedef enum // _TRUSTED_INFORMATION_CLASS { TrustedDomainNameInformation , TrustedControllersInformation , TrustedPosixOffsetInformation , // TrustedPasswordInformation , TrustedDomainInformationBasic , TrustedDomainInformationEx , TrustedDomainAuthInformation , // TrustedDomainFullInformation , TrustedDomainAuthInformationInternal , TrustedDomainFullInformationInternal , // TrustedDomainInformationEx2Internal , TrustedDomainFullInformation2Internal , TrustedDomainSupportedEncryptionTypes } // TRUSTED_INFORMATION_CLASS, *PTRUSTED_INFORMATION_CLASS; [PInvokeData("ntsecapi.h", MSDNShortId = "442a0944-b498-4d9f-b338-d5aed1663d8d")] public enum TRUSTED_INFORMATION_CLASS { ///

Query or set the name of a trusted domain. Use the TRUSTED_DOMAIN_NAME_INFO structure.

[CorrespondingType(typeof(TRUSTED_DOMAIN_NAME_INFO))] TrustedDomainNameInformation = 1, ///

This value is obsolete.

TrustedControllersInformation, ///

/// Query or set the value used to generate Posix user and group identifiers. Use the TRUSTED_POSIX_OFFSET_INFO structure. ///

[CorrespondingType(typeof(TRUSTED_POSIX_OFFSET_INFO))] TrustedPosixOffsetInformation, ///

This value has been superseded by the TrustedDomainAuthInformation value.

[CorrespondingType(typeof(TRUSTED_PASSWORD_INFO))] TrustedPasswordInformation, ///

This value is obsolete.

TrustedDomainInformationBasic, ///

Query extended information for a trusted domain. Use the TRUSTED_DOMAIN_INFORMATION_EX structure.

[CorrespondingType(typeof(TRUSTED_DOMAIN_INFORMATION_EX), CorrespondingAction.Get)] TrustedDomainInformationEx, ///

Query authentication information for a trusted domain. Use the TRUSTED_DOMAIN_AUTH_INFORMATION structure.

[CorrespondingType(typeof(TRUSTED_DOMAIN_AUTH_INFORMATION), CorrespondingAction.Get)] TrustedDomainAuthInformation, ///

/// Query complete information for a trusted domain. This information includes the Posix offset information, authentication /// information, and the extended information returned for the TrustedDomainInformationEx value. Use the /// TRUSTED_DOMAIN_FULL_INFORMATION structure. ///

[CorrespondingType(typeof(TRUSTED_DOMAIN_FULL_INFORMATION), CorrespondingAction.Get)] TrustedDomainFullInformation, } ///

Indicates the type of the trust relationship.

[PInvokeData("ntsecapi.h", MSDNShortId = "acf9a2b5-f301-4e6a-a515-df338658ad56")] public enum TrustType : uint { ///

The domain controller of the trusted domain is a computer running an operating system earlier than Windows 2000.

TRUST_TYPE_DOWNLEVEL = 0x00000001, ///

The domain controller of the Microsoft trusted domain is a computer running Windows 2000 or later.

TRUST_TYPE_UPLEVEL = 0x00000002, ///

The trusted domain is an MIT Kerberos realm.

TRUST_TYPE_MIT = 0x00000003, ///

The trusted domain is a DCE realm.

TRUST_TYPE_DCE = 0x00000004, } ///

/// /// The DOMAIN_PASSWORD_INFORMATION structure contains information about a domain's password policy, such as the minimum /// length for passwords and how unique passwords must be. /// /// It is used in the MSV1_0_CHANGEPASSWORD_RESPONSE structure. ///

// https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ns-ntsecapi-domain_password_information typedef struct // _DOMAIN_PASSWORD_INFORMATION { USHORT MinPasswordLength; USHORT PasswordHistoryLength; ULONG PasswordProperties; #if ... // OLD_LARGE_INTEGER MaxPasswordAge; #elif OLD_LARGE_INTEGER MaxPasswordAge; #if ... OLD_LARGE_INTEGER MinPasswordAge; #elif // OLD_LARGE_INTEGER MinPasswordAge; #elif LARGE_INTEGER MaxPasswordAge; #else LARGE_INTEGER MaxPasswordAge; #endif #elif // LARGE_INTEGER MinPasswordAge; #else LARGE_INTEGER MinPasswordAge; #endif } DOMAIN_PASSWORD_INFORMATION, *PDOMAIN_PASSWORD_INFORMATION; [PInvokeData("ntsecapi.h", MSDNShortId = "7dceaf70-d8de-47c0-b940-f0d6a0cca101")] [StructLayout(LayoutKind.Sequential)] public struct DOMAIN_PASSWORD_INFORMATION { ///

Specifies the minimum length, in characters, of a valid password.

public ushort MinPasswordLength; ///

/// Indicates the number of previous passwords saved in the history list. A user cannot reuse a password in the history list. ///

public ushort PasswordHistoryLength; ///

/// Flags that describe the password properties. They can be one or more of the following values. /// /// /// Value /// Meaning /// /// /// DOMAIN_PASSWORD_COMPLEX 0x00000001L /// The password must have a mix of at least two of the following types of characters: /// /// /// DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002L /// /// The password cannot be changed without logging on. Otherwise, if your password has expired, you can change your password and /// then log on. /// /// /// /// DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004L /// Forces the client to use a protocol that does not allow the domain controller to get the plaintext password. /// /// /// DOMAIN_LOCKOUT_ADMINS 0x00000008L /// Allows the built-in administrator account to be locked out from network logons. /// /// /// DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010L /// The directory service is storing a plaintext password for all users instead of a hash function of the password. /// /// /// DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020L /// /// Removes the requirement that the machine account password be automatically changed every week. This value should not be used /// as it can weaken security. /// /// /// ///

public uint PasswordProperties; ///

/// A 64-bit value, with delta time syntax, indicating the policy setting for the maximum time allowed before a password reset or /// change is required. ///

public FILETIME MaxPasswordAge; ///

/// A 64-bit value, with delta time syntax, indicating the policy setting for the minimum time allowed before a password change /// operation is allowed. ///

public FILETIME MinPasswordAge; } ///

/// The LSA_AUTH_INFORMATION structure contains authentication information for a trusted domain. ///

// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ns-ntsecapi-_lsa_auth_information typedef struct // _LSA_AUTH_INFORMATION { LARGE_INTEGER LastUpdateTime; ULONG AuthType; ULONG AuthInfoLength; PUCHAR AuthInfo; } // LSA_AUTH_INFORMATION, *PLSA_AUTH_INFORMATION; [PInvokeData("ntsecapi.h", MSDNShortId = "61c17831-4a82-4766-b5af-e97a6d467462")] [StructLayout(LayoutKind.Sequential)] public struct LSA_AUTH_INFORMATION { ///

/// A LARGE_INTEGER structure that uses the Coordinated Universal Time (Greenwich Mean Time) format to indicate the time that /// this value was set. For more information about Coordinated Universal Time, see the FILETIME structure. ///

public FILETIME LastUpdateTime; ///

/// Specifies one of the following values to indicate the type of authentication information in the AuthInfo buffer. /// /// /// Value /// Meaning /// /// /// TRUST_AUTH_TYPE_NONE /// The format is unknown and will be ignored. /// /// /// TRUST_AUTH_TYPE_NT4OWF /// /// The Windows NT 4.0 one-way format (OWF) of a plaintext password. Note that you cannot derive the clear password back from the /// OWF form of the password. The system sets this information. /// /// /// /// TRUST_AUTH_TYPE_CLEAR /// Plaintext password to use for the trust. /// /// /// TRUST_AUTH_TYPE_VERSION /// Plaintext password version number. /// /// ///

public TRUST_AUTH_TYPE AuthType; ///

/// Specifies the size, in bytes, of the AuthInfo member. ///

public uint AuthInfoLength; ///

/// Pointer to an array of bytes that contains the type of authentication information indicated by the AuthType member. ///

public IntPtr AuthInfo; } ///

/// The POLICY_ACCOUNT_DOMAIN_INFO structure is used to set and query the name and SID of the system's account domain. The /// LsaQueryInformationPolicy and LsaSetInformationPolicy functions use this structure when their InformationClass parameters are set /// to PolicyAccountDomainInformation. ///

// https://docs.microsoft.com/en-us/windows/win32/api/lsalookup/ns-lsalookup-policy_account_domain_info typedef struct // _POLICY_ACCOUNT_DOMAIN_INFO { LSA_UNICODE_STRING DomainName; PSID DomainSid; } POLICY_ACCOUNT_DOMAIN_INFO, *PPOLICY_ACCOUNT_DOMAIN_INFO; [PInvokeData("lsalookup.h", MSDNShortId = "0e38ac5f-40db-405d-9394-b6bcb7c652b5")] [StructLayout(LayoutKind.Sequential)] public struct POLICY_ACCOUNT_DOMAIN_INFO { ///

An LSA_UNICODE_STRING structure that specifies the name of the account domain.

public LSA_UNICODE_STRING DomainName; ///

Pointer to the SID of the account domain.

public PSID DomainSid; } ///

/// The POLICY_AUDIT_EVENTS_INFO structure is used to set and query the system's auditing rules. The LsaQueryInformationPolicy /// and LsaSetInformationPolicy functions use this structure when their InformationClass parameters are set to PolicyAuditEventsInformation. ///

/// /// LSA Policy defines a mask for the valid event auditing options. The POLICY_AUDIT_EVENT_MASK mask evaluates to TRUE if it /// is set equal to any of the preceding event auditing options. /// // https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ns-ntsecapi-policy_audit_events_info typedef struct // _POLICY_AUDIT_EVENTS_INFO { BOOLEAN AuditingMode; PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions; ULONG MaximumAuditEventCount; // } POLICY_AUDIT_EVENTS_INFO, *PPOLICY_AUDIT_EVENTS_INFO; [PInvokeData("ntsecapi.h", MSDNShortId = "3442e5e5-78cf-4bda-ba11-0f51ee40df16")] public struct POLICY_AUDIT_EVENTS_INFO : IVanaraMarshaler { ///

/// Indicates whether auditing is enabled. /// /// If this flag is TRUE, the system generates audit records according to the event auditing options specified in the /// EventAuditingOptions member. /// /// /// If this flag is FALSE, the system does not generate audit records. However, note that set operations update the event /// auditing options as specified in the EventAuditingOptions member even when AuditingMode is FALSE. /// ///

public bool AuditingMode; ///

/// /// Pointer to an array of POLICY_AUDIT_EVENT_OPTIONS variables. Each element in this array specifies the auditing options for an /// audit event type. The index of each array element corresponds to an audit event type value in the POLICY_AUDIT_EVENT_TYPE /// enumeration type. /// /// /// Each POLICY_AUDIT_EVENT_OPTIONS variable in the array can specify the following auditing options. You can also combine the /// success and failure options, POLICY_AUDIT_EVENT_SUCCESS and POLICY_AUDIT_EVENT_FAILURE. /// /// /// When LSASetInformationPolicy is called to change the audit policy, any new POLICY_AUDIT_EVENT_OPTIONS array elements are /// added to any existing audit options. Adding a new POLICY_AUDIT_EVENT_OPTIONS element combined with the /// POLICY_AUDIT_EVENT_NONE audit option cancels all previous audit options and begins a new set of options. /// /// /// /// Value /// Meaning /// /// /// POLICY_AUDIT_EVENT_UNCHANGED /// /// For set operations, specify this value to leave the current options unchanged. For read operations, this value means that no /// audit records for this type are generated. This is the default. /// /// /// /// POLICY_AUDIT_EVENT_SUCCESS /// Generate audit records for successful events of this type. /// /// /// POLICY_AUDIT_EVENT_FAILURE /// Generate audit records for failed attempts to cause an event of this type to occur. /// /// /// POLICY_AUDIT_EVENT_NONE /// Do not generate audit records for events of this type. /// /// ///

public POLICY_AUDIT_EVENT_OPTIONS[] EventAuditingOptions; ///

/// Specifies the number of elements in the EventAuditingOptions array. For set operations, if this value is less than the /// number of audit event types supported by the system, the system does not change the auditing options for event types with /// indexes equal to or higher than the value specified in MaximumAuditEventCount. ///

public int MaximumAuditEventCount => EventAuditingOptions?.Length ?? 0; SizeT IVanaraMarshaler.GetNativeSize() => IntPtr.Size * 3 + 36; SafeAllocatedMemoryHandle IVanaraMarshaler.MarshalManagedToNative(object obj) { var i = (POLICY_AUDIT_EVENTS_INFO)obj; var mem = new SafeHGlobalHandle(IntPtr.Size * 3 + 36); mem.Write((BOOLEAN)i.AuditingMode); mem.Write(mem.DangerousGetHandle().Offset(IntPtr.Size * 3), false, IntPtr.Size); mem.Write(i.MaximumAuditEventCount, false, IntPtr.Size * 2); mem.Write(i.EventAuditingOptions, false, IntPtr.Size * 3); return mem; } object IVanaraMarshaler.MarshalNativeToManaged(IntPtr ptr, SizeT size) { using var str = new NativeMemoryStream(ptr, size); var mode = str.Read(); str.Position = IntPtr.Size * 2; var cnt = str.Read(); str.Position = IntPtr.Size; return new POLICY_AUDIT_EVENTS_INFO { AuditingMode = mode, EventAuditingOptions = str.Read().ToArray(cnt).ToArray() }; } } ///

/// The POLICY_DNS_DOMAIN_INFO structure is used to set and query Domain Name System (DNS) information about the primary /// domain associated with a Policy object. The LsaQueryInformationPolicy and LsaSetInformationPolicy functions use this structure /// when their InformationClass parameters are set to PolicyDnsDomainInformation. ///

/// /// /// The POLICY_DNS_DOMAIN_INFO structure is an extended version of the POLICY_PRIMARY_DOMAIN_INFO structure. Setting /// POLICY_DNS_DOMAIN_INFO information will overwrite the corresponding values in the POLICY_PRIMARY_DOMAIN_INFO (name /// and SID), and vice versa. /// /// /// If the computer associated with the Policy object is not a member of a domain, all structure members except Name are /// NULL or zero. /// /// // https://docs.microsoft.com/en-us/windows/win32/api/lsalookup/ns-lsalookup-policy_dns_domain_info typedef struct // _POLICY_DNS_DOMAIN_INFO { LSA_UNICODE_STRING Name; LSA_UNICODE_STRING DnsDomainName; LSA_UNICODE_STRING DnsForestName; GUID // DomainGuid; PSID Sid; } POLICY_DNS_DOMAIN_INFO, *PPOLICY_DNS_DOMAIN_INFO; [PInvokeData("lsalookup.h", MSDNShortId = "5b2879cf-e0dc-4844-bfe8-bf45460285f1")] [StructLayout(LayoutKind.Sequential)] public struct POLICY_DNS_DOMAIN_INFO { ///

/// An LSA_UNICODE_STRING structure that specifies the name of the primary domain. This is the same as the primary domain name in /// the POLICY_PRIMARY_DOMAIN_INFO structure. ///

public LSA_UNICODE_STRING Name; ///

An LSA_UNICODE_STRING structure that specifies the DNS name of the primary domain.

public LSA_UNICODE_STRING DnsDomainName; ///

/// An LSA_UNICODE_STRING structure that specifies the DNS forest name of the primary domain. This is the DNS name of the domain /// at the root of the enterprise. ///

public LSA_UNICODE_STRING DnsForestName; ///

A GUID structure that contains the GUID of the primary domain.

public Guid DomainGuid; ///

/// Pointer to the SID of the primary domain. This is the same as the primary domain SID in the POLICY_PRIMARY_DOMAIN_INFO structure. ///

public PSID Sid; } ///

[Undocumented] Used by .

[PInvokeData("ntsecapi.h")] [StructLayout(LayoutKind.Sequential)] public struct POLICY_DOMAIN_EFS_INFO { ///

Length of the EFS Information blob

public uint InfoLength; ///

Efs blob data

public IntPtr EfsBlob; } ///

[Undocumented] Used by .

[PInvokeData("ntsecapi.h")] [StructLayout(LayoutKind.Sequential)] public struct POLICY_DOMAIN_KERBEROS_TICKET_INFO { ///

allowed ticket options (POLICY_KERBEROS_* flags )

public uint AuthenticationOptions; ///

Maximum lifetime for a service ticket

public FILETIME MaxServiceTicketAge; ///

Maximum lifetime for the initial ticket

public FILETIME MaxTicketAge; ///

Maximum cumulative age a renewable ticket can be with requring authentication

public FILETIME MaxRenewAge; ///

Maximum tolerance for synchronization of computer clocks

public FILETIME MaxClockSkew; ///

Reserved

public FILETIME Reserved; } ///

[Undocumented] Used by .

[PInvokeData("ntsecapi.h")] [StructLayout(LayoutKind.Sequential)] public struct POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO { ///

Determines what specific QOS actions a machine should take

public POLICY_QOS QualityOfService; } ///

/// The POLICY_LSA_SERVER_ROLE_INFO structure is used to set and query the role of an LSA server. The /// LsaQueryInformationPolicy and LsaSetInformationPolicy functions use this structure when their InformationClass parameters are set /// to PolicyLsaServerRoleInformation. ///

// https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ns-ntsecapi-policy_lsa_server_role_info typedef struct // _POLICY_LSA_SERVER_ROLE_INFO { POLICY_LSA_SERVER_ROLE LsaServerRole; } POLICY_LSA_SERVER_ROLE_INFO, *PPOLICY_LSA_SERVER_ROLE_INFO; [PInvokeData("ntsecapi.h", MSDNShortId = "f66abe33-d8c8-45b8-9b94-d6890d786aaa")] [StructLayout(LayoutKind.Sequential)] public struct POLICY_LSA_SERVER_ROLE_INFO { ///

/// Specifies one of the values from the POLICY_LSA_SERVER_ROLE enumeration type to indicate a primary or backup LSA server. ///

public POLICY_LSA_SERVER_ROLE LsaServerRole; } ///

/// The POLICY_MODIFICATION_INFO structure is used to query information about the creation time and last modification of the /// LSA database. The LsaQueryInformationPolicy function uses this structure when its InformationClass parameter is set to PolicyModificationInformation. ///

// https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ns-ntsecapi-policy_modification_info typedef struct // _POLICY_MODIFICATION_INFO { LARGE_INTEGER ModifiedId; LARGE_INTEGER DatabaseCreationTime; } POLICY_MODIFICATION_INFO, *PPOLICY_MODIFICATION_INFO; [PInvokeData("ntsecapi.h", MSDNShortId = "ef4d1d1d-9b1b-4d67-80b8-2b548ec31a87")] [StructLayout(LayoutKind.Sequential)] public struct POLICY_MODIFICATION_INFO { ///

/// A LARGE_INTEGER structure containing a 64-bit unsigned integer that is incremented each time anything in the LSA database is /// modified. This value is modified only on primary domain controllers. ///

public long ModifiedId; ///

/// A LARGE_INTEGER structure that indicates the date and time the LSA database was created. This is a UTC-based time that uses /// the FILETIME format. On backup domain controllers, this value is replicated from the primary domain controller. For more /// information about UTC-based time, see System Time. ///

public FILETIME DatabaseCreationTime; } ///

/// The TRUSTED_DOMAIN_AUTH_INFORMATION structure is used to retrieve authentication information for a trusted domain. The /// LsaQueryTrustedDomainInfo function uses this structure when its InformationClass parameter is set to TrustedDomainAuthInformation. ///

// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ns-ntsecapi-_trusted_domain_auth_information typedef struct // _TRUSTED_DOMAIN_AUTH_INFORMATION { ULONG IncomingAuthInfos; PLSA_AUTH_INFORMATION IncomingAuthenticationInformation; // PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation; ULONG OutgoingAuthInfos; PLSA_AUTH_INFORMATION // OutgoingAuthenticationInformation; PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation; } // TRUSTED_DOMAIN_AUTH_INFORMATION, *PTRUSTED_DOMAIN_AUTH_INFORMATION; [PInvokeData("ntsecapi.h", MSDNShortId = "2ec606d7-42bd-47cc-a4cd-82908774aa43")] [StructLayout(LayoutKind.Sequential)] public struct TRUSTED_DOMAIN_AUTH_INFORMATION { ///

/// Specifies the number of entries in the IncomingAuthenticationInformation and /// IncomingPreviousAuthenticationInformation arrays. ///

public uint IncomingAuthInfos; ///

/// Pointer to an array of LSA_AUTH_INFORMATION structures containing the authentication information for the incoming side of a /// trust relationship. ///

public IntPtr IncomingAuthenticationInformation; ///

/// Pointer to an array of LSA_AUTH_INFORMATION structures containing the previous authentication information (or old password) /// for the incoming side of a trust relationship. There must be one of these for every entry in the /// IncomingAuthenticationInformation array. ///

public IntPtr IncomingPreviousAuthenticationInformation; ///

/// Specifies the number of entries in the OutgoingAuthenticationInformation and /// OutgoingPreviousAuthenticationInformation arrays. ///

public uint OutgoingAuthInfos; ///

/// Pointer to an array of LSA_AUTH_INFORMATION structures containing the authentication information for the outgoing side of a /// trust relationship. ///

public IntPtr OutgoingAuthenticationInformation; ///

/// Pointer to an array of LSA_AUTH_INFORMATION structures containing the previous authentication information (or old password) /// for the outgoing side of a trust relationship. There must be one of these for every entry in the /// OutgoingAuthenticationInformation array. ///

public IntPtr OutgoingPreviousAuthenticationInformation; } ///

/// The TRUSTED_DOMAIN_FULL_INFORMATION structure is used to retrieve complete information about a trusted domain. The /// LsaQueryTrustedDomainInfo function uses this structure when its InformationClass parameter is set to TrustedDomainFullInformation. ///

// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ns-ntsecapi-_trusted_domain_full_information typedef struct // _TRUSTED_DOMAIN_FULL_INFORMATION { TRUSTED_DOMAIN_INFORMATION_EX Information; TRUSTED_POSIX_OFFSET_INFO PosixOffset; // TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation; } TRUSTED_DOMAIN_FULL_INFORMATION, *PTRUSTED_DOMAIN_FULL_INFORMATION; [PInvokeData("ntsecapi.h", MSDNShortId = "b7abfe1e-d9e6-4583-a738-c16190ffd44d")] [StructLayout(LayoutKind.Sequential)] public struct TRUSTED_DOMAIN_FULL_INFORMATION { ///

/// A TRUSTED_DOMAIN_INFORMATION_EX structure containing extended information for a trusted domain. ///

public TRUSTED_DOMAIN_INFORMATION_EX Information; ///

/// A TRUSTED_POSIX_OFFSET_INFO structure containing the value used to generate Posix user and group identifiers for a trusted domain. ///

public TRUSTED_POSIX_OFFSET_INFO PosixOffset; ///

/// A TRUSTED_DOMAIN_AUTH_INFORMATION structure containing authentication information for a trusted domain. ///

public TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation; } ///

/// The TRUSTED_DOMAIN_INFORMATION_EX structure is used to retrieve extended information about a trusted domain. The /// LsaQueryTrustedDomainInfo function uses this structure when its InformationClass parameter is set to TrustedDomainInformationEx. ///

// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ns-ntsecapi-_trusted_domain_information_ex typedef struct // _TRUSTED_DOMAIN_INFORMATION_EX { LSA_UNICODE_STRING Name; LSA_UNICODE_STRING FlatName; PSID Sid; ULONG TrustDirection; ULONG // TrustType; ULONG TrustAttributes; } TRUSTED_DOMAIN_INFORMATION_EX, *PTRUSTED_DOMAIN_INFORMATION_EX; [PInvokeData("ntsecapi.h", MSDNShortId = "acf9a2b5-f301-4e6a-a515-df338658ad56")] [StructLayout(LayoutKind.Sequential)] public struct TRUSTED_DOMAIN_INFORMATION_EX { ///

/// An LSA_UNICODE_STRING structure that contains the name of the trusted domain. This is the DNS domain name. For non-Microsoft /// trusted domains, this is the identifying name of the domain. ///

public LSA_UNICODE_STRING Name; ///

/// An LSA_UNICODE_STRING structure that contains the flat name of the trusted domain. For non-Microsoft trusted domains, this is /// the identifying name of the domain or it is NULL. ///

public LSA_UNICODE_STRING FlatName; ///

/// Pointer to the security identifier (SID) of the trusted domain. For non-Microsoft trusted domains, this member can be NULL. ///

public PSID Sid; ///

/// A value that indicates the direction of the trust. This member can be one of the following values. /// /// /// Value /// Meaning /// /// /// TRUST_DIRECTION_DISABLED /// The trust relationship exists, but it has been disabled. /// /// /// TRUST_DIRECTION_INBOUND /// The trusted domain trusts the primary domain to perform operations such as name lookups and authentication. /// /// /// TRUST_DIRECTION_OUTBOUND /// The primary domain trusts the trusted domain to perform operations such as name lookups and authentication. /// /// /// TRUST_DIRECTION_BIDIRECTIONAL /// Both domains trust each other. /// /// ///

public TrustDirection TrustDirection; ///

/// A value that indicates the type of the trust relationship. This member can be one of the following values. /// /// /// Value /// Meaning /// /// /// TRUST_TYPE_DOWNLEVEL /// The domain controller of the trusted domain is a computer running an operating system earlier than Windows 2000. /// /// /// TRUST_TYPE_UPLEVEL /// The domain controller of the Microsoft trusted domain is a computer running Windows 2000 or later. /// /// /// TRUST_TYPE_MIT /// The trusted domain is an MIT Kerberos realm. /// /// /// TRUST_TYPE_DCE /// The trusted domain is a DCE realm. /// /// /// 0x5 - 0x000FFFFF /// Reserved for future use. /// /// /// 0x00100000 to 0xFFF00000 /// Provider-specific trust levels. /// /// ///

public TrustType TrustType; ///

/// A value that indicates the attributes of a trust relationship. This member can be one of the following values. /// /// /// Value /// Meaning /// /// /// TRUST_ATTRIBUTE_NON_TRANSITIVE /// Disallow transitivity. /// /// /// TRUST_ATTRIBUTE_UPLEVEL_ONLY /// The trust link is not valid for client operating systems earlier than Windows 2000. /// /// /// TRUST_ATTRIBUTE_FILTER_SIDS /// Quarantine domains. /// /// /// TRUST_ATTRIBUTE_FOREST_TRANSITIVE /// The trust link may contain forest trust information. /// /// /// TRUST_ATTRIBUTE_CROSS_ORGANIZATION /// This trust is to a domain/forest that is not part of this enterprise. /// /// /// TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL /// Trust is treated as external for trust boundary purposes. /// /// /// TRUST_ATTRIBUTE_WITHIN_FOREST /// Trust is internal to this forest. /// /// ///

public TrustAttributes TrustAttributes; } ///

/// The TRUSTED_DOMAIN_NAME_INFO structure is used to query or set the name of a trusted domain. The LsaQueryTrustedDomainInfo /// and LsaSetTrustedDomainInformation functions use this structure when their InformationClass parameters are set to TrustedDomainNameInformation. ///

// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ns-ntsecapi-_trusted_domain_name_info typedef struct // _TRUSTED_DOMAIN_NAME_INFO { LSA_UNICODE_STRING Name; } TRUSTED_DOMAIN_NAME_INFO, *PTRUSTED_DOMAIN_NAME_INFO; [PInvokeData("ntsecapi.h", MSDNShortId = "9bc1301b-1d09-4cd2-8590-e7756ee4792d")] [StructLayout(LayoutKind.Sequential)] public struct TRUSTED_DOMAIN_NAME_INFO { ///

/// An LSA_UNICODE_STRING structure that contains the name of a trusted domain. ///

public LSA_UNICODE_STRING Name; } ///

/// The TRUSTED_PASSWORD_INFO structure is used to query or set the password for a trusted domain. The /// LsaQueryTrustedDomainInfo and LsaSetTrustedDomainInformation functions use this structure when their InformationClass parameters /// are set to TrustedPasswordInformation. ///

/// /// When you have finished using the TRUSTED_PASSWORD_INFO structure, clear the sensitive information from memory by calling /// the SecureZeroMemory function. For more information about protecting passwords, see Handling Passwords. /// // https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ns-ntsecapi-_trusted_password_info typedef struct // _TRUSTED_PASSWORD_INFO { LSA_UNICODE_STRING Password; LSA_UNICODE_STRING OldPassword; } TRUSTED_PASSWORD_INFO, *PTRUSTED_PASSWORD_INFO; [PInvokeData("ntsecapi.h", MSDNShortId = "2c3aca10-8efd-4278-8127-2d31db776c0e")] [StructLayout(LayoutKind.Sequential)] public struct TRUSTED_PASSWORD_INFO { ///

/// An LSA_UNICODE_STRING structure that contains the password to use when creating an authenticated connection to the domain. ///

public LSA_UNICODE_STRING Password; ///

/// An LSA_UNICODE_STRING structure that contains the old password. On set operations, if the Buffer member of this /// structure is NULL, the old password is set to the current password. ///

public LSA_UNICODE_STRING OldPassword; } ///

/// The TRUSTED_POSIX_OFFSET_INFO structure is used to query or set the value used to generate Posix user and group /// identifiers. The LsaQueryTrustedDomainInfo and LsaSetTrustedDomainInformation functions use this structure when their /// InformationClass parameters are set to TrustedPosixOffsetInformation. ///

// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ns-ntsecapi-_trusted_posix_offset_info typedef struct // _TRUSTED_POSIX_OFFSET_INFO { ULONG Offset; } TRUSTED_POSIX_OFFSET_INFO, *PTRUSTED_POSIX_OFFSET_INFO; [PInvokeData("ntsecapi.h", MSDNShortId = "0686da5e-43d4-49ac-8c5d-5c56b8d12e50")] [StructLayout(LayoutKind.Sequential)] public struct TRUSTED_POSIX_OFFSET_INFO { ///

/// An offset that the system uses to generate Posix user and group identifiers that correspond to a given SID. To generate a /// Posix identifier, the system adds the RID from the SID to the Posix offset of the trusted domain identified by the SID. ///

public uint Offset; } } }