mirror of https://github.com/dahall/Vanara.git
3079 lines
164 KiB
C#
3079 lines
164 KiB
C#
using System;
|
||
using System.Collections.Generic;
|
||
using System.Runtime.InteropServices;
|
||
using System.Text;
|
||
using Vanara.Extensions;
|
||
using Vanara.InteropServices;
|
||
|
||
namespace Vanara.PInvoke
|
||
{
|
||
public static partial class NetApi32
|
||
{
|
||
/// <summary>
|
||
/// <para>Specifies the possible ways that a device can be joined to Microsoft Azure Active Directory.</para>
|
||
/// </summary>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/ne-lmjoin-_dsreg_join_type typedef enum _DSREG_JOIN_TYPE {
|
||
// DSREG_UNKNOWN_JOIN, DSREG_DEVICE_JOIN, DSREG_WORKPLACE_JOIN } DSREG_JOIN_TYPE, *PDSREG_JOIN_TYPE;
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "E29BCBE0-222F-4CA8-97BC-6FE1B6F97A67")]
|
||
public enum DSREG_JOIN_TYPE
|
||
{
|
||
/// <summary>The type of join is not known.</summary>
|
||
DSREG_UNKNOWN_JOIN,
|
||
|
||
/// <summary>The device is joined to Azure Active Directory (Azure AD).</summary>
|
||
DSREG_DEVICE_JOIN,
|
||
|
||
/// <summary>An Azure AD work account is added on the device.</summary>
|
||
DSREG_WORKPLACE_JOIN,
|
||
}
|
||
|
||
/// <summary>The type of the name queried in <c>NetEnumerateComputerNames</c>.</summary>
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "c657ae33-404e-4c36-a956-5fbcfa540be7")]
|
||
public enum NET_COMPUTER_NAME_TYPE
|
||
{
|
||
/// <summary>The primary computer name.</summary>
|
||
NetPrimaryComputerName,
|
||
|
||
/// <summary>Alternate computer names.</summary>
|
||
NetAlternateComputerNames,
|
||
|
||
/// <summary>All computer names.</summary>
|
||
NetAllComputerNames,
|
||
|
||
/// <summary>Indicates the end of the range that specifies the possible values for the type of name to be queried.</summary>
|
||
NetComputerNameTypeMax
|
||
}
|
||
|
||
/// <summary>A set of bit flags defining domain join options.</summary>
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "4efcb399-03af-4312-9f1d-6bc38f356cac")]
|
||
[Flags]
|
||
public enum NETSETUP
|
||
{
|
||
/// <summary>Joins the computer to a domain. If this value is not specified, joins the computer to a workgroup.</summary>
|
||
NETSETUP_JOIN_DOMAIN = 0x00000001,
|
||
|
||
/// <summary>Creates the account on the domain.</summary>
|
||
NETSETUP_ACCT_CREATE = 0x00000002,
|
||
|
||
/// <summary>The account is disabled when the unjoin occurs.</summary>
|
||
NETSETUP_ACCT_DELETE = 0x00000004,
|
||
|
||
/// <summary>The join operation is occurring as part of an upgrade.</summary>
|
||
NETSETUP_WIN9X_UPGRADE = 0x00000010,
|
||
|
||
/// <summary>Allows a join to a new domain even if the computer is already joined to a domain.</summary>
|
||
NETSETUP_DOMAIN_JOIN_IF_JOINED = 0x00000020,
|
||
|
||
/// <summary>
|
||
/// Performs an unsecured join.
|
||
/// <para>
|
||
/// This option requests a domain join to a pre-created account without authenticating with domain user credentials. This option
|
||
/// can be used in conjunction with NETSETUP_MACHINE_PWD_PASSED option. In this case, lpPassword is the password of the
|
||
/// pre-created machine account.
|
||
/// </para>
|
||
/// <para>
|
||
/// Prior to Windows Vista with SP1 and Windows Server 2008, an unsecure join did not authenticate to the domain controller. All
|
||
/// communication was performed using a null (unauthenticated) session.Starting with Windows Vista with SP1 and Windows Server
|
||
/// 2008, the machine account name and password are used to authenticate to the domain controller.
|
||
/// </para>
|
||
/// </summary>
|
||
NETSETUP_JOIN_UNSECURE = 0x00000040,
|
||
|
||
/// <summary>
|
||
/// Indicates that the lpPassword parameter specifies a local machine account password rather than a user password. This flag is
|
||
/// valid only for unsecured joins, which you must indicate by also setting the NETSETUP_JOIN_UNSECURE flag.
|
||
/// <para>
|
||
/// If you set this flag, then after the join operation succeeds, the machine password will be set to the value of lpPassword, if
|
||
/// that value is a valid machine password.
|
||
/// </para>
|
||
/// </summary>
|
||
NETSETUP_MACHINE_PWD_PASSED = 0x00000080,
|
||
|
||
/// <summary>
|
||
/// Indicates that the service principal name (SPN) and the DnsHostName properties on the computer object should not be updated
|
||
/// at this time.
|
||
/// <para>
|
||
/// Typically, these properties are updated during the join operation. Instead, these properties should be updated during a
|
||
/// subsequent call to the NetRenameMachineInDomain function. These properties are always updated during the rename operation.
|
||
/// For more information, see the following Remarks section.
|
||
/// </para>
|
||
/// </summary>
|
||
NETSETUP_DEFER_SPN_SET = 0x00000100,
|
||
|
||
/// <summary>
|
||
/// Allow the domain join if existing account is a domain controller. <note type="note">This flag is supported on Windows Vista
|
||
/// and later.</note>
|
||
/// </summary>
|
||
NETSETUP_JOIN_DC_ACCOUNT = 0x00000200,
|
||
|
||
/// <summary>
|
||
/// Join the target machine specified in lpServer parameter with a new name queried from the registry on the machine specified in
|
||
/// the lpServer parameter.
|
||
/// <para>
|
||
/// This option is used if SetComputerNameEx has been called prior to rebooting the machine. The new computer name will not take
|
||
/// effect until a reboot.With this option, the caller instructs the NetJoinDomain function to use the new name during the domain
|
||
/// join operation.A reboot is required after calling NetJoinDomain successfully at which time both the computer name change and
|
||
/// domain membership change will have taken affect.
|
||
/// </para>
|
||
/// <note type="note">This flag is supported on Windows Vista and later.</note>
|
||
/// </summary>
|
||
NETSETUP_JOIN_WITH_NEW_NAME = 0x00000400,
|
||
|
||
/// <summary>
|
||
/// Join the target machine specified in lpServer parameter using a pre-created account without requiring a writable domain controller.
|
||
/// <para>
|
||
/// This option provides the ability to join a machine to domain if an account has already been provisioned and replicated to a
|
||
/// read-only domain controller. The target read-only domain controller is specified as part of the lpDomain parameter, after the
|
||
/// domain name delimited by a <20>\<5C> character. This provisioning must include the machine secret. The machine account must be
|
||
/// added via group membership into the allowed list for password replication policy, and the account password must be replicated
|
||
/// to the read-only domain controller prior to the join operation. For more information, see the information on Password
|
||
/// Replication Policy Administration.
|
||
/// </para>
|
||
/// <para>
|
||
/// Starting with Windows 7, an alternate mechanism is to use the offline domain join mechanism. For more information, see the
|
||
/// NetProvisionComputerAccount and NetRequestOfflineDomainJoin functions.
|
||
/// </para>
|
||
/// <note type="note">This flag is supported on Windows Vista and later.</note>
|
||
/// </summary>
|
||
NETSETUP_JOIN_READONLY = 0x00000800,
|
||
|
||
/// <summary>Limits any updates to DNS-based names only.</summary>
|
||
NETSETUP_DNS_NAME_CHANGES_ONLY = 0x00001000,
|
||
|
||
/// <summary>Indicates that the protocol method was invoked during installation.</summary>
|
||
NETSETUP_INSTALL_INVOCATION = 0x00040000,
|
||
|
||
/// <summary>
|
||
/// When joining the domain don't try to set the preferred domain controller in the registry. <note type="note">This flag is
|
||
/// supported on Windows 7, Windows Server 2008 R2, and later.</note>
|
||
/// </summary>
|
||
NETSETUP_AMBIGUOUS_DC = 0x00001000,
|
||
|
||
/// <summary>
|
||
/// When joining the domain don't create the Netlogon cache. <note type="note">This flag is supported on Windows 7, Windows
|
||
/// Server 2008 R2, and later.</note>
|
||
/// </summary>
|
||
NETSETUP_NO_NETLOGON_CACHE = 0x00002000,
|
||
|
||
/// <summary>
|
||
/// When joining the domain don't force Netlogon service to start. <note type="note">This flag is supported on Windows 7, Windows
|
||
/// Server 2008 R2, and later.</note>
|
||
/// </summary>
|
||
NETSETUP_DONT_CONTROL_SERVICES = 0x00004000,
|
||
|
||
/// <summary>
|
||
/// When joining the domain for offline join only, set target machine hostname and NetBIOS name. <note type="note">This flag is
|
||
/// supported on Windows 7, Windows Server 2008 R2, and later.</note>
|
||
/// </summary>
|
||
NETSETUP_SET_MACHINE_NAME = 0x00008000,
|
||
|
||
/// <summary>
|
||
/// When joining the domain, override other settings during domain join and set the service principal name (SPN).
|
||
/// <note type="note">This flag is supported on Windows 7, Windows Server 2008 R2, and later.</note>
|
||
/// </summary>
|
||
NETSETUP_FORCE_SPN_SET = 0x00010000,
|
||
|
||
/// <summary>
|
||
/// When joining the domain, do not reuse an existing account. <note type="note">This flag is supported on Windows 7, Windows
|
||
/// Server 2008 R2, and later.</note>
|
||
/// </summary>
|
||
NETSETUP_NO_ACCT_REUSE = 0x00020000,
|
||
|
||
/// <summary>Undocumented.</summary>
|
||
NETSETUP_ALT_SAMACCOUNTNAME = 0x00020000,
|
||
|
||
/// <summary>
|
||
/// If this bit is set, unrecognized flags will be ignored by the NetJoinDomain function and NetJoinDomain will behave as if the
|
||
/// flags were not set.
|
||
/// </summary>
|
||
NETSETUP_IGNORE_UNSUPPORTED_FLAGS = 0x10000000,
|
||
|
||
/// <summary>Valid unjoin flags.</summary>
|
||
NETSETUP_VALID_UNJOIN_FLAGS = NETSETUP_ACCT_DELETE | NETSETUP_IGNORE_UNSUPPORTED_FLAGS | NETSETUP_JOIN_DC_ACCOUNT,
|
||
|
||
/// <summary>Undocumented.</summary>
|
||
NETSETUP_PROCESS_OFFLINE_FLAGS = NETSETUP_JOIN_DOMAIN | NETSETUP_DOMAIN_JOIN_IF_JOINED | NETSETUP_JOIN_WITH_NEW_NAME | NETSETUP_DONT_CONTROL_SERVICES | NETSETUP_MACHINE_PWD_PASSED,
|
||
}
|
||
|
||
/// <summary>The join status of the specified computer.</summary>
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "c7cc1cf2-4530-4039-806b-fbee572f564d")]
|
||
public enum NETSETUP_JOIN_STATUS
|
||
{
|
||
/// <summary>The status is unknown.</summary>
|
||
NetSetupUnknownStatus = 0,
|
||
|
||
/// <summary>The computer is not joined.</summary>
|
||
NetSetupUnjoined,
|
||
|
||
/// <summary>The computer is joined to a workgroup.</summary>
|
||
NetSetupWorkgroupName,
|
||
|
||
/// <summary>The computer is joined to a domain.</summary>
|
||
NetSetupDomainName
|
||
}
|
||
|
||
/// <summary>The type of the name passed in the lpName parameter of <see cref="NetValidateName"/> to validate.</summary>
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "772603df-ec17-4a83-a715-2d9a14d5c2bb")]
|
||
public enum NETSETUP_NAME_TYPE
|
||
{
|
||
/// <summary>The nametype is unknown. If this value is used, the NetValidateName function fails with ERROR_INVALID_PARAMETER.</summary>
|
||
NetSetupUnknown = 0,
|
||
|
||
/// <summary>Verify that the NetBIOS computer name is valid and that it is not in use.</summary>
|
||
NetSetupMachine,
|
||
|
||
/// <summary>Verify that the workgroup name is valid.</summary>
|
||
NetSetupWorkgroup,
|
||
|
||
/// <summary>Verify that the domain name exists and that it is a domain.</summary>
|
||
NetSetupDomain,
|
||
|
||
/// <summary>Verify that the domain name is not in use.</summary>
|
||
NetSetupNonExistentDomain,
|
||
|
||
/// <summary>
|
||
/// Verify that the DNS computer name is valid.
|
||
/// <para>
|
||
/// This value is supported on Windows 2000 and later. The application must be compiled with _WIN32_WINNT >= 0x0500 to use
|
||
/// this value.
|
||
/// </para>
|
||
/// </summary>
|
||
NetSetupDnsMachine
|
||
}
|
||
|
||
/// <summary>Bit flags that define provisioning options.</summary>
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "4c854258-b84d-4ef3-a6da-ce0a9540ffd5")]
|
||
[Flags]
|
||
public enum NETSETUP_PROVISION : uint
|
||
{
|
||
/// <summary>
|
||
/// If the caller requires account creation by privilege, this option will cause a retry on failure using account creation
|
||
/// functions enabling interoperability with domain controllers running on earlier versions of Windows.
|
||
/// <para>The lpMachineAccountOU is not supported when using downlevel privilege support.</para>
|
||
/// </summary>
|
||
NETSETUP_PROVISION_DOWNLEVEL_PRIV_SUPPORT = 0x00000001,
|
||
|
||
/// <summary>
|
||
/// If the named account already exists, an attempt will be made to reuse the existing account.
|
||
/// <para>This option requires sufficient credentials for this operation (Domain Administrator or the object owner).</para>
|
||
/// </summary>
|
||
NETSETUP_PROVISION_REUSE_ACCOUNT = 0x00000002,
|
||
|
||
/// <summary>
|
||
/// Use the default machine account password which is the machine name in lowercase. This is largely to support the older
|
||
/// unsecure join model where the pre-created account typically used this default password. <note type="note">Applications should
|
||
/// avoid using this option if possible.This option as well as NetJoinDomain function with dwOptions set to
|
||
/// NETSETUP_JOIN_UNSECURE for unsecure join should only be used on earlier versions of Windows.</note>
|
||
/// </summary>
|
||
NETSETUP_PROVISION_USE_DEFAULT_PASSWORD = 0x00000004,
|
||
|
||
/// <summary>
|
||
/// Do not try to find the account on any domain controller in the domain. This option makes the operation faster, but should
|
||
/// only be used when the caller is certain that an account by the same name hasn't recently been created.
|
||
/// <para>
|
||
/// This option is only valid when the lpDcName parameter is specified. When the prerequisites are met, this option allows for
|
||
/// must faster provisioning useful for scenarios such as batch processing.
|
||
/// </para>
|
||
/// </summary>
|
||
NETSETUP_PROVISION_SKIP_ACCOUNT_SEARCH = 0x00000008,
|
||
|
||
/// <summary>
|
||
/// This option retrieves all of the root Certificate Authority certificates on the local machine and adds them to the
|
||
/// provisioning package when no certificate template names are provided as part of the provisioning package (the
|
||
/// aCertTemplateNames member of the NETSETUP_PROVISIONING_PARAMS struct passed in the pProvisioningParams parameter to the
|
||
/// NetCreateProvisioningPackage function is NULL). <note type="note">This flag is only supported by the
|
||
/// NetCreateProvisioningPackage function on Windows 8, Windows Server 2012, and later.</note>
|
||
/// </summary>
|
||
NETSETUP_PROVISION_ROOT_CA_CERTS = 0x00000010,
|
||
|
||
/// <summary>Undocumented.</summary>
|
||
NETSETUP_PROVISION_PERSISTENTSITE = 0x00000020,
|
||
|
||
/// <summary>
|
||
/// This flag is required if the lpWindowsPath parameter references the currently running Windows operating system directory
|
||
/// rather than an offline Windows operating system image mounted on an accessible volume. If this flag is specified, the
|
||
/// NetRequestProvisioningPackageInstall function must be invoked by a member of the local Administrators group.
|
||
/// </summary>
|
||
NETSETUP_PROVISION_ONLINE_CALLER = 0x40000000,
|
||
|
||
/// <summary>Undocumented.</summary>
|
||
NETSETUP_PROVISION_CHECK_PWD_ONLY = 0x80000000,
|
||
}
|
||
|
||
/// <summary>The <c>NetAddAlternateComputerName</c> function adds an alternate name for the specified computer.</summary>
|
||
/// <param name="Server">
|
||
/// A pointer to a constant string that specifies the name of the computer on which to execute this function. If this parameter is
|
||
/// <c>NULL</c>, the local computer is used.
|
||
/// </param>
|
||
/// <param name="AlternateName">
|
||
/// A pointer to a constant string that specifies the alternate name to add. This name must be in the form of a fully qualified DNS name.
|
||
/// </param>
|
||
/// <param name="DomainAccount">
|
||
/// <para>
|
||
/// A pointer to a constant string that specifies the domain account to use for accessing the machine account object for the computer
|
||
/// specified in the Server parameter in Active Directory. If this parameter is <c>NULL</c>, then the credentials of the user
|
||
/// executing this routine are used.
|
||
/// </para>
|
||
/// <para>This parameter is not used if the server to execute this function is not joined to a domain.</para>
|
||
/// </param>
|
||
/// <param name="DomainAccountPassword">
|
||
/// <para>
|
||
/// A pointer to a constant string that specifies the password matching the domain account passed in the DomainAccount parameter. If
|
||
/// this parameter is <c>NULL</c>, then the credentials of the user executing this routine are used.
|
||
/// </para>
|
||
/// <para>
|
||
/// This parameter is ignored if the DomainAccount parameter is <c>NULL</c>. This parameter is not used if the server to execute this
|
||
/// function is not joined to a domain.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="Reserved">Reserved for future use. This parameter should be <c>NULL</c>.</param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is NERR_Success.</para>
|
||
/// <para>If the function fails, the return value can be one of the following error codes or one of the system error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_ACCESS_DENIED</term>
|
||
/// <term>
|
||
/// Access is denied. This error is returned if the caller was not a member of the Administrators local group on the target computer.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_NAME</term>
|
||
/// <term>A name parameter is incorrect. This error is returned if the AlternateName parameter does not contain valid name.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_PARAMETER</term>
|
||
/// <term>
|
||
/// A parameter is incorrect. This error is returned if the DomainAccount parameter does not contain a valid domain. This error is
|
||
/// also returned if the DomainAccount parameter is not NULL and the DomainAccountPassword parameter is not NULL but does not contain
|
||
/// a Unicode string.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NOT_ENOUGH_MEMORY</term>
|
||
/// <term>Not enough memory is available to process this command.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NOT_SUPPORTED</term>
|
||
/// <term>
|
||
/// The request is not supported. This error is returned if the target computer specified in the Server parameter on which this
|
||
/// function executes is running on Windows 2000 and earlier.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_WkstaNotStarted</term>
|
||
/// <term>The Workstation service has not been started.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_S_CALL_IN_PROGRESS</term>
|
||
/// <term>A remote procedure call is already in progress for this thread.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_S_PROTSEQ_NOT_SUPPORTED</term>
|
||
/// <term>The remote procedure call protocol sequence is not supported.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// <para>The <c>NetAddAlternateComputerName</c> function is supported on Windows XP and later.</para>
|
||
/// <para>
|
||
/// The <c>NetAddAlternateComputerName</c> function is used to set secondary network names for computers. The primary name is the
|
||
/// name used for authentication and maps to the machine account name.
|
||
/// </para>
|
||
/// <para>
|
||
/// The <c>NetAddAlternateComputerName</c> function requires that the caller is a member of the Administrators local group on the
|
||
/// target computer.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netaddalternatecomputername NET_API_STATUS NET_API_FUNCTION
|
||
// NetAddAlternateComputerName( LPCWSTR Server, LPCWSTR AlternateName, LPCWSTR DomainAccount, LPCWSTR DomainAccountPassword, ULONG
|
||
// Reserved );
|
||
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "710865c6-e327-439c-931d-de8674d69233")]
|
||
public static extern Win32Error NetAddAlternateComputerName([Optional] string Server, string AlternateName, [Optional] string DomainAccount, [Optional] string DomainAccountPassword, uint Reserved = 0);
|
||
|
||
/// <summary>
|
||
/// The NetCreateProvisioningPackage function creates a provisioning package that provisions a computer account for later use in an
|
||
/// offline domain join operation. The package may also contain information about certificates and policies to add to the machine
|
||
/// during provisioning.
|
||
/// </summary>
|
||
/// <param name="pProvisioningParams">
|
||
/// <para>A pointer to a NETSETUP_PROVISIONING_PARAMS structure that contains information about the provisioning package.</para>
|
||
/// <para>The following values are defined for the members of this structure:</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>dwVersion</term>
|
||
/// <term>
|
||
/// The version of Windows in the provisioning package. This member should use the following value defined in the Lmjoin.h header
|
||
/// file: NETSETUP_PROVISIONING_PARAMS_CURRENT_VERSION (0x00000001)
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>lpDomain</term>
|
||
/// <term>
|
||
/// A pointer to a constant null-terminated character string that specifies the name of the domain where the computer account is created.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>lpMachineName</term>
|
||
/// <term>
|
||
/// A pointer to a constant null-terminated character string that specifies the short name of the machine from which the computer
|
||
/// account attribute sAMAccountName is derived by appending a '$'. This parameter must contain a valid DNS or NetBIOS machine name.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>lpMachineAccountOU</term>
|
||
/// <term>
|
||
/// An optional pointer to a constant null-terminated character string that contains the RFC 1779 format name of the organizational
|
||
/// unit (OU) where the computer account will be created. If you specify this parameter, the string must contain a full path, for
|
||
/// example, OU=testOU,DC=domain,DC=Domain,DC=com. Otherwise, this parameter must be NULL. If this parameter is NULL, the well known
|
||
/// computer object container will be used as published in the domain.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>lpDcName</term>
|
||
/// <term>
|
||
/// An optional pointer to a constant null-terminated character string that contains the name of the domain controller to target.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>dwProvisionOptions</term>
|
||
/// <term>
|
||
/// A set of bit flags that define provisioning options. This parameter can be one or more of the values specified for the dwOptions
|
||
/// parameter passed to the NetProvisionComputerAccount function. These possible values are defined in the Lmjoin.h header file. The
|
||
/// NETSETUP_PROVISION_ROOT_CA_CERTS option is only supported on Windows 8 and Windows Server 2012.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>aCertTemplateNames</term>
|
||
/// <term>A optional pointer to an array of NULL-terminated certificate template names.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>cCertTemplateNames</term>
|
||
/// <term>When aCertTemplateNames is not NULL, this member provides an explicit count of the number of items in the array.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>aMachinePolicyNames</term>
|
||
/// <term>An optional pointer to an array of NULL-terminated machine policy names.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>cMachinePolicyNames</term>
|
||
/// <term>When aMachinePolicyNames is not NULL, this member provides an explicit count of the number of items in the array.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>aMachinePolicyPaths</term>
|
||
/// <term>
|
||
/// An optional pointer to an array of character strings. Each array element is a NULL-terminated character string which specifies
|
||
/// the full or partial path to a file in the Registry Policy File format. For more information on the Registry Policy File Format ,
|
||
/// see Registry Policy File Format The path could be a UNC path on a remote server.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>cMachinePolicyPaths</term>
|
||
/// <term>When aMachinePolicyPaths is not NULL, this member provides an explicit count of the number of items in the array.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="ppPackageBinData">
|
||
/// <para>
|
||
/// An optional pointer that will receive the package required by NetRequestOfflineDomainJoin function to complete an offline domain
|
||
/// join, if the NetProvisionComputerAccount function completes successfully. The data is returned as an opaque binary buffer which
|
||
/// may be passed to <c>NetRequestOfflineDomainJoin</c> function.
|
||
/// </para>
|
||
/// <para>
|
||
/// If this parameter is <c>NULL</c>, then pPackageTextData parameter must not be <c>NULL</c>. If this parameter is not <c>NULL</c>,
|
||
/// then the pPackageTextData parameter must be <c>NULL</c>.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pdwPackageBinDataSize">
|
||
/// <para>A pointer to a value that receives the size, in bytes, of the buffer returned in the pProvisionBinData parameter.</para>
|
||
/// <para>
|
||
/// This parameter must not be <c>NULL</c> if the pPackageBinData parameter is not <c>NULL</c>. This parameter must be <c>NULL</c>
|
||
/// when the pPackageBinData parameter is <c>NULL</c>.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="ppPackageTextData">
|
||
/// <para>
|
||
/// An optional pointer that will receive the package required by NetRequestOfflineDomainJoin function to complete an offline domain
|
||
/// join, if the NetProvisionComputerAccount function completes successfully. The data is returned in string form for embedding in an
|
||
/// unattended setup answer file.
|
||
/// </para>
|
||
/// <para>
|
||
/// If this parameter is <c>NULL</c>, then the pPackageBinData parameter must not be <c>NULL</c>. If this parameter is not
|
||
/// <c>NULL</c>, then the the pPackageBinData parameter must be <c>NULL</c>.
|
||
/// </para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is NERR_Success.</para>
|
||
/// <para>If the function fails, the return value can be one of the following error codes or one of the system error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_ACCESS_DENIED</term>
|
||
/// <term>Access is denied. This error is returned if the caller does not have sufficient privileges to complete the operation.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_DOMAIN_ROLE</term>
|
||
/// <term>
|
||
/// This operation is only allowed for the Primary Domain Controller of the domain. This error is returned if a domain controller
|
||
/// name was specified in the lpDcName of the NETSETUP_PROVISIONING_PARAMS struct pointed to by the pProvisioningParams parameter,
|
||
/// but the computer specified could not be validated as a domain controller for the target domain specified in the lpDomain of the NETSETUP_PROVISIONING_PARAMS.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_PARAMETER</term>
|
||
/// <term>
|
||
/// A parameter is incorrect. This error is also returned if both the pProvisioningParams parameter is NULL. This error is also
|
||
/// returned if the lpDomain or lpMachineName member of the NETSETUP_PROVISIONING_PARAMS struct pointed to by the pProvisioningParams
|
||
/// parameter is NULL.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NO_SUCH_DOMAIN</term>
|
||
/// <term>The specified domain did not exist.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NOT_SUPPORTED</term>
|
||
/// <term>
|
||
/// The request is not supported. This error is returned if the lpMachineAccountOU member was specified in the
|
||
/// NETSETUP_PROVISIONING_PARAMS struct pointed to by the pProvisioningParams parameter and the domain controller is running on an
|
||
/// earlier versions of Windows that does not support this parameter.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_DS8DCRequired</term>
|
||
/// <term>The specified domain controller does not meet the version requirement for this operation.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_LDAPCapableDCRequired</term>
|
||
/// <term>This operation requires a domain controller which supports LDAP.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_UserExists</term>
|
||
/// <term>
|
||
/// The account already exists in the domain and the NETSETUP_PROVISION_REUSE_ACCOUNT bit was not specified in the dwProvisionOptions
|
||
/// member of the NETSETUP_PROVISIONING_PARAMS struct pointed to by the pProvisioningParams parameter.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_WkstaNotStarted</term>
|
||
/// <term>The Workstation service has not been started.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_S_CALL_IN_PROGRESS</term>
|
||
/// <term>A remote procedure call is already in progress for this thread.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_S_PROTSEQ_NOT_SUPPORTED</term>
|
||
/// <term>The remote procedure call protocol sequence is not supported.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// The <c>NetCreateProvisioningPackage</c> function is supported on Windows 8 and Windows Server 2012 for offline join operations.
|
||
/// For Windows 7, use the NetProvisionComputerAccount function.
|
||
/// </para>
|
||
/// <para>
|
||
/// The <c>NetCreateProvisioningPackage</c> function is used to provision a computer account for later use in an offline domain join
|
||
/// operation using the NetRequestProvisioningPackageInstall function.
|
||
/// </para>
|
||
/// <para>The offline domain join scenario uses two functions:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>
|
||
/// <c>NetCreateProvisioningPackage</c> is a provisioning function that is first called to perform the network operations necessary
|
||
/// to create and configure the computer object in Active Directory. The output from the <c>NetCreateProvisioningPackage</c> is a
|
||
/// package used for the next step.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>
|
||
/// NetRequestProvisioningPackageInstall, an image initialization function, is called to inject the output from the
|
||
/// <c>NetCreateProvisioningPackage</c> provisioning function into a Windows operating system image for use during pre-installation
|
||
/// and post-installation.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>Changes to Windows initialization code will detect this saved state and affect the local-only portion of domain join.</para>
|
||
/// <para>
|
||
/// When the pPackageBinData and pdwPackageBinDataSize out pointers are used, set the pPackageTextData out pointer to NULL. When
|
||
/// pPackageTextData is used, set the pPackageBinData and pdwPackageBinDataSize out pointers to NULL.
|
||
/// </para>
|
||
/// <para>
|
||
/// The pProvisioningParams parameter specifies data to include in the provisioning package. The package includes information
|
||
/// relevant to the domain join, and it can also include information about policies and certificates to install on the machine. The
|
||
/// provisioning package can be used in four ways:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>Domain join</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Domain join and installation of certificates</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Domain join and installation of policies</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Domain join and installation of certificates and policies</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// The <c>NetCreateProvisioningPackage</c> function creates or reuses the machine account in the domain, collects all necessary
|
||
/// metadata and returns it in a package. The package can be consumed by the offline domain join request operation supplying all the
|
||
/// necessary input to complete the domain join during first boot without any network operations (local state updates only).
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Security Note:</c> The package returned by the <c>NetCreateProvisioningPackage</c> function contains very sensitive data. It
|
||
/// should be treated just as securely as a plaintext password. The package contains the machine account password and other
|
||
/// information about the domain, including the domain name, the name of a domain controller, and the security ID (SID) of the
|
||
/// domain. If the package is being transported physically or over the network, care must be taken to transport it securely. The
|
||
/// design makes no provisions for securing this data. This problem exists today with unattended setup answer files which can carry a
|
||
/// number of secrets including domain user passwords. The caller must secure the package. Solutions to this problem are varied. As
|
||
/// an example, a pre-exchanged key could be used to encrypt a session between the consumer and provisioning entity enabling a secure
|
||
/// transfer of the package.
|
||
/// </para>
|
||
/// <para>
|
||
/// The package returned in the pPackageBinData parameter by the <c>NetCreateProvisioningPackage</c> function is versioned to allow
|
||
/// interoperability and serviceability scenarios between different versions of Windows (such as joining a client, provisioning a
|
||
/// machine, and using a domain controller). A package created on Windows 8 or Windows Server 2012 can be used Windows 7 or Windows
|
||
/// Server 2008 R2, however only domain join information will take effect (certificates and policies are not supported). The offline
|
||
/// join scenario currently does not limit the lifetime of the package returned by the <c>NetCreateProvisioningPackage</c> function.
|
||
/// </para>
|
||
/// <para>
|
||
/// For offline domain joins, the access check performed depends on the configuration of the domain. Computer account creation is
|
||
/// enabled using three methods:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>Domain administrators have rights to create computer accounts.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>The SD on a container can delegate the rights to create computer accounts.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>
|
||
/// By default, authenticated users may create computer accounts by privilege. Authenticated users are limited to creating a limited
|
||
/// number of accounts that is specified as a quota on the domain (the default value is 10). For more information, see the
|
||
/// ms-DS-MachineAccountQuota attribute in the Active Directory schema.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// The <c>NetCreateProvisioningPackage</c> function works only with a writable domain controller and does not function against a
|
||
/// read-only domain controller. Once provisioning is done against a writable domain controller and the account is replicated to a
|
||
/// read-only domain controller, the other portions of the offline domain join operation do not require access to a domain controller.
|
||
/// </para>
|
||
/// <para>
|
||
/// If the <c>NetCreateProvisioningPackage</c> function is successful, the pointer in the pPackageBinData or pPackageTextData
|
||
/// parameter (depending on which parameter was not <c>NULL</c>) is returned with the serialized data for use in an offline join
|
||
/// operation or as text in an unattended setup file.
|
||
/// </para>
|
||
/// <para>
|
||
/// All phases of the provisioning process append to a NetSetup.log file on the local computer. The provisoning process can include
|
||
/// up to three different computers: the computer where the provisioning package is created, the computer that requests the
|
||
/// installation of the package, and the computer where the package is installed. There will be NetSetup.log file information stored
|
||
/// on all three computers according to the operation performed. Reviewing the contents of these files is the most common means of
|
||
/// troubleshooting online and offline provisioning errors. Provisioning operations undertaken by admins are logged to the
|
||
/// NetSetup.log file in the %WINDIR%\Debug. Provisioning operations performed by non-admins are logged to the NetSetup.log file in
|
||
/// the %USERPROFILE%\Debug folder.
|
||
/// </para>
|
||
/// <para>For more information on offline domain join operations, see the Offline Domain Join Step-by-Step Guide.</para>
|
||
/// <para>
|
||
/// Joining (and unjoining) a computer to a domain using NetJoinDomain and NetUnjoinDomain is performed only by a member of the
|
||
/// Administrators local group on the target computer. Note that the domain administrator can set additional requirements for joining
|
||
/// the domain using delegation and assignment of privileges.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netcreateprovisioningpackage NET_API_STATUS NET_API_FUNCTION
|
||
// NetCreateProvisioningPackage( PNETSETUP_PROVISIONING_PARAMS pProvisioningParams, PBYTE *ppPackageBinData, DWORD
|
||
// *pdwPackageBinDataSize, LPWSTR *ppPackageTextData );
|
||
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "6E2A5578-8308-41E2-B5E9-5E34E9E76C0B")]
|
||
public static extern Win32Error NetCreateProvisioningPackage(ref NETSETUP_PROVISIONING_PARAMS pProvisioningParams, out IntPtr ppPackageBinData,
|
||
out uint pdwPackageBinDataSize, IntPtr ppPackageTextData = default);
|
||
|
||
/// <summary>
|
||
/// The NetCreateProvisioningPackage function creates a provisioning package that provisions a computer account for later use in an
|
||
/// offline domain join operation. The package may also contain information about certificates and policies to add to the machine
|
||
/// during provisioning.
|
||
/// </summary>
|
||
/// <param name="pProvisioningParams">
|
||
/// <para>A pointer to a NETSETUP_PROVISIONING_PARAMS structure that contains information about the provisioning package.</para>
|
||
/// <para>The following values are defined for the members of this structure:</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>dwVersion</term>
|
||
/// <term>
|
||
/// The version of Windows in the provisioning package. This member should use the following value defined in the Lmjoin.h header
|
||
/// file: NETSETUP_PROVISIONING_PARAMS_CURRENT_VERSION (0x00000001)
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>lpDomain</term>
|
||
/// <term>
|
||
/// A pointer to a constant null-terminated character string that specifies the name of the domain where the computer account is created.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>lpMachineName</term>
|
||
/// <term>
|
||
/// A pointer to a constant null-terminated character string that specifies the short name of the machine from which the computer
|
||
/// account attribute sAMAccountName is derived by appending a '$'. This parameter must contain a valid DNS or NetBIOS machine name.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>lpMachineAccountOU</term>
|
||
/// <term>
|
||
/// An optional pointer to a constant null-terminated character string that contains the RFC 1779 format name of the organizational
|
||
/// unit (OU) where the computer account will be created. If you specify this parameter, the string must contain a full path, for
|
||
/// example, OU=testOU,DC=domain,DC=Domain,DC=com. Otherwise, this parameter must be NULL. If this parameter is NULL, the well known
|
||
/// computer object container will be used as published in the domain.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>lpDcName</term>
|
||
/// <term>
|
||
/// An optional pointer to a constant null-terminated character string that contains the name of the domain controller to target.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>dwProvisionOptions</term>
|
||
/// <term>
|
||
/// A set of bit flags that define provisioning options. This parameter can be one or more of the values specified for the dwOptions
|
||
/// parameter passed to the NetProvisionComputerAccount function. These possible values are defined in the Lmjoin.h header file. The
|
||
/// NETSETUP_PROVISION_ROOT_CA_CERTS option is only supported on Windows 8 and Windows Server 2012.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>aCertTemplateNames</term>
|
||
/// <term>A optional pointer to an array of NULL-terminated certificate template names.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>cCertTemplateNames</term>
|
||
/// <term>When aCertTemplateNames is not NULL, this member provides an explicit count of the number of items in the array.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>aMachinePolicyNames</term>
|
||
/// <term>An optional pointer to an array of NULL-terminated machine policy names.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>cMachinePolicyNames</term>
|
||
/// <term>When aMachinePolicyNames is not NULL, this member provides an explicit count of the number of items in the array.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>aMachinePolicyPaths</term>
|
||
/// <term>
|
||
/// An optional pointer to an array of character strings. Each array element is a NULL-terminated character string which specifies
|
||
/// the full or partial path to a file in the Registry Policy File format. For more information on the Registry Policy File Format ,
|
||
/// see Registry Policy File Format The path could be a UNC path on a remote server.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>cMachinePolicyPaths</term>
|
||
/// <term>When aMachinePolicyPaths is not NULL, this member provides an explicit count of the number of items in the array.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="ppPackageBinData">
|
||
/// <para>
|
||
/// An optional pointer that will receive the package required by NetRequestOfflineDomainJoin function to complete an offline domain
|
||
/// join, if the NetProvisionComputerAccount function completes successfully. The data is returned as an opaque binary buffer which
|
||
/// may be passed to <c>NetRequestOfflineDomainJoin</c> function.
|
||
/// </para>
|
||
/// <para>
|
||
/// If this parameter is <c>NULL</c>, then pPackageTextData parameter must not be <c>NULL</c>. If this parameter is not <c>NULL</c>,
|
||
/// then the pPackageTextData parameter must be <c>NULL</c>.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pdwPackageBinDataSize">
|
||
/// <para>A pointer to a value that receives the size, in bytes, of the buffer returned in the pProvisionBinData parameter.</para>
|
||
/// <para>
|
||
/// This parameter must not be <c>NULL</c> if the pPackageBinData parameter is not <c>NULL</c>. This parameter must be <c>NULL</c>
|
||
/// when the pPackageBinData parameter is <c>NULL</c>.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="ppPackageTextData">
|
||
/// <para>
|
||
/// An optional pointer that will receive the package required by NetRequestOfflineDomainJoin function to complete an offline domain
|
||
/// join, if the NetProvisionComputerAccount function completes successfully. The data is returned in string form for embedding in an
|
||
/// unattended setup answer file.
|
||
/// </para>
|
||
/// <para>
|
||
/// If this parameter is <c>NULL</c>, then the pPackageBinData parameter must not be <c>NULL</c>. If this parameter is not
|
||
/// <c>NULL</c>, then the the pPackageBinData parameter must be <c>NULL</c>.
|
||
/// </para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is NERR_Success.</para>
|
||
/// <para>If the function fails, the return value can be one of the following error codes or one of the system error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_ACCESS_DENIED</term>
|
||
/// <term>Access is denied. This error is returned if the caller does not have sufficient privileges to complete the operation.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_DOMAIN_ROLE</term>
|
||
/// <term>
|
||
/// This operation is only allowed for the Primary Domain Controller of the domain. This error is returned if a domain controller
|
||
/// name was specified in the lpDcName of the NETSETUP_PROVISIONING_PARAMS struct pointed to by the pProvisioningParams parameter,
|
||
/// but the computer specified could not be validated as a domain controller for the target domain specified in the lpDomain of the NETSETUP_PROVISIONING_PARAMS.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_PARAMETER</term>
|
||
/// <term>
|
||
/// A parameter is incorrect. This error is also returned if both the pProvisioningParams parameter is NULL. This error is also
|
||
/// returned if the lpDomain or lpMachineName member of the NETSETUP_PROVISIONING_PARAMS struct pointed to by the pProvisioningParams
|
||
/// parameter is NULL.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NO_SUCH_DOMAIN</term>
|
||
/// <term>The specified domain did not exist.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NOT_SUPPORTED</term>
|
||
/// <term>
|
||
/// The request is not supported. This error is returned if the lpMachineAccountOU member was specified in the
|
||
/// NETSETUP_PROVISIONING_PARAMS struct pointed to by the pProvisioningParams parameter and the domain controller is running on an
|
||
/// earlier versions of Windows that does not support this parameter.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_DS8DCRequired</term>
|
||
/// <term>The specified domain controller does not meet the version requirement for this operation.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_LDAPCapableDCRequired</term>
|
||
/// <term>This operation requires a domain controller which supports LDAP.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_UserExists</term>
|
||
/// <term>
|
||
/// The account already exists in the domain and the NETSETUP_PROVISION_REUSE_ACCOUNT bit was not specified in the dwProvisionOptions
|
||
/// member of the NETSETUP_PROVISIONING_PARAMS struct pointed to by the pProvisioningParams parameter.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_WkstaNotStarted</term>
|
||
/// <term>The Workstation service has not been started.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_S_CALL_IN_PROGRESS</term>
|
||
/// <term>A remote procedure call is already in progress for this thread.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_S_PROTSEQ_NOT_SUPPORTED</term>
|
||
/// <term>The remote procedure call protocol sequence is not supported.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// The <c>NetCreateProvisioningPackage</c> function is supported on Windows 8 and Windows Server 2012 for offline join operations.
|
||
/// For Windows 7, use the NetProvisionComputerAccount function.
|
||
/// </para>
|
||
/// <para>
|
||
/// The <c>NetCreateProvisioningPackage</c> function is used to provision a computer account for later use in an offline domain join
|
||
/// operation using the NetRequestProvisioningPackageInstall function.
|
||
/// </para>
|
||
/// <para>The offline domain join scenario uses two functions:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>
|
||
/// <c>NetCreateProvisioningPackage</c> is a provisioning function that is first called to perform the network operations necessary
|
||
/// to create and configure the computer object in Active Directory. The output from the <c>NetCreateProvisioningPackage</c> is a
|
||
/// package used for the next step.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>
|
||
/// NetRequestProvisioningPackageInstall, an image initialization function, is called to inject the output from the
|
||
/// <c>NetCreateProvisioningPackage</c> provisioning function into a Windows operating system image for use during pre-installation
|
||
/// and post-installation.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>Changes to Windows initialization code will detect this saved state and affect the local-only portion of domain join.</para>
|
||
/// <para>
|
||
/// When the pPackageBinData and pdwPackageBinDataSize out pointers are used, set the pPackageTextData out pointer to NULL. When
|
||
/// pPackageTextData is used, set the pPackageBinData and pdwPackageBinDataSize out pointers to NULL.
|
||
/// </para>
|
||
/// <para>
|
||
/// The pProvisioningParams parameter specifies data to include in the provisioning package. The package includes information
|
||
/// relevant to the domain join, and it can also include information about policies and certificates to install on the machine. The
|
||
/// provisioning package can be used in four ways:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>Domain join</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Domain join and installation of certificates</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Domain join and installation of policies</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Domain join and installation of certificates and policies</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// The <c>NetCreateProvisioningPackage</c> function creates or reuses the machine account in the domain, collects all necessary
|
||
/// metadata and returns it in a package. The package can be consumed by the offline domain join request operation supplying all the
|
||
/// necessary input to complete the domain join during first boot without any network operations (local state updates only).
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Security Note:</c> The package returned by the <c>NetCreateProvisioningPackage</c> function contains very sensitive data. It
|
||
/// should be treated just as securely as a plaintext password. The package contains the machine account password and other
|
||
/// information about the domain, including the domain name, the name of a domain controller, and the security ID (SID) of the
|
||
/// domain. If the package is being transported physically or over the network, care must be taken to transport it securely. The
|
||
/// design makes no provisions for securing this data. This problem exists today with unattended setup answer files which can carry a
|
||
/// number of secrets including domain user passwords. The caller must secure the package. Solutions to this problem are varied. As
|
||
/// an example, a pre-exchanged key could be used to encrypt a session between the consumer and provisioning entity enabling a secure
|
||
/// transfer of the package.
|
||
/// </para>
|
||
/// <para>
|
||
/// The package returned in the pPackageBinData parameter by the <c>NetCreateProvisioningPackage</c> function is versioned to allow
|
||
/// interoperability and serviceability scenarios between different versions of Windows (such as joining a client, provisioning a
|
||
/// machine, and using a domain controller). A package created on Windows 8 or Windows Server 2012 can be used Windows 7 or Windows
|
||
/// Server 2008 R2, however only domain join information will take effect (certificates and policies are not supported). The offline
|
||
/// join scenario currently does not limit the lifetime of the package returned by the <c>NetCreateProvisioningPackage</c> function.
|
||
/// </para>
|
||
/// <para>
|
||
/// For offline domain joins, the access check performed depends on the configuration of the domain. Computer account creation is
|
||
/// enabled using three methods:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>Domain administrators have rights to create computer accounts.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>The SD on a container can delegate the rights to create computer accounts.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>
|
||
/// By default, authenticated users may create computer accounts by privilege. Authenticated users are limited to creating a limited
|
||
/// number of accounts that is specified as a quota on the domain (the default value is 10). For more information, see the
|
||
/// ms-DS-MachineAccountQuota attribute in the Active Directory schema.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// The <c>NetCreateProvisioningPackage</c> function works only with a writable domain controller and does not function against a
|
||
/// read-only domain controller. Once provisioning is done against a writable domain controller and the account is replicated to a
|
||
/// read-only domain controller, the other portions of the offline domain join operation do not require access to a domain controller.
|
||
/// </para>
|
||
/// <para>
|
||
/// If the <c>NetCreateProvisioningPackage</c> function is successful, the pointer in the pPackageBinData or pPackageTextData
|
||
/// parameter (depending on which parameter was not <c>NULL</c>) is returned with the serialized data for use in an offline join
|
||
/// operation or as text in an unattended setup file.
|
||
/// </para>
|
||
/// <para>
|
||
/// All phases of the provisioning process append to a NetSetup.log file on the local computer. The provisoning process can include
|
||
/// up to three different computers: the computer where the provisioning package is created, the computer that requests the
|
||
/// installation of the package, and the computer where the package is installed. There will be NetSetup.log file information stored
|
||
/// on all three computers according to the operation performed. Reviewing the contents of these files is the most common means of
|
||
/// troubleshooting online and offline provisioning errors. Provisioning operations undertaken by admins are logged to the
|
||
/// NetSetup.log file in the %WINDIR%\Debug. Provisioning operations performed by non-admins are logged to the NetSetup.log file in
|
||
/// the %USERPROFILE%\Debug folder.
|
||
/// </para>
|
||
/// <para>For more information on offline domain join operations, see the Offline Domain Join Step-by-Step Guide.</para>
|
||
/// <para>
|
||
/// Joining (and unjoining) a computer to a domain using NetJoinDomain and NetUnjoinDomain is performed only by a member of the
|
||
/// Administrators local group on the target computer. Note that the domain administrator can set additional requirements for joining
|
||
/// the domain using delegation and assignment of privileges.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netcreateprovisioningpackage NET_API_STATUS NET_API_FUNCTION
|
||
// NetCreateProvisioningPackage( PNETSETUP_PROVISIONING_PARAMS pProvisioningParams, PBYTE *ppPackageBinData, DWORD
|
||
// *pdwPackageBinDataSize, LPWSTR *ppPackageTextData );
|
||
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "6E2A5578-8308-41E2-B5E9-5E34E9E76C0B")]
|
||
public static extern Win32Error NetCreateProvisioningPackage(ref NETSETUP_PROVISIONING_PARAMS pProvisioningParams, [Optional] IntPtr ppPackageBinData,
|
||
[Optional] IntPtr pdwPackageBinDataSize, ref StringBuilder ppPackageTextData);
|
||
|
||
/// <summary>The <c>NetEnumerateComputerNames</c> function enumerates names for the specified computer.</summary>
|
||
/// <param name="Server">
|
||
/// A pointer to a constant string that specifies the name of the computer on which to execute this function. If this parameter is
|
||
/// <c>NULL</c>, the local computer is used.
|
||
/// </param>
|
||
/// <param name="NameType">
|
||
/// <para>
|
||
/// The type of the name queried. This member can be one of the following values defined in the <c>NET_COMPUTER_NAME_TYPE</c>
|
||
/// enumeration defined in the Lmjoin.h header file.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>NetPrimaryComputerName</term>
|
||
/// <term>The primary computer name.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NetAlternateComputerNames</term>
|
||
/// <term>Alternate computer names.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NetAllComputerNames</term>
|
||
/// <term>All computer names.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NetComputerNameTypeMax</term>
|
||
/// <term>Indicates the end of the range that specifies the possible values for the type of name to be queried.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="Reserved">Reserved for future use. This parameter should be <c>NULL</c>.</param>
|
||
/// <param name="EntryCount">
|
||
/// A pointer to a DWORD value that returns the number of names returned in the buffer pointed to by the ComputerNames parameter if
|
||
/// the function succeeds.
|
||
/// </param>
|
||
/// <param name="ComputerNames">
|
||
/// <para>
|
||
/// A pointer to an array of pointers to names. If the function call is successful, this parameter will return the computer names
|
||
/// that match the computer type name specified in the NameType parameter.
|
||
/// </para>
|
||
/// <para>When the application no longer needs this array, this buffer should be freed by calling NetApiBufferFree function.</para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is NERR_Success.</para>
|
||
/// <para>If the function fails, the return value can be one of the following error codes or one of the system error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_ACCESS_DENIED</term>
|
||
/// <term>
|
||
/// Access is denied. This error is returned if the caller was not a member of the Administrators local group on the target computer.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_PARAMETER</term>
|
||
/// <term>A parameter is incorrect.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NOT_ENOUGH_MEMORY</term>
|
||
/// <term>Not enough memory is available to process this command.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NOT_SUPPORTED</term>
|
||
/// <term>
|
||
/// The request is not supported. This error is returned if the target computer specified in the Server parameter on which this
|
||
/// function executes is running on Windows 2000 and earlier.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_WkstaNotStarted</term>
|
||
/// <term>The Workstation service has not been started.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_S_CALL_IN_PROGRESS</term>
|
||
/// <term>A remote procedure call is already in progress for this thread.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_S_PROTSEQ_NOT_SUPPORTED</term>
|
||
/// <term>The remote procedure call protocol sequence is not supported.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// <para>The <c>NetEnumerateComputerNames</c> function is supported on Windows Vista and later.</para>
|
||
/// <para>The <c>NetEnumerateComputerNames</c> function is used to request the names a computer currently has configured.</para>
|
||
/// <para>
|
||
/// The <c>NetEnumerateComputerNames</c> function requires that the caller is a member of the Administrators local group on the
|
||
/// target computer.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netenumeratecomputernames NET_API_STATUS NET_API_FUNCTION
|
||
// NetEnumerateComputerNames( LPCWSTR Server, NET_COMPUTER_NAME_TYPE NameType, ULONG Reserved, PDWORD EntryCount, LPWSTR
|
||
// **ComputerNames );
|
||
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "c657ae33-404e-4c36-a956-5fbcfa540be7")]
|
||
public static extern Win32Error NetEnumerateComputerNames(string Server, NET_COMPUTER_NAME_TYPE NameType, [Optional] uint Reserved,
|
||
out uint EntryCount, out SafeNetApiBuffer ComputerNames);
|
||
|
||
/// <summary>
|
||
/// Frees the memory allocated for the specified DSREG_JOIN_INFO structure, which contains join information for a tenant and which
|
||
/// you retrieved by calling the NetGetAadJoinInformation function.
|
||
/// </summary>
|
||
/// <param name="pJoinInfo">Pointer to the DSREG_JOIN_INFO structure for which you want to free the memory.</param>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netfreeaadjoininformation VOID NET_API_FUNCTION
|
||
// NetFreeAadJoinInformation( PDSREG_JOIN_INFO pJoinInfo );
|
||
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true)]
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "BDFB6179-4B8C-43E3-8D34-A2B470EA0D0B")]
|
||
public static extern void NetFreeAadJoinInformation(HANDLE pJoinInfo);
|
||
|
||
/// <summary>
|
||
/// Retrieves the join information for the specified tenant. This function examines the join information for Microsoft Azure Active
|
||
/// Directory and the work account that the current user added.
|
||
/// </summary>
|
||
/// <param name="pcszTenantId">
|
||
/// <para>
|
||
/// The tenant identifier for the joined account. If the device is not joined to Azure Active Directory (Azure AD), and the user
|
||
/// currently logged into Windows added no Azure AD work accounts for the specified tenant, the buffer that the ppJoinInfo parameter
|
||
/// points to is set to NULL.
|
||
/// </para>
|
||
/// <para>
|
||
/// If the specified tenant ID is NULL or empty, ppJoinInfo is set to the default join account information, or NULL if the device is
|
||
/// not joined to Azure AD and the current user added no Azure AD work accounts.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="ppJoinInfo">
|
||
/// The join information for the tenant that the pcszTenantId parameter specifies. If this parameter is NULL, the device is not
|
||
/// joined to Azure AD and the current user added no Azure AD work accounts. You must call the NetFreeAadJoinInformation function to
|
||
/// free the memory allocated for this structure.
|
||
/// </param>
|
||
/// <returns>If this function succeeds, it returns <c>S_OK</c>. Otherwise, it returns an <c>HRESULT</c> error code.</returns>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netgetaadjoininformation HRESULT NET_API_FUNCTION
|
||
// NetGetAadJoinInformation( LPCWSTR pcszTenantId, PDSREG_JOIN_INFO *ppJoinInfo );
|
||
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true)]
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "C63B3AA7-FC7E-4CB9-9318-BD25560591AB")]
|
||
public static extern HRESULT NetGetAadJoinInformation([MarshalAs(UnmanagedType.LPWStr), Optional] string pcszTenantId, out DSREG_JOIN_INFO ppJoinInfo);
|
||
|
||
/// <summary>
|
||
/// The <c>NetGetJoinableOUs</c> function retrieves a list of organizational units (OUs) in which a computer account can be created.
|
||
/// </summary>
|
||
/// <param name="lpServer">Pointer to a constant string that specifies the DNS or NetBIOS name of the computer on which to call the function. If this
|
||
/// parameter is <c>NULL</c>, the local computer is used.</param>
|
||
/// <param name="lpDomain">Pointer to a constant string that specifies the name of the domain for which to retrieve the list of OUs that can be joined.</param>
|
||
/// <param name="lpAccount">Pointer to a constant string that specifies the account name to use when connecting to the domain controller. The string must
|
||
/// specify either a domain NetBIOS name and user account (for example, "REDMOND\user") or the user principal name (UPN) of the user
|
||
/// in the form of an Internet-style login name (for example, "someone@example.com"). If this parameter is <c>NULL</c>, the caller's
|
||
/// context is used.</param>
|
||
/// <param name="lpPassword">If the lpAccount parameter specifies an account name, this parameter must point to the password to use when connecting to the
|
||
/// domain controller. Otherwise, this parameter must be <c>NULL</c>.</param>
|
||
/// <param name="OUCount">Receives the count of OUs returned in the list of joinable OUs.</param>
|
||
/// <param name="OUs">Pointer to an array that receives the list of joinable OUs. This array is allocated by the system and must be freed using a
|
||
/// single call to the NetApiBufferFree function. For more information, see Network Management Function Buffers and Network
|
||
/// Management Function Buffer Lengths.</param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is NERR_Success.</para>
|
||
/// <para>If the function fails, the return value can be one of the following error codes or one of the system error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_NOT_ENOUGH_MEMORY</term>
|
||
/// <term>Not enough storage is available to process this command.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_DefaultJoinRequired</term>
|
||
/// <term>The destination domain controller does not support creating computer accounts in OUs.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// <para>No special group membership is required to successfully execute the <c>NetGetJoinableOUs</c> function.</para>
|
||
/// <para>For more information about organizational units, see Managing Users in the Active Directory documentation.</para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netgetjoinableous NET_API_STATUS NET_API_FUNCTION
|
||
// NetGetJoinableOUs( LPCWSTR lpServer, LPCWSTR lpDomain, LPCWSTR lpAccount, LPCWSTR lpPassword, DWORD *OUCount, LPWSTR **OUs );
|
||
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "1faa912b-c56d-431c-95d5-d36790b0d467")]
|
||
public static extern Win32Error NetGetJoinableOUs([Optional] string lpServer, string lpDomain, [Optional] string lpAccount, [Optional] string lpPassword, out uint OUCount,
|
||
out SafeNetApiBuffer OUs);
|
||
|
||
/// <summary>The <c>NetGetJoinInformation</c> function retrieves join status information for the specified computer.</summary>
|
||
/// <param name="lpServer">
|
||
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the computer on which to call the function. If this
|
||
/// parameter is <c>NULL</c>, the local computer is used.
|
||
/// </param>
|
||
/// <param name="lpNameBuffer">
|
||
/// Pointer to the buffer that receives the NetBIOS name of the domain or workgroup to which the computer is joined. This buffer is
|
||
/// allocated by the system and must be freed using the NetApiBufferFree function. For more information, see Network Management
|
||
/// Function Buffers and Network Management Function Buffer Lengths.
|
||
/// </param>
|
||
/// <param name="BufferType">Receives the join status of the specified computer. This parameter can have one of the following values.</param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is NERR_Success.</para>
|
||
/// <para>If the function fails, the return value can be the following error code or one of the system error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_NOT_ENOUGH_MEMORY</term>
|
||
/// <term>Not enough storage is available to process this command.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
/// <remarks>No special group membership is required to successfully execute the <c>NetGetJoinInformation</c> function.</remarks>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netgetjoininformation NET_API_STATUS NET_API_FUNCTION
|
||
// NetGetJoinInformation( LPCWSTR lpServer, LPWSTR *lpNameBuffer, PNETSETUP_JOIN_STATUS BufferType );
|
||
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "c7cc1cf2-4530-4039-806b-fbee572f564d")]
|
||
public static extern Win32Error NetGetJoinInformation([Optional] string lpServer,
|
||
[MarshalAs(UnmanagedType.CustomMarshaler, MarshalTypeRef = typeof(NetApiBufferUnicodeStringMarshaler))] out string lpNameBuffer, out NETSETUP_JOIN_STATUS BufferType);
|
||
|
||
/// <summary>The <c>NetJoinDomain</c> function joins a computer to a workgroup or domain.</summary>
|
||
/// <param name="lpServer">
|
||
/// A pointer to a constant string that specifies the DNS or NetBIOS name of the computer on which to execute the domain join
|
||
/// operation. If this parameter is <c>NULL</c>, the local computer is used.
|
||
/// </param>
|
||
/// <param name="lpDomain">
|
||
/// <para>A pointer to a constant null-terminated character string that specifies the name of the domain or workgroup to join.</para>
|
||
/// <para>
|
||
/// Optionally, you can specify the preferred domain controller to perform the join operation. In this instance, the string must be
|
||
/// of the form DomainName\MachineName, where DomainName is the name of the domain to join, and MachineName is the name of the domain
|
||
/// controller to perform the join.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="lpMachineAccountOU">
|
||
/// Optionally specifies the pointer to a constant null-terminated character string that contains the RFC 1779 format name of the
|
||
/// organizational unit (OU) for the computer account. If you specify this parameter, the string must contain a full path, for
|
||
/// example, OU=testOU,DC=domain,DC=Domain,DC=com. Otherwise, this parameter must be <c>NULL</c>.
|
||
/// </param>
|
||
/// <param name="lpAccount">
|
||
/// A pointer to a constant null-terminated character string that specifies the account name to use when connecting to the domain
|
||
/// controller. The string must specify either a domain NetBIOS name and user account (for example, REDMOND\user) or the user
|
||
/// principal name (UPN) of the user in the form of an Internet-style login name (for example, "someone@example.com"). If this
|
||
/// parameter is <c>NULL</c>, the caller's context is used.
|
||
/// </param>
|
||
/// <param name="lpPassword">
|
||
/// <para>
|
||
/// If the lpAccount parameter specifies an account name, this parameter must point to the password to use when connecting to the
|
||
/// domain controller. Otherwise, this parameter must be <c>NULL</c>.
|
||
/// </para>
|
||
/// <para>
|
||
/// You can specify a local machine account password rather than a user password for unsecured joins. For more information, see the
|
||
/// description of the NETSETUP_MACHINE_PWD_PASSED flag described in the fJoinOptions parameter.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="fJoinOptions">
|
||
/// <para>
|
||
/// A set of bit flags defining the join options. This parameter can be one or more of the following values defined in the Lmjoin.h
|
||
/// header file.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>NETSETUP_JOIN_DOMAIN 0x00000001</term>
|
||
/// <term>Joins the computer to a domain. If this value is not specified, joins the computer to a workgroup.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_ACCT_CREATE 0x00000002</term>
|
||
/// <term>Creates the account on the domain.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_WIN9X_UPGRADE 0x00000010</term>
|
||
/// <term>The join operation is occurring as part of an upgrade.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_DOMAIN_JOIN_IF_JOINED 0x00000020</term>
|
||
/// <term>Allows a join to a new domain even if the computer is already joined to a domain.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_JOIN_UNSECURE 0x00000040</term>
|
||
/// <term>
|
||
/// Performs an unsecured join. This option requests a domain join to a pre-created account without authenticating with domain user
|
||
/// credentials. This option can be used in conjunction with NETSETUP_MACHINE_PWD_PASSED option. In this case, lpPassword is the
|
||
/// password of the pre-created machine account. Prior to Windows Vista with SP1 and Windows Server 2008, an unsecure join did not
|
||
/// authenticate to the domain controller. All communication was performed using a null (unauthenticated) session. Starting with
|
||
/// Windows Vista with SP1 and Windows Server 2008, the machine account name and password are used to authenticate to the domain controller.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_MACHINE_PWD_PASSED 0x00000080</term>
|
||
/// <term>
|
||
/// Indicates that the lpPassword parameter specifies a local machine account password rather than a user password. This flag is
|
||
/// valid only for unsecured joins, which you must indicate by also setting the NETSETUP_JOIN_UNSECURE flag. If you set this flag,
|
||
/// then after the join operation succeeds, the machine password will be set to the value of lpPassword, if that value is a valid
|
||
/// machine password.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_DEFER_SPN_SET 0x00000100</term>
|
||
/// <term>
|
||
/// Indicates that the service principal name (SPN) and the DnsHostName properties on the computer object should not be updated at
|
||
/// this time. Typically, these properties are updated during the join operation. Instead, these properties should be updated during
|
||
/// a subsequent call to the NetRenameMachineInDomain function. These properties are always updated during the rename operation. For
|
||
/// more information, see the following Remarks section.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_JOIN_DC_ACCOUNT 0x00000200</term>
|
||
/// <term>Allow the domain join if existing account is a domain controller.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_JOIN_WITH_NEW_NAME 0x00000400</term>
|
||
/// <term>
|
||
/// Join the target machine specified in lpServer parameter with a new name queried from the registry on the machine specified in the
|
||
/// lpServer parameter. This option is used if SetComputerNameEx has been called prior to rebooting the machine. The new computer
|
||
/// name will not take effect until a reboot. With this option, the caller instructs the NetJoinDomain function to use the new name
|
||
/// during the domain join operation. A reboot is required after calling NetJoinDomain successfully at which time both the computer
|
||
/// name change and domain membership change will have taken affect.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_JOIN_READONLY 0x00000800</term>
|
||
/// <term>
|
||
/// Join the target machine specified in lpServer parameter using a pre-created account without requiring a writable domain
|
||
/// controller. This option provides the ability to join a machine to domain if an account has already been provisioned and
|
||
/// replicated to a read-only domain controller. The target read-only domain controller is specified as part of the lpDomain
|
||
/// parameter, after the domain name delimited by a <20>\<5C> character. This provisioning must include the machine secret. The machine
|
||
/// account must be added via group membership into the allowed list for password replication policy, and the account password must
|
||
/// be replicated to the read-only domain controller prior to the join operation. For more information, see the information on
|
||
/// Password Replication Policy Administration. Starting with Windows 7, an alternate mechanism is to use the offline domain join
|
||
/// mechanism. For more information, see the NetProvisionComputerAccount and NetRequestOfflineDomainJoin functions.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_AMBIGUOUS_DC 0x00001000</term>
|
||
/// <term>When joining the domain don't try to set the preferred domain controller in the registry.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_NO_NETLOGON_CACHE 0x00002000</term>
|
||
/// <term>When joining the domain don't create the Netlogon cache.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_DONT_CONTROL_SERVICES 0x00004000</term>
|
||
/// <term>When joining the domain don't force Netlogon service to start.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_SET_MACHINE_NAME 0x00008000</term>
|
||
/// <term>When joining the domain for offline join only, set target machine hostname and NetBIOS name.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_FORCE_SPN_SET 0x00010000</term>
|
||
/// <term>When joining the domain, override other settings during domain join and set the service principal name (SPN).</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_NO_ACCT_REUSE 0x00020000</term>
|
||
/// <term>When joining the domain, do not reuse an existing account.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_IGNORE_UNSUPPORTED_FLAGS 0x10000000</term>
|
||
/// <term>
|
||
/// If this bit is set, unrecognized flags will be ignored by the NetJoinDomain function and NetJoinDomain will behave as if the
|
||
/// flags were not set.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is NERR_Success.</para>
|
||
/// <para>If the function fails, the return value can be one of the following error codes or one of the system error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_ACCESS_DENIED</term>
|
||
/// <term>
|
||
/// Access is denied. This error is returned if the caller was not a member of the Administrators local group on the target computer.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_PARAMETER</term>
|
||
/// <term>A parameter is incorrect. This error is returned if the lpDomain parameter is NULL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NO_SUCH_DOMAIN</term>
|
||
/// <term>The specified domain did not exist.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NOT_SUPPORTED</term>
|
||
/// <term>
|
||
/// The request is not supported. This error is returned if the computer specified in the lpServer parameter does not support some of
|
||
/// the options passed in the fJoinOptions parameter.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_InvalidWorkgroupName</term>
|
||
/// <term>The specified workgroup name is not valid.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_SetupAlreadyJoined</term>
|
||
/// <term>The computer is already joined to a domain.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_WkstaNotStarted</term>
|
||
/// <term>The Workstation service has not been started.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_S_CALL_IN_PROGRESS</term>
|
||
/// <term>A remote procedure call is already in progress for this thread.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_S_PROTSEQ_NOT_SUPPORTED</term>
|
||
/// <term>The remote procedure call protocol sequence is not supported.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// Joining (and unjoining) a computer to a domain or workgroup can be performed only by a member of the Administrators local group
|
||
/// on the target computer. Note that the domain administrator can set additional requirements for joining the domain using
|
||
/// delegation and assignment of privileges.
|
||
/// </para>
|
||
/// <para>
|
||
/// If you call the <c>NetJoinDomain</c> function remotely, you must supply credentials because you cannot delegate credentials under
|
||
/// these circumstances.
|
||
/// </para>
|
||
/// <para>
|
||
/// Different processes, or different threads of the same process, should not call the <c>NetJoinDomain</c> function at the same
|
||
/// time. This situation can leave the computer in an inconsistent state.
|
||
/// </para>
|
||
/// <para>
|
||
/// If you encounter a problem during a join operation, you should not delete a computer account and immediately follow the deletion
|
||
/// with another join attempt. This can lead to replication-related problems that are difficult to investigate. When you delete a
|
||
/// computer account, wait until the change has replicated to all domain controllers before attempting another join operation.
|
||
/// </para>
|
||
/// <para>A system reboot is required after calling the <c>NetJoinDomain</c> function for the operation to complete.</para>
|
||
/// <para>
|
||
/// <c>Windows Server 2003 and Windows XP:</c> When a call to the <c>NetJoinDomain</c> function precedes a call to the
|
||
/// NetRenameMachineInDomain function, you should defer the update of the SPN and DnsHostName properties on the computer object until
|
||
/// the rename operation. This is because the join operation can fail in certain situations. An example of such a situation is when
|
||
/// the SPN that is derived from the current computer name is not valid in the new domain that the computer is joining, but the SPN
|
||
/// derived from the new name that the computer will have after the rename operation is valid in the new domain. In this situation,
|
||
/// the call to <c>NetJoinDomain</c> fails unless you defer the update of the two properties until the rename operation by specifying
|
||
/// the NETSETUP_DEFER_SPN_SET flag in the fJoinOptions parameter when you call <c>NetJoinDomain</c>.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netjoindomain NET_API_STATUS NET_API_FUNCTION NetJoinDomain(
|
||
// LPCWSTR lpServer, LPCWSTR lpDomain, LPCWSTR lpMachineAccountOU, LPCWSTR lpAccount, LPCWSTR lpPassword, DWORD fJoinOptions );
|
||
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "4efcb399-03af-4312-9f1d-6bc38f356cac")]
|
||
public static extern Win32Error NetJoinDomain([Optional] string lpServer, string lpDomain, [Optional] string lpMachineAccountOU, [Optional] string lpAccount, [Optional] string lpPassword, NETSETUP fJoinOptions);
|
||
|
||
/// <summary>
|
||
/// The <c>NetProvisionComputerAccount</c> function provisions a computer account for later use in an offline domain join operation.
|
||
/// </summary>
|
||
/// <param name="lpDomain">
|
||
/// A pointer to a <c>NULL</c>-terminated character string that specifies the name of the domain where the computer account is created.
|
||
/// </param>
|
||
/// <param name="lpMachineName">
|
||
/// A pointer to a <c>NULL</c>-terminated character string that specifies the short name of the machine from which the computer
|
||
/// account attribute sAMAccountName is derived by appending a '$'. This parameter must contain a valid DNS or NetBIOS machine name.
|
||
/// </param>
|
||
/// <param name="lpMachineAccountOU">
|
||
/// <para>
|
||
/// An optional pointer to a <c>NULL</c>-terminated character string that contains the RFC 1779 format name of the organizational
|
||
/// unit (OU) where the computer account will be created. If you specify this parameter, the string must contain a full path, for
|
||
/// example, OU=testOU,DC=domain,DC=Domain,DC=com. Otherwise, this parameter must be <c>NULL</c>.
|
||
/// </para>
|
||
/// <para>If this parameter is <c>NULL</c>, the well known computer object container will be used as published in the domain.</para>
|
||
/// </param>
|
||
/// <param name="lpDcName">
|
||
/// An optional pointer to a <c>NULL</c>-terminated character string that contains the name of the domain controller to target.
|
||
/// </param>
|
||
/// <param name="dwOptions">
|
||
/// <para>
|
||
/// A set of bit flags that define provisioning options. This parameter can be one or more of the following values defined in the
|
||
/// Lmjoin.h header file.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>NETSETUP_PROVISION_DOWNLEVEL_PRIV_SUPPORT 0x00000001</term>
|
||
/// <term>
|
||
/// If the caller requires account creation by privilege, this option will cause a retry on failure using account creation functions
|
||
/// enabling interoperability with domain controllers running on earlier versions of Windows. The lpMachineAccountOU is not supported
|
||
/// when using downlevel privilege support.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_PROVISION_REUSE_ACCOUNT 0x00000002</term>
|
||
/// <term>
|
||
/// If the named account already exists, an attempt will be made to reuse the existing account. This option requires sufficient
|
||
/// credentials for this operation (Domain Administrator or the object owner).
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_PROVISION_USE_DEFAULT_PASSWORD 0x00000004</term>
|
||
/// <term>
|
||
/// Use the default machine account password which is the machine name in lowercase. This is largely to support the older unsecure
|
||
/// join model where the pre-created account typically used this default password.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_PROVISION_SKIP_ACCOUNT_SEARCH 0x00000008</term>
|
||
/// <term>
|
||
/// Do not try to find the account on any domain controller in the domain. This option makes the operation faster, but should only be
|
||
/// used when the caller is certain that an account by the same name hasn't recently been created. This option is only valid when the
|
||
/// lpDcName parameter is specified. When the prerequisites are met, this option allows for must faster provisioning useful for
|
||
/// scenarios such as batch processing.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_PROVISION_ROOT_CA_CERTS 0x00000010</term>
|
||
/// <term>
|
||
/// This option retrieves all of the root Certificate Authority certificates on the local machine and adds them to the provisioning
|
||
/// package when no certificate template names are provided as part of the provisioning package (the aCertTemplateNames member of the
|
||
/// NETSETUP_PROVISIONING_PARAMS struct passed in the pProvisioningParams parameter to the NetCreateProvisioningPackage function is NULL).
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pProvisionBinData">
|
||
/// <para>
|
||
/// An optional pointer that will receive the opaque binary blob of serialized metadata required by NetRequestOfflineDomainJoin
|
||
/// function to complete an offline domain join, if the <c>NetProvisionComputerAccount</c> function completes successfully. The data
|
||
/// is returned as an opaque binary buffer which may be passed to <c>NetRequestOfflineDomainJoin</c> function.
|
||
/// </para>
|
||
/// <para>
|
||
/// If this parameter is <c>NULL</c>, then pProvisionTextData parameter must not be <c>NULL</c>. If this parameter is not
|
||
/// <c>NULL</c>, then the pProvisionTextData parameter must be <c>NULL</c>.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pdwProvisionBinDataSize">
|
||
/// <para>A pointer to a value that receives the size, in bytes, of the buffer returned in the pProvisionBinData parameter.</para>
|
||
/// <para>
|
||
/// This parameter must not be <c>NULL</c> if the pProvisionBinData parameter is not <c>NULL</c>. This parameter must be <c>NULL</c>
|
||
/// when the pProvisionBinData parameter is <c>NULL</c>.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pProvisionTextData">
|
||
/// <para>
|
||
/// An optional pointer that will receive the opaque binary blob of serialized metadata required by NetRequestOfflineDomainJoin
|
||
/// function to complete an offline domain join, if the <c>NetProvisionComputerAccount</c> function completes successfully. The data
|
||
/// is returned in string form for embedding in an unattended setup answer file.
|
||
/// </para>
|
||
/// <para>
|
||
/// If this parameter is <c>NULL</c>, then the pProvisionBinData parameter must not be <c>NULL</c>. If this parameter is not
|
||
/// <c>NULL</c>, then the the pProvisionBinData parameter must be <c>NULL</c>.
|
||
/// </para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is NERR_Success.</para>
|
||
/// <para>If the function fails, the return value can be one of the following error codes or one of the system error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_ACCESS_DENIED</term>
|
||
/// <term>Access is denied. This error is returned if the caller does not have sufficient privileges to complete the operation.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_DOMAIN_ROLE</term>
|
||
/// <term>
|
||
/// This operation is only allowed for the Primary Domain Controller of the domain. This error is returned if a domain controller
|
||
/// name was specified in the lpDcName parameter, but the computer specified could not be validated as a domain controller for the
|
||
/// target domain specified in the lpDomain parameter.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_PARAMETER</term>
|
||
/// <term>
|
||
/// A parameter is incorrect. This error is returned if the lpDomain or lpMachineName parameter is NULL. This error is also returned
|
||
/// if both the pProvisionBinData and pProvisionTextData parameters are NULL.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NO_SUCH_DOMAIN</term>
|
||
/// <term>The specified domain did not exist.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NOT_SUPPORTED</term>
|
||
/// <term>
|
||
/// The request is not supported. This error is returned if the lpMachineAccountOU parameter was specified and the domain controller
|
||
/// is running on an earlier versions of Windows that does not support this parameter.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_DS8DCRequired</term>
|
||
/// <term>The specified domain controller does not meet the version requirement for this operation.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_LDAPCapableDCRequired</term>
|
||
/// <term>This operation requires a domain controller which supports LDAP.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_UserExists</term>
|
||
/// <term>
|
||
/// The account already exists in the domain and the NETSETUP_PROVISION_REUSE_ACCOUNT bit was not specified in the dwOptions parameter.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_WkstaNotStarted</term>
|
||
/// <term>The Workstation service has not been started.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_S_CALL_IN_PROGRESS</term>
|
||
/// <term>A remote procedure call is already in progress for this thread.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_S_PROTSEQ_NOT_SUPPORTED</term>
|
||
/// <term>The remote procedure call protocol sequence is not supported.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// The <c>NetProvisionComputerAccount</c> function is supported on Windows 7 and Windows Server 2008 R2 for offline join operations.
|
||
/// On Windows 8 or Windows Server 2008 R2, it is recommended that the NetCreateProvisioningPackage function be used instead of the
|
||
/// <c>NetProvisionComputerAccount</c> function.
|
||
/// </para>
|
||
/// <para>
|
||
/// The <c>NetProvisionComputerAccount</c> function is used to provision a computer account for later use in an offline domain join
|
||
/// operation using the NetRequestOfflineDomainJoin function. The offline domain join scenario uses these functions as follows:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>
|
||
/// <c>NetProvisionComputerAccount</c> is a provisioning function that is first called to perform the network operations necessary to
|
||
/// create and configure the computer object in Active Directory. The output from the <c>NetProvisionComputerAccount</c> is an opaque
|
||
/// binary blob of serialized metadata used for the next step.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>
|
||
/// NetRequestOfflineDomainJoin, an image initialization function, is then called to inject the output from the
|
||
/// <c>NetProvisionComputerAccount</c> provisioning function into a Windows operating system image to be used during installation.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>Changes to Windows initialization code will detect this saved state and affect the local only portion of domain join.</para>
|
||
/// <para>
|
||
/// The <c>NetProvisionComputerAccount</c> function will create or reuse the machine account in the domain, collect all necessary
|
||
/// metadata and return it in an opaque versioned binary blob or as text for embedding in an unattended setup answer file. The opaque
|
||
/// binary blob can be consumed by the offline domain join request operation supplying all the necessary input to complete the domain
|
||
/// join during first boot without any network operations (local state updates only).
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Security Note:</c> The blob returned by the <c>NetProvisionComputerAccount</c> function contains very sensitive data. It
|
||
/// should be treated just as securely as a plaintext password. The blob contains the machine account password and other information
|
||
/// about the domain, including the domain name, the name of a domain controller, and the security ID (SID) of the domain. If the
|
||
/// blob is being transported physically or over the network, care must be taken to transport it securely. The design makes no
|
||
/// provisions for securing this data. This problem exists today with unattended setup answer files which can carry a number of
|
||
/// secrets including domain user passwords. The caller must secure the blob and the unattended setup files. Solutions to this
|
||
/// problem are varied. As an example, a pre-exchanged key could be used to encrypt a session between the consumer and provisioning
|
||
/// entity enabling a secure transfer of the opaque blob.
|
||
/// </para>
|
||
/// <para>
|
||
/// The opaque blob returned in the pProvisionBinData parameter by the <c>NetProvisionComputerAccount</c> function is versioned to
|
||
/// allow interoperability and serviceability scenarios between different versions of Windows (joining client, provisioning machine,
|
||
/// and domain controller). The offline join scenario currently does not limit the lifetime of the blob returned by the
|
||
/// <c>NetProvisionComputerAccount</c> function.
|
||
/// </para>
|
||
/// <para>
|
||
/// For offline domain joins, the access check performed depends on the configuration of the domain. Computer account creation is
|
||
/// enabled using three methods:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>Domain administrators have rights to create computer accounts.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>The SD on a container can delegate the rights to create computer accounts.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>
|
||
/// By default, authenticated users may create computer accounts by privilege. Authenticated users are limited to creating a limited
|
||
/// number of accounts that is specified as a quota on the domain (the default value is 10). For more information, see the
|
||
/// ms-DS-MachineAccountQuota attribute in the Active Directory schema.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// The <c>NetProvisionComputerAccount</c> function works only with a writable domain controller and does not function against a
|
||
/// read-only domain controller. Once provisioning is done against a writable domain controller and the account is replicated to a
|
||
/// read-only domain controller, then the other portions of offline domain join operation do not require access to a domain controller.
|
||
/// </para>
|
||
/// <para>
|
||
/// If the <c>NetProvisionComputerAccount</c> function is successful, the pointer in the pProvisionBinData or pProvisionTextData
|
||
/// parameter (depending on which was parameter was not <c>NULL</c>) is returned with the serialized data for use in an offline join
|
||
/// operation or as text in an unattended setup file.
|
||
/// </para>
|
||
/// <para>For more information on offline domain join operations, see the Offline Domain Join Step-by-Step Guide.</para>
|
||
/// <para>
|
||
/// Joining (and unjoining) a computer to a domain using NetJoinDomain and NetUnjoinDomain can be performed only by a member of the
|
||
/// Administrators local group on the target computer. Note that the domain administrator can set additional requirements for joining
|
||
/// the domain using delegation and assignment of privileges.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netprovisioncomputeraccount NET_API_STATUS NET_API_FUNCTION
|
||
// NetProvisionComputerAccount( LPCWSTR lpDomain, LPCWSTR lpMachineName, LPCWSTR lpMachineAccountOU, LPCWSTR lpDcName, DWORD
|
||
// dwOptions, PBYTE *pProvisionBinData, DWORD *pdwProvisionBinDataSize, LPWSTR *pProvisionTextData );
|
||
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "4c854258-b84d-4ef3-a6da-ce0a9540ffd5")]
|
||
public static extern Win32Error NetProvisionComputerAccount(string lpDomain, string lpMachineName, [Optional] string lpMachineAccountOU, string lpDcName, NETSETUP_PROVISION dwOptions,
|
||
out IntPtr pProvisionBinData, out uint pdwProvisionBinDataSize, [Optional] IntPtr pProvisionTextData);
|
||
|
||
/// <summary>
|
||
/// The <c>NetProvisionComputerAccount</c> function provisions a computer account for later use in an offline domain join operation.
|
||
/// </summary>
|
||
/// <param name="lpDomain">
|
||
/// A pointer to a <c>NULL</c>-terminated character string that specifies the name of the domain where the computer account is created.
|
||
/// </param>
|
||
/// <param name="lpMachineName">
|
||
/// A pointer to a <c>NULL</c>-terminated character string that specifies the short name of the machine from which the computer
|
||
/// account attribute sAMAccountName is derived by appending a '$'. This parameter must contain a valid DNS or NetBIOS machine name.
|
||
/// </param>
|
||
/// <param name="lpMachineAccountOU">
|
||
/// <para>
|
||
/// An optional pointer to a <c>NULL</c>-terminated character string that contains the RFC 1779 format name of the organizational
|
||
/// unit (OU) where the computer account will be created. If you specify this parameter, the string must contain a full path, for
|
||
/// example, OU=testOU,DC=domain,DC=Domain,DC=com. Otherwise, this parameter must be <c>NULL</c>.
|
||
/// </para>
|
||
/// <para>If this parameter is <c>NULL</c>, the well known computer object container will be used as published in the domain.</para>
|
||
/// </param>
|
||
/// <param name="lpDcName">
|
||
/// An optional pointer to a <c>NULL</c>-terminated character string that contains the name of the domain controller to target.
|
||
/// </param>
|
||
/// <param name="dwOptions">
|
||
/// <para>
|
||
/// A set of bit flags that define provisioning options. This parameter can be one or more of the following values defined in the
|
||
/// Lmjoin.h header file.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>NETSETUP_PROVISION_DOWNLEVEL_PRIV_SUPPORT 0x00000001</term>
|
||
/// <term>
|
||
/// If the caller requires account creation by privilege, this option will cause a retry on failure using account creation functions
|
||
/// enabling interoperability with domain controllers running on earlier versions of Windows. The lpMachineAccountOU is not supported
|
||
/// when using downlevel privilege support.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_PROVISION_REUSE_ACCOUNT 0x00000002</term>
|
||
/// <term>
|
||
/// If the named account already exists, an attempt will be made to reuse the existing account. This option requires sufficient
|
||
/// credentials for this operation (Domain Administrator or the object owner).
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_PROVISION_USE_DEFAULT_PASSWORD 0x00000004</term>
|
||
/// <term>
|
||
/// Use the default machine account password which is the machine name in lowercase. This is largely to support the older unsecure
|
||
/// join model where the pre-created account typically used this default password.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_PROVISION_SKIP_ACCOUNT_SEARCH 0x00000008</term>
|
||
/// <term>
|
||
/// Do not try to find the account on any domain controller in the domain. This option makes the operation faster, but should only be
|
||
/// used when the caller is certain that an account by the same name hasn't recently been created. This option is only valid when the
|
||
/// lpDcName parameter is specified. When the prerequisites are met, this option allows for must faster provisioning useful for
|
||
/// scenarios such as batch processing.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_PROVISION_ROOT_CA_CERTS 0x00000010</term>
|
||
/// <term>
|
||
/// This option retrieves all of the root Certificate Authority certificates on the local machine and adds them to the provisioning
|
||
/// package when no certificate template names are provided as part of the provisioning package (the aCertTemplateNames member of the
|
||
/// NETSETUP_PROVISIONING_PARAMS struct passed in the pProvisioningParams parameter to the NetCreateProvisioningPackage function is NULL).
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pProvisionBinData">
|
||
/// <para>
|
||
/// An optional pointer that will receive the opaque binary blob of serialized metadata required by NetRequestOfflineDomainJoin
|
||
/// function to complete an offline domain join, if the <c>NetProvisionComputerAccount</c> function completes successfully. The data
|
||
/// is returned as an opaque binary buffer which may be passed to <c>NetRequestOfflineDomainJoin</c> function.
|
||
/// </para>
|
||
/// <para>
|
||
/// If this parameter is <c>NULL</c>, then pProvisionTextData parameter must not be <c>NULL</c>. If this parameter is not
|
||
/// <c>NULL</c>, then the pProvisionTextData parameter must be <c>NULL</c>.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pdwProvisionBinDataSize">
|
||
/// <para>A pointer to a value that receives the size, in bytes, of the buffer returned in the pProvisionBinData parameter.</para>
|
||
/// <para>
|
||
/// This parameter must not be <c>NULL</c> if the pProvisionBinData parameter is not <c>NULL</c>. This parameter must be <c>NULL</c>
|
||
/// when the pProvisionBinData parameter is <c>NULL</c>.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pProvisionTextData">
|
||
/// <para>
|
||
/// An optional pointer that will receive the opaque binary blob of serialized metadata required by NetRequestOfflineDomainJoin
|
||
/// function to complete an offline domain join, if the <c>NetProvisionComputerAccount</c> function completes successfully. The data
|
||
/// is returned in string form for embedding in an unattended setup answer file.
|
||
/// </para>
|
||
/// <para>
|
||
/// If this parameter is <c>NULL</c>, then the pProvisionBinData parameter must not be <c>NULL</c>. If this parameter is not
|
||
/// <c>NULL</c>, then the the pProvisionBinData parameter must be <c>NULL</c>.
|
||
/// </para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is NERR_Success.</para>
|
||
/// <para>If the function fails, the return value can be one of the following error codes or one of the system error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_ACCESS_DENIED</term>
|
||
/// <term>Access is denied. This error is returned if the caller does not have sufficient privileges to complete the operation.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_DOMAIN_ROLE</term>
|
||
/// <term>
|
||
/// This operation is only allowed for the Primary Domain Controller of the domain. This error is returned if a domain controller
|
||
/// name was specified in the lpDcName parameter, but the computer specified could not be validated as a domain controller for the
|
||
/// target domain specified in the lpDomain parameter.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_PARAMETER</term>
|
||
/// <term>
|
||
/// A parameter is incorrect. This error is returned if the lpDomain or lpMachineName parameter is NULL. This error is also returned
|
||
/// if both the pProvisionBinData and pProvisionTextData parameters are NULL.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NO_SUCH_DOMAIN</term>
|
||
/// <term>The specified domain did not exist.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NOT_SUPPORTED</term>
|
||
/// <term>
|
||
/// The request is not supported. This error is returned if the lpMachineAccountOU parameter was specified and the domain controller
|
||
/// is running on an earlier versions of Windows that does not support this parameter.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_DS8DCRequired</term>
|
||
/// <term>The specified domain controller does not meet the version requirement for this operation.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_LDAPCapableDCRequired</term>
|
||
/// <term>This operation requires a domain controller which supports LDAP.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_UserExists</term>
|
||
/// <term>
|
||
/// The account already exists in the domain and the NETSETUP_PROVISION_REUSE_ACCOUNT bit was not specified in the dwOptions parameter.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_WkstaNotStarted</term>
|
||
/// <term>The Workstation service has not been started.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_S_CALL_IN_PROGRESS</term>
|
||
/// <term>A remote procedure call is already in progress for this thread.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_S_PROTSEQ_NOT_SUPPORTED</term>
|
||
/// <term>The remote procedure call protocol sequence is not supported.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// The <c>NetProvisionComputerAccount</c> function is supported on Windows 7 and Windows Server 2008 R2 for offline join operations.
|
||
/// On Windows 8 or Windows Server 2008 R2, it is recommended that the NetCreateProvisioningPackage function be used instead of the
|
||
/// <c>NetProvisionComputerAccount</c> function.
|
||
/// </para>
|
||
/// <para>
|
||
/// The <c>NetProvisionComputerAccount</c> function is used to provision a computer account for later use in an offline domain join
|
||
/// operation using the NetRequestOfflineDomainJoin function. The offline domain join scenario uses these functions as follows:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>
|
||
/// <c>NetProvisionComputerAccount</c> is a provisioning function that is first called to perform the network operations necessary to
|
||
/// create and configure the computer object in Active Directory. The output from the <c>NetProvisionComputerAccount</c> is an opaque
|
||
/// binary blob of serialized metadata used for the next step.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>
|
||
/// NetRequestOfflineDomainJoin, an image initialization function, is then called to inject the output from the
|
||
/// <c>NetProvisionComputerAccount</c> provisioning function into a Windows operating system image to be used during installation.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>Changes to Windows initialization code will detect this saved state and affect the local only portion of domain join.</para>
|
||
/// <para>
|
||
/// The <c>NetProvisionComputerAccount</c> function will create or reuse the machine account in the domain, collect all necessary
|
||
/// metadata and return it in an opaque versioned binary blob or as text for embedding in an unattended setup answer file. The opaque
|
||
/// binary blob can be consumed by the offline domain join request operation supplying all the necessary input to complete the domain
|
||
/// join during first boot without any network operations (local state updates only).
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Security Note:</c> The blob returned by the <c>NetProvisionComputerAccount</c> function contains very sensitive data. It
|
||
/// should be treated just as securely as a plaintext password. The blob contains the machine account password and other information
|
||
/// about the domain, including the domain name, the name of a domain controller, and the security ID (SID) of the domain. If the
|
||
/// blob is being transported physically or over the network, care must be taken to transport it securely. The design makes no
|
||
/// provisions for securing this data. This problem exists today with unattended setup answer files which can carry a number of
|
||
/// secrets including domain user passwords. The caller must secure the blob and the unattended setup files. Solutions to this
|
||
/// problem are varied. As an example, a pre-exchanged key could be used to encrypt a session between the consumer and provisioning
|
||
/// entity enabling a secure transfer of the opaque blob.
|
||
/// </para>
|
||
/// <para>
|
||
/// The opaque blob returned in the pProvisionBinData parameter by the <c>NetProvisionComputerAccount</c> function is versioned to
|
||
/// allow interoperability and serviceability scenarios between different versions of Windows (joining client, provisioning machine,
|
||
/// and domain controller). The offline join scenario currently does not limit the lifetime of the blob returned by the
|
||
/// <c>NetProvisionComputerAccount</c> function.
|
||
/// </para>
|
||
/// <para>
|
||
/// For offline domain joins, the access check performed depends on the configuration of the domain. Computer account creation is
|
||
/// enabled using three methods:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>Domain administrators have rights to create computer accounts.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>The SD on a container can delegate the rights to create computer accounts.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>
|
||
/// By default, authenticated users may create computer accounts by privilege. Authenticated users are limited to creating a limited
|
||
/// number of accounts that is specified as a quota on the domain (the default value is 10). For more information, see the
|
||
/// ms-DS-MachineAccountQuota attribute in the Active Directory schema.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// The <c>NetProvisionComputerAccount</c> function works only with a writable domain controller and does not function against a
|
||
/// read-only domain controller. Once provisioning is done against a writable domain controller and the account is replicated to a
|
||
/// read-only domain controller, then the other portions of offline domain join operation do not require access to a domain controller.
|
||
/// </para>
|
||
/// <para>
|
||
/// If the <c>NetProvisionComputerAccount</c> function is successful, the pointer in the pProvisionBinData or pProvisionTextData
|
||
/// parameter (depending on which was parameter was not <c>NULL</c>) is returned with the serialized data for use in an offline join
|
||
/// operation or as text in an unattended setup file.
|
||
/// </para>
|
||
/// <para>For more information on offline domain join operations, see the Offline Domain Join Step-by-Step Guide.</para>
|
||
/// <para>
|
||
/// Joining (and unjoining) a computer to a domain using NetJoinDomain and NetUnjoinDomain can be performed only by a member of the
|
||
/// Administrators local group on the target computer. Note that the domain administrator can set additional requirements for joining
|
||
/// the domain using delegation and assignment of privileges.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netprovisioncomputeraccount NET_API_STATUS NET_API_FUNCTION
|
||
// NetProvisionComputerAccount( LPCWSTR lpDomain, LPCWSTR lpMachineName, LPCWSTR lpMachineAccountOU, LPCWSTR lpDcName, DWORD
|
||
// dwOptions, PBYTE *pProvisionBinData, DWORD *pdwProvisionBinDataSize, LPWSTR *pProvisionTextData );
|
||
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "4c854258-b84d-4ef3-a6da-ce0a9540ffd5")]
|
||
public static extern Win32Error NetProvisionComputerAccount(string lpDomain, string lpMachineName, [Optional] string lpMachineAccountOU, string lpDcName, NETSETUP_PROVISION dwOptions,
|
||
[Optional] IntPtr pProvisionBinData, [Optional] IntPtr pdwProvisionBinDataSize, ref StringBuilder pProvisionTextData);
|
||
|
||
/// <summary>The <c>NetRemoveAlternateComputerName</c> function removes an alternate name for the specified computer.</summary>
|
||
/// <param name="Server">
|
||
/// A pointer to a constant string that specifies the name of the computer on which to execute this function. If this parameter is
|
||
/// <c>NULL</c>, the local computer is used.
|
||
/// </param>
|
||
/// <param name="AlternateName">
|
||
/// A pointer to a constant string that specifies the alternate name to remove. This name must be in the form of a fully qualified
|
||
/// DNS name.
|
||
/// </param>
|
||
/// <param name="DomainAccount">
|
||
/// <para>
|
||
/// A pointer to a constant string that specifies the domain account to use for accessing the machine account object for the computer
|
||
/// specified in the Server parameter in Active Directory. If this parameter is <c>NULL</c>, then the credentials of the user
|
||
/// executing this routine are used.
|
||
/// </para>
|
||
/// <para>This parameter is not used if the server to execute this function is not joined to a domain.</para>
|
||
/// </param>
|
||
/// <param name="DomainAccountPassword">
|
||
/// <para>
|
||
/// A pointer to a constant string that specifies the password matching the domain account passed in the DomainAccount parameter. If
|
||
/// this parameter is <c>NULL</c>, then the credentials of the user executing this routine are used.
|
||
/// </para>
|
||
/// <para>
|
||
/// This parameter is ignored if the DomainAccount parameter is <c>NULL</c>. This parameter is not used if the server to execute this
|
||
/// function is not joined to a domain.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="Reserved">Reserved for future use. This parameter should be <c>NULL</c>.</param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is NERR_Success.</para>
|
||
/// <para>If the function fails, the return value can be one of the following error codes or one of the system error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_ACCESS_DENIED</term>
|
||
/// <term>
|
||
/// Access is denied. This error is returned if the caller was not a member of the Administrators local group on the target computer.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_NAME</term>
|
||
/// <term>A name parameter is incorrect. This error is returned if the AlternateName parameter does not contain valid name.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_PARAMETER</term>
|
||
/// <term>
|
||
/// A parameter is incorrect. This error is returned if the DomainAccount parameter does not contain a valid domain. This error is
|
||
/// also returned if the DomainAccount parameter is not NULL and the DomainAccountPassword parameter is not NULL but does not contain
|
||
/// a Unicode string.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NOT_ENOUGH_MEMORY</term>
|
||
/// <term>Not enough memory is available to process this command.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NOT_SUPPORTED</term>
|
||
/// <term>
|
||
/// The request is not supported. This error is returned if the target computer specified in the Server parameter on which this
|
||
/// function executes is running on Windows 2000 and earlier.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_WkstaNotStarted</term>
|
||
/// <term>The Workstation service has not been started.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_S_CALL_IN_PROGRESS</term>
|
||
/// <term>A remote procedure call is already in progress for this thread.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_S_PROTSEQ_NOT_SUPPORTED</term>
|
||
/// <term>The remote procedure call protocol sequence is not supported.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// <para>The <c>NetRemoveAlternateComputerName</c> function is supported on Windows XP and later.</para>
|
||
/// <para>
|
||
/// The <c>NetRemoveAlternateComputerName</c> function is used to remove secondary computer names configured for the target computer.
|
||
/// </para>
|
||
/// <para>
|
||
/// The <c>NetRemoveAlternateComputerName</c> function requires that the caller is a member of the Administrators local group on the
|
||
/// target computer.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netremovealternatecomputername NET_API_STATUS
|
||
// NET_API_FUNCTION NetRemoveAlternateComputerName( LPCWSTR Server, LPCWSTR AlternateName, LPCWSTR DomainAccount, LPCWSTR
|
||
// DomainAccountPassword, ULONG Reserved );
|
||
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "3c7ab44e-d5fa-40da-83fe-a44bf85b2ba5")]
|
||
public static extern Win32Error NetRemoveAlternateComputerName([Optional] string Server, string AlternateName, [Optional] string DomainAccount, [Optional] string DomainAccountPassword, uint Reserved = 0);
|
||
|
||
/// <summary>The <c>NetRenameMachineInDomain</c> function changes the name of a computer in a domain.</summary>
|
||
/// <param name="lpServer">
|
||
/// A pointer to a constant string that specifies the DNS or NetBIOS name of the computer on which to call the function. If this
|
||
/// parameter is <c>NULL</c>, the local computer is used.
|
||
/// </param>
|
||
/// <param name="lpNewMachineName">
|
||
/// A pointer to a constant string that specifies the new name of the computer. If specified, the local computer name is changed as
|
||
/// well. If this parameter is <c>NULL</c>, the function assumes you have already called the SetComputerNameEx function.
|
||
/// </param>
|
||
/// <param name="lpAccount">
|
||
/// A pointer to a constant string that specifies an account name to use when connecting to the domain controller. If this parameter
|
||
/// is <c>NULL</c>, the caller's context is used.
|
||
/// </param>
|
||
/// <param name="lpPassword">
|
||
/// If the lpAccount parameter specifies an account name, this parameter must point to the password to use when connecting to the
|
||
/// domain controller. Otherwise, this parameter must be <c>NULL</c>.
|
||
/// </param>
|
||
/// <param name="fRenameOptions">
|
||
/// The rename options. If this parameter is NETSETUP_ACCT_CREATE, the function renames the account in the domain.
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is NERR_Success.</para>
|
||
/// <para>If the function fails, the return value can be one of the following error codes or one of the system error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_ACCESS_DENIED</term>
|
||
/// <term>
|
||
/// Access is denied. This error is returned if the account name passed in the lpAccount parameter did not have sufficient access
|
||
/// rights for the operation.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_PARAMETER</term>
|
||
/// <term>A parameter is incorrect.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_SetupNotJoined</term>
|
||
/// <term>The computer is not currently joined to a domain.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_SetupDomainController</term>
|
||
/// <term>This computer is a domain controller and cannot be unjoined from a domain.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// Renaming a domain computer can be performed only by a user that is a member of the Administrators local group on the target
|
||
/// computer and that also is a member of the Administrators group on the domain or has the Account Operator privilege on the domain.
|
||
/// If you call the <c>NetRenameMachineInDomain</c> function remotely, you must supply credentials because you cannot delegate
|
||
/// credentials under these circumstances.
|
||
/// </para>
|
||
/// <para>
|
||
/// Different processes, or different threads of the same process, should not call the <c>NetRenameMachineInDomain</c> function at
|
||
/// the same time. This situation can leave the computer in an inconsistent state.
|
||
/// </para>
|
||
/// <para>
|
||
/// The <c>NERR_SetupNotJoined</c> and <c>NERR_SetupDomainController</c> return values are defined in the Lmerr.h header file. This
|
||
/// header file is automatically included by the Lm.h header file and should not be included directly.
|
||
/// </para>
|
||
/// <para>A system reboot is required after calling the <c>NetRenameMachineInDomain</c> function for the operation to complete.</para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netrenamemachineindomain NET_API_STATUS NET_API_FUNCTION
|
||
// NetRenameMachineInDomain( LPCWSTR lpServer, LPCWSTR lpNewMachineName, LPCWSTR lpAccount, LPCWSTR lpPassword, DWORD fRenameOptions );
|
||
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "1f7ddaa1-a349-49a6-856d-a2fde2f1dc3b")]
|
||
public static extern Win32Error NetRenameMachineInDomain([Optional] string lpServer, [Optional] string lpNewMachineName, [Optional] string lpAccount, [Optional] string lpPassword, NETSETUP fRenameOptions);
|
||
|
||
/// <summary>
|
||
/// The <c>NetRequestOfflineDomainJoin</c> function executes locally on a machine to modify a Windows operating system image mounted
|
||
/// on a volume. The registry is loaded from the image and provisioning blob data is written where it can be retrieved during the
|
||
/// completion phase of an offline domain join operation.
|
||
/// </summary>
|
||
/// <param name="pProvisionBinData">
|
||
/// <para>
|
||
/// A pointer to a buffer required to initialize the registry of a Windows operating system image to process the final local state
|
||
/// change during the completion phase of the offline domain join operation.
|
||
/// </para>
|
||
/// <para>
|
||
/// The opaque binary blob of serialized metadata passed in the pProvisionBinData parameter is returned by the
|
||
/// NetProvisionComputerAccount function.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="cbProvisionBinDataSize">
|
||
/// <para>The size, in bytes, of the buffer pointed to by the pProvisionBinData parameter.</para>
|
||
/// <para>This parameter must not be <c>NULL</c>.</para>
|
||
/// </param>
|
||
/// <param name="dwOptions">
|
||
/// <para>
|
||
/// A set of bit flags that define options for this function. This parameter can be one or more of the following values defined in
|
||
/// the Lmjoin.h header file.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>NETSETUP_PROVISION_ONLINE_CALLER 0x40000000</term>
|
||
/// <term>
|
||
/// This flag is required if the lpWindowsPath parameter references the currently running Windows operating system directory rather
|
||
/// than an offline Windows operating system image mounted on an accessible volume. If this flag is specified, the
|
||
/// NetRequestOfflineDomainJoin function must be invoked by a member of the local Administrators group.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="lpWindowsPath">
|
||
/// <para>
|
||
/// A pointer to a constant null-terminated character string that specifies the path to a Windows operating system image under which
|
||
/// the registry hives are located. This image must be offline and not currently booted unless the dwOptions parameter contains
|
||
/// <c>NETSETUP_PROVISION_ONLINE_CALLER</c> in which case the locally running operating system directory is allowed.
|
||
/// </para>
|
||
/// <para>This path could be a UNC path on a remote server.</para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is NERR_Success.</para>
|
||
/// <para>If the function fails, the return value can be one of the following error codes or one of the system error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_ACCESS_DENIED</term>
|
||
/// <term>Access is denied. This error is returned if the caller does not have sufficient privileges to complete the operation.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_ELEVATION_REQUIRED</term>
|
||
/// <term>The requested operation requires elevation.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_PARAMETER</term>
|
||
/// <term>
|
||
/// A parameter is incorrect. This error is returned if the pProvisionBinData, cbProvisionBinDataSize, or lpWindowsPath parameters
|
||
/// are NULL. This error is also returned if the buffer pointed to by the pProvisionBinData parameter does not contain valid data in
|
||
/// the blob for the domain, machine account name, or machine account password. This error is also returned if the string pointed to
|
||
/// lpWindowsPath parameter does not specific the path to a Windows operating system image.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NOT_SUPPORTED</term>
|
||
/// <term>
|
||
/// The request is not supported. This error is returned if the specified server does not support this operation. For example, if the
|
||
/// lpWindowsPath parameter references a Windows installation configured as a domain controller.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_WkstaNotStarted</term>
|
||
/// <term>The Workstation service has not been started.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// <para>The <c>NetRequestOfflineDomainJoin</c> function is supported on Windows 7 for offline domain join operations.</para>
|
||
/// <para>
|
||
/// The <c>NetRequestOfflineDomainJoin</c> function is used locally on a machine to modify a Windows operating system image mounted
|
||
/// on a volume. The registry is loaded for the image and provisioning blob data is written where it can be retrieved during the
|
||
/// completion phase of an offline domain join operation. The offline domain join scenario uses these functions as follows:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>
|
||
/// NetProvisionComputerAccount is a provisioning function that is first called to perform the network operations necessary to create
|
||
/// and configure the computer object in Active Directory. The output from the <c>NetProvisionComputerAccount</c> is an opaque binary
|
||
/// blob of serialized metadata used for the next step.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>
|
||
/// <c>NetRequestOfflineDomainJoin</c> , an image initialization function, is then called to inject the output from the
|
||
/// NetProvisionComputerAccount provisioning function into a Windows operating system image to be used during installation. Changes
|
||
/// to Windows initialization code will detect this saved state and affect the local only portion of domain join.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// The NetProvisionComputerAccount function will create or reuse the machine account in the domain, collect all necessary metadata
|
||
/// and return it in an opaque versioned binary blob or as text for embedding in an unattended setup answer file. The opaque binary
|
||
/// blob can be consumed by the offline domain join request operation supplying all the necessary input to complete the domain join
|
||
/// during first boot without any network operations (local state updates only). Note that the blob contains machine account password
|
||
/// material essentially in the clear. The design makes no provisions for securing this data. This problem exists today with
|
||
/// unattended setup answer files which can carry a number of secrets including domain user passwords. The caller must secure the
|
||
/// blob and the unattended setup files. Solutions to this problem are varied. As an example, a pre-exchanged key could be used to
|
||
/// encrypt a session between the consumer and provisioning entity enabling a secure transfer of the opaque blob .
|
||
/// </para>
|
||
/// <para>
|
||
/// The opaque blob returned in the pProvisionBinData parameter by the NetProvisionComputerAccount function is versioned to allow
|
||
/// interoperability and serviceability scenarios between different versions of Windows (joining client, provisioning machine, and
|
||
/// domain controller). The offline join scenario currently does not limit the lifetime of the blob returned by the
|
||
/// <c>NetProvisionComputerAccount</c> function.
|
||
/// </para>
|
||
/// <para>For more information on offline domain join operations, see the Offline Domain Join Step-by-Step Guide.</para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netrequestofflinedomainjoin NET_API_STATUS NET_API_FUNCTION
|
||
// NetRequestOfflineDomainJoin( BYTE *pProvisionBinData, DWORD cbProvisionBinDataSize, DWORD dwOptions, LPCWSTR lpWindowsPath );
|
||
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "f3f8fe00-d6f7-4d59-a4e7-6aef7f507e1a")]
|
||
public static extern Win32Error NetRequestOfflineDomainJoin([In] IntPtr pProvisionBinData, uint cbProvisionBinDataSize, NETSETUP_PROVISION dwOptions, string lpWindowsPath);
|
||
|
||
/// <summary>
|
||
/// The <c>NetRequestProvisioningPackageInstall</c> function executes locally on a machine to modify a Windows operating system image
|
||
/// mounted on a volume. The registry is loaded from the image and provisioning package data is written where it can be retrieved
|
||
/// during the completion phase of an offline domain join operation.
|
||
/// </summary>
|
||
/// <param name="pPackageBinData">
|
||
/// <para>
|
||
/// A pointer to a buffer required to initialize the registry of a Windows operating system image to process the final local state
|
||
/// change during the completion phase of the offline domain join operation.
|
||
/// </para>
|
||
/// <para>
|
||
/// The opaque binary blob of serialized metadata passed in the pPackageBinData parameter is returned by the
|
||
/// NetCreateProvisioningPackage function.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="dwPackageBinDataSize">
|
||
/// <para>The size, in bytes, of the buffer pointed to by the pPackageBinData parameter.</para>
|
||
/// <para>This parameter must not be <c>NULL</c>.</para>
|
||
/// </param>
|
||
/// <param name="dwProvisionOptions">
|
||
/// <para>
|
||
/// A set of bit flags that define options for this function. This parameter uses one or more of the following values defined in the
|
||
/// Lmjoin.h header file.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>NETSETUP_PROVISION_ONLINE_CALLER 0x40000000</term>
|
||
/// <term>
|
||
/// This flag is required if the lpWindowsPath parameter references the currently running Windows operating system directory rather
|
||
/// than an offline Windows operating system image mounted on an accessible volume. If this flag is specified, the
|
||
/// NetRequestProvisioningPackageInstall function must be invoked by a member of the local Administrators group.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="lpWindowsPath">
|
||
/// <para>
|
||
/// A pointer to a <c>NULL</c>-terminated character string that specifies the path to a Windows operating system image under which
|
||
/// the registry hives are located. This image must be offline and not currently booted unless the dwProvisionOptions parameter
|
||
/// contains <c>NETSETUP_PROVISION_ONLINE_CALLER</c>, in which case, the locally running operating system directory is allowed.
|
||
/// </para>
|
||
/// <para>This path could be a UNC path on a remote server.</para>
|
||
/// </param>
|
||
/// <param name="pvReserved">Reserved for future use.</param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is NERR_Success.</para>
|
||
/// <para>If the function fails, the return value can be one of the following Network Management error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>NERR_NoOfflineJoinInfo</term>
|
||
/// <term>The offline join completion information was not found.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_BadOfflineJoinInfo</term>
|
||
/// <term>The offline join completion information was bad.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_CantCreateJoinInfo</term>
|
||
/// <term>
|
||
/// Unable to create offline join information. Please ensure you have access to the specified path location and permissions to modify
|
||
/// its contents. Running as an elevated administrator may be required.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_BadDomainJoinInfo</term>
|
||
/// <term>The domain join info being saved was incomplete or bad.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_JoinPerformedMustRestart</term>
|
||
/// <term>Offline join operation successfully completed but a restart is needed.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_NoJoinPending</term>
|
||
/// <term>There was no offline join operation pending.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_ValuesNotSet</term>
|
||
/// <term>Unable to set one or more requested machine or domain name values on the local computer.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_CantVerifyHostname</term>
|
||
/// <term>Could not verify the current machine's hostname against the saved value in the join completion information.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_CantLoadOfflineHive</term>
|
||
/// <term>
|
||
/// Unable to load the specified offline registry hive. Please ensure you have access to the specified path location and permissions
|
||
/// to modify its contents. Running as an elevated administrator may be required.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_ConnectionInsecure</term>
|
||
/// <term>The minimum session security requirements for this operation were not met.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_ProvisioningBlobUnsupported</term>
|
||
/// <term>Computer account provisioning blob version is not supported.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// The NetRequestProvisioningPackageInstall function is supported on Windows 8 for offline domain join operations. For Windows 7,
|
||
/// use <c>NetRequestOfflineDomainJoin</c>.
|
||
/// </para>
|
||
/// <para>The offline domain join scenario uses two functions:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>
|
||
/// NetCreateProvisioningPackage is a provisioning function that is first called to perform the network operations necessary to
|
||
/// create and configure the computer object in Active Directory. The output from the <c>NetCreateProvisioningPackage</c> is a
|
||
/// package used for the next step.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>
|
||
/// <c>NetRequestProvisioningPackageInstall</c>, an image initialization function, is called to inject the output from the
|
||
/// NetCreateProvisioningPackage provisioning function into a Windows operating system image for use during installation.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// Changes to Windows initialization code will detect this saved state and affect the local-only portion of domain join and install
|
||
/// any certificate and policy information that may have been present in the package.
|
||
/// </para>
|
||
/// <para>
|
||
/// The NetCreateProvisioningPackage function will create or reuse the machine account in the domain, collect all necessary metadata
|
||
/// and return it in a package. The package can be consumed by the offline domain join request operation supplying all the necessary
|
||
/// input to complete the domain join during first boot without any network operations (local state updates only).
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Security Note:</c> The package created by the NetCreateProvisioningPackage function contains very sensitive data. It should be
|
||
/// treated just as securely as a plaintext password. The package contains the machine account password and other information about
|
||
/// the domain, including the domain name, the name of a domain controller, and the security ID (SID) of the domain. If the package
|
||
/// is being transported physically or over the network, care must be taken to transport it securely. The design makes no provisions
|
||
/// for securing this data. This problem exists today with unattended setup answer files which can carry a number of secrets
|
||
/// including domain user passwords. The caller must secure the package. Solutions to this problem are varied. As an example, a
|
||
/// pre-exchanged key could be used to encrypt a session between the consumer and provisioning entity enabling a secure transfer of
|
||
/// the package.
|
||
/// </para>
|
||
/// <para>
|
||
/// The package returned in the pPackageBinData parameter by the NetCreateProvisioningPackage function is versioned to allow
|
||
/// interoperability and serviceability scenarios between different versions of Windows (such as joining a client, provisioning a
|
||
/// machine, and using a domain controller). The offline join scenario currently does not limit the lifetime of the package returned
|
||
/// by the <c>NetCreateProvisioningPackage</c> function.
|
||
/// </para>
|
||
/// <para>
|
||
/// All phases of the provisioning process append to a NetSetup.log file on the local computer. The provisoning process can include
|
||
/// up to three different computers: the computer where the provisioning package is created, the computer that requests the
|
||
/// installation of the package, and the computer where the package is installed. There will be NetSetup.log file information stored
|
||
/// on all three computers according to the operation performed. Reviewing the contents of these files is the most common means of
|
||
/// troubleshooting online and offline provisioning errors. Provisioning operations undertaken by admins are logged to the
|
||
/// NetSetup.log file in the %WINDIR%\Debug. Provisioning operations performed by non-admins are logged to the NetSetup.log file in
|
||
/// the %USERPROFILE%\Debug folder.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netrequestprovisioningpackageinstall NET_API_STATUS
|
||
// NET_API_FUNCTION NetRequestProvisioningPackageInstall( BYTE *pPackageBinData, DWORD dwPackageBinDataSize, DWORD
|
||
// dwProvisionOptions, LPCWSTR lpWindowsPath, PVOID pvReserved );
|
||
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "107ED0F7-8DDD-4C18-8C34-3A67F771FA62")]
|
||
public static extern Win32Error NetRequestProvisioningPackageInstall([In] IntPtr pPackageBinData, uint dwPackageBinDataSize, NETSETUP_PROVISION dwProvisionOptions, string lpWindowsPath, IntPtr pvReserved = default);
|
||
|
||
/// <summary>The <c>NetSetPrimaryComputerName</c> function sets the primary computer name for the specified computer.</summary>
|
||
/// <param name="Server">
|
||
/// A pointer to a constant string that specifies the name of the computer on which to execute this function. If this parameter is
|
||
/// <c>NULL</c>, the local computer is used.
|
||
/// </param>
|
||
/// <param name="PrimaryName">
|
||
/// A pointer to a constant string that specifies the primary name to set. This name must be in the form of a fully qualified DNS name.
|
||
/// </param>
|
||
/// <param name="DomainAccount">
|
||
/// <para>
|
||
/// A pointer to a constant string that specifies the domain account to use for accessing the machine account object for the computer
|
||
/// specified in the Server parameter in Active Directory. If this parameter is <c>NULL</c>, then the credentials of the user
|
||
/// executing this routine are used.
|
||
/// </para>
|
||
/// <para>This parameter is not used if the server to execute this function is not joined to a domain.</para>
|
||
/// </param>
|
||
/// <param name="DomainAccountPassword">
|
||
/// <para>
|
||
/// A pointer to a constant string that specifies the password matching the domain account passed in the DomainAccount parameter. If
|
||
/// this parameter is <c>NULL</c>, then the credentials of the user executing this routine are used.
|
||
/// </para>
|
||
/// <para>
|
||
/// This parameter is ignored if the DomainAccount parameter is <c>NULL</c>. This parameter is not used if the server to execute this
|
||
/// function is not joined to a domain.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="Reserved">Reserved for future use. This parameter should be <c>NULL</c>.</param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is NERR_Success.</para>
|
||
/// <para>If the function fails, the return value can be one of the following error codes or one of the system error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_ACCESS_DENIED</term>
|
||
/// <term>
|
||
/// Access is denied. This error is returned if the caller was not a member of the Administrators local group on the target computer.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_NAME</term>
|
||
/// <term>A name parameter is incorrect. This error is returned if the PrimaryName parameter does not contain valid name.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_PARAMETER</term>
|
||
/// <term>
|
||
/// A parameter is incorrect. This error is returned if the DomainAccount parameter does not contain a valid domain. This error is
|
||
/// also returned if the DomainAccount parameter is not NULL and the DomainAccountPassword parameter is not NULL but does not contain
|
||
/// a Unicode string.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NOT_ENOUGH_MEMORY</term>
|
||
/// <term>Not enough memory is available to process this command.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NOT_SUPPORTED</term>
|
||
/// <term>
|
||
/// The request is not supported. This error is returned if the target computer specified in the Server parameter on which this
|
||
/// function executes is running on Windows 2000 and earlier.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_WkstaNotStarted</term>
|
||
/// <term>The Workstation service has not been started.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_S_CALL_IN_PROGRESS</term>
|
||
/// <term>A remote procedure call is already in progress for this thread.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_S_PROTSEQ_NOT_SUPPORTED</term>
|
||
/// <term>The remote procedure call protocol sequence is not supported.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// <para>The <c>NetSetPrimaryComputerName</c> function is supported on Windows XP and later.</para>
|
||
/// <para>
|
||
/// The <c>NetSetPrimaryComputerName</c> function is used as part of computer rename operations. The specified name will be removed
|
||
/// from the alternate name list configured for the target computer and configured as the primary name. The computer account name
|
||
/// will be changed to match the primary name. The previous primary computer name is moved to the alternate computer name list
|
||
/// configured for the computer.
|
||
/// </para>
|
||
/// <para>
|
||
/// The <c>NetSetPrimaryComputerName</c> function requires that the caller is a member of the Administrators local group on the
|
||
/// target computer.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netsetprimarycomputername NET_API_STATUS NET_API_FUNCTION
|
||
// NetSetPrimaryComputerName( LPCWSTR Server, LPCWSTR PrimaryName, LPCWSTR DomainAccount, LPCWSTR DomainAccountPassword, ULONG
|
||
// Reserved );
|
||
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "524c8219-a303-45ab-95e2-91319b477568")]
|
||
public static extern Win32Error NetSetPrimaryComputerName([Optional] string Server, string PrimaryName, [Optional] string DomainAccount, [Optional] string DomainAccountPassword, uint Reserved = 0);
|
||
|
||
/// <summary>The <c>NetUnjoinDomain</c> function unjoins a computer from a workgroup or a domain.</summary>
|
||
/// <param name="lpServer">
|
||
/// A pointer to a constant string that specifies the DNS or NetBIOS name of the computer on which the function is to execute. If
|
||
/// this parameter is <c>NULL</c>, the local computer is used.
|
||
/// </param>
|
||
/// <param name="lpAccount">
|
||
/// A pointer to a constant string that specifies the account name to use when connecting to the domain controller. The string must
|
||
/// specify either a domain NetBIOS name and user account (for example, REDMOND\user) or the user principal name (UPN) of the user in
|
||
/// the form of an Internet-style login name (for example, "someone@example.com"). If this parameter is <c>NULL</c>, the caller's
|
||
/// context is used.
|
||
/// </param>
|
||
/// <param name="lpPassword">
|
||
/// If the lpAccount parameter specifies an account name, this parameter must point to the password to use when connecting to the
|
||
/// domain controller. Otherwise, this parameter must be <c>NULL</c>.
|
||
/// </param>
|
||
/// <param name="fUnjoinOptions">
|
||
/// Specifies the unjoin options. If this parameter is NETSETUP_ACCT_DELETE, the account is disabled when the unjoin occurs. Note
|
||
/// that this option does not delete the account. Currently, there are no other unjoin options defined.
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is NERR_Success.</para>
|
||
/// <para>If the function fails, the return value can be one of the following error codes or one of the system error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_PARAMETER</term>
|
||
/// <term>A parameter is incorrect.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_SetupNotJoined</term>
|
||
/// <term>The computer is not currently joined to a domain.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_SetupDomainController</term>
|
||
/// <term>This computer is a domain controller and cannot be unjoined from a domain.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// Unjoining (and joining) a computer to a domain or workgroup can be performed only by a member of the Administrators local group
|
||
/// on the target computer. If you call the <c>NetUnjoinDomain</c> function remotely, you must supply credentials because you cannot
|
||
/// delegate credentials under these circumstances.
|
||
/// </para>
|
||
/// <para>
|
||
/// Different processes, or different threads of the same process, should not call the <c>NetUnjoinDomain</c> function at the same
|
||
/// time. This situation can leave the computer in an inconsistent state.
|
||
/// </para>
|
||
/// <para>A system reboot is required after calling the NetRenameMachineInDomain function for the operation to complete.</para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netunjoindomain NET_API_STATUS NET_API_FUNCTION
|
||
// NetUnjoinDomain( LPCWSTR lpServer, LPCWSTR lpAccount, LPCWSTR lpPassword, DWORD fUnjoinOptions );
|
||
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "cc755c22-1fd6-4787-999e-a43258287a05")]
|
||
public static extern Win32Error NetUnjoinDomain([Optional] string lpServer, [Optional] string lpAccount, [Optional] string lpPassword, NETSETUP fUnjoinOptions);
|
||
|
||
/// <summary>
|
||
/// The <c>NetValidateName</c> function verifies that a name is valid for name type specified(computer name, workgroup name, domain
|
||
/// name, or DNS computer name).
|
||
/// </summary>
|
||
/// <param name="lpServer">
|
||
/// A pointer to a constant string that specifies the DNS or NetBIOS name of the computer on which to call the function. If this
|
||
/// parameter is <c>NULL</c>, the local computer is used.
|
||
/// </param>
|
||
/// <param name="lpName">
|
||
/// A pointer to a constant string that specifies the name to validate. Depending on the value specified in the NameType parameter,
|
||
/// the lpName parameter can point to a computer name, workgroup name, domain name, or DNS computer name.
|
||
/// </param>
|
||
/// <param name="lpAccount">
|
||
/// If the lpName parameter is a domain name, this parameter points to an account name to use when connecting to the domain
|
||
/// controller. The string must specify either a domain NetBIOS name and user account (for example, "REDMOND\user") or the user
|
||
/// principal name (UPN) of the user in the form of an Internet-style login name (for example, "someone@example.com"). If this
|
||
/// parameter is <c>NULL</c>, the caller's context is used.
|
||
/// </param>
|
||
/// <param name="lpPassword">
|
||
/// If the lpAccount parameter specifies an account name, this parameter must point to the password to use when connecting to the
|
||
/// domain controller. Otherwise, this parameter must be <c>NULL</c>.
|
||
/// </param>
|
||
/// <param name="NameType">
|
||
/// <para>
|
||
/// The type of the name passed in the lpName parameter to validate. This parameter can be one of the values from the
|
||
/// NETSETUP_NAME_TYPE enumeration type defined in the Lmjoin.h header file.
|
||
/// </para>
|
||
/// <para>
|
||
/// Note that the Lmjoin.h header is automatically included by the Lm.h header file. The Lmjoin.h header files should not be used directly.
|
||
/// </para>
|
||
/// <para>The following list shows the possible values for this parameter.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>NetSetupUnknown 0</term>
|
||
/// <term>The nametype is unknown. If this value is used, the NetValidateName function fails with ERROR_INVALID_PARAMETER.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NetSetupMachine 1</term>
|
||
/// <term>Verify that the NetBIOS computer name is valid and that it is not in use.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NetSetupWorkgroup 2</term>
|
||
/// <term>Verify that the workgroup name is valid.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NetSetupDomain 3</term>
|
||
/// <term>Verify that the domain name exists and that it is a domain.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NetSetupNonExistentDomain 4</term>
|
||
/// <term>Verify that the domain name is not in use.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NetSetupDnsMachine 5</term>
|
||
/// <term>
|
||
/// Verify that the DNS computer name is valid. This value is supported on Windows 2000 and later. The application must be compiled
|
||
/// with _WIN32_WINNT >= 0x0500 to use this value.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is NERR_Success.</para>
|
||
/// <para>If the function fails, the return value can be one of the following error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>DNS_ERROR_INVALID_NAME_CHAR</term>
|
||
/// <term>
|
||
/// The DNS name contains an invalid character. This error is returned if the NameType parameter specified is NetSetupDnsMachine and
|
||
/// the DNS name in the lpName parameter contains an invalid character.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>DNS_ERROR_NON_RFC_NAME</term>
|
||
/// <term>
|
||
/// The DNS name does not comply with RFC specifications. This error is returned if the NameType parameter specified is
|
||
/// NetSetupDnsMachine and the DNS name in the lpName parameter does not comply with RFC specifications.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_DUP_NAME</term>
|
||
/// <term>A duplicate name already exists on the network.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_COMPUTERNAME</term>
|
||
/// <term>The format of the specified computer name is not valid.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_INVALID_PARAMETER</term>
|
||
/// <term>
|
||
/// A parameter is incorrect. This error is returned if the lpName parameter is NULL or the NameType parameter is specified as
|
||
/// NetSetupUnknown or an unknown nametype.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NO_SUCH_DOMAIN</term>
|
||
/// <term>The specified domain does not exist.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_NOT_SUPPORTED</term>
|
||
/// <term>
|
||
/// The request is not supported. This error is returned if a remote computer was specified in the lpServer parameter and this call
|
||
/// is not supported on the remote computer.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_InvalidComputer</term>
|
||
/// <term>
|
||
/// The specified computer name is not valid. This error is returned if the NameType parameter specified is NetSetupDnsMachine or
|
||
/// NetSetupMachine and the specified computer name is not valid.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NERR_InvalidWorkgroupName</term>
|
||
/// <term>
|
||
/// The specified workgroup name is not valid. This error is returned if the NameType parameter specified is NetSetupWorkgroup and
|
||
/// the specified workgroup name is not valid.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_S_SERVER_UNAVAILABLE</term>
|
||
/// <term>
|
||
/// The RPC server is not available. This error is returned if a remote computer was specified in the lpServer parameter and the RPC
|
||
/// server is not available.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_E_REMOTE_DISABLED</term>
|
||
/// <term>
|
||
/// Remote calls are not allowed for this process. This error is returned if a remote computer was specified in the lpServer
|
||
/// parameter and remote calls are not allowed for this process.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// <para>The <c>NetValidateName</c> function validates a name based on the nametype specified.</para>
|
||
/// <para>
|
||
/// If the NameType parameter is <c>NetSetupMachine</c>, the name passed in the lpName parameter must be syntactically correct as a
|
||
/// NetBIOS name and the name must not currently be in use on the network.
|
||
/// </para>
|
||
/// <para>
|
||
/// If the NameType parameter is <c>NetSetupWorkgroup</c>, the name passed in the lpName parameter must be syntactically correct as a
|
||
/// NetBIOS name, the name must not currently be in use on the network as a unique name, and the name must be different from the
|
||
/// computer name.
|
||
/// </para>
|
||
/// <para>
|
||
/// If the NameType parameter is <c>NetSetupDomain</c>, the name passed in the lpName parameter must be syntactically correct as a
|
||
/// NetBIOS or DNS name and the name must currently be registered as a domain name.
|
||
/// </para>
|
||
/// <para>
|
||
/// If the NameType parameter is <c>NetSetupNonExistentDomain</c>, the name passed in the lpName parameter must be syntactically
|
||
/// correct as a NetBIOS or DNS name and the name must currently not be registered as a domain name.
|
||
/// </para>
|
||
/// <para>
|
||
/// If the NameType parameter is <c>NetSetupDnsMachine</c>, the name passed in the lpName parameter must be syntactically correct as
|
||
/// a DNS name.
|
||
/// </para>
|
||
/// <para>NetBIOS names are limited to maximum length of 16 characters.</para>
|
||
/// <para>No special group membership is required to successfully execute the <c>NetValidateName</c> function.</para>
|
||
/// <para>Examples</para>
|
||
/// <para>The following example validates a name for a specific type.</para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netvalidatename NET_API_STATUS NET_API_FUNCTION
|
||
// NetValidateName( LPCWSTR lpServer, LPCWSTR lpName, LPCWSTR lpAccount, LPCWSTR lpPassword, NETSETUP_NAME_TYPE NameType );
|
||
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "772603df-ec17-4a83-a715-2d9a14d5c2bb")]
|
||
public static extern Win32Error NetValidateName([Optional] string lpServer, string lpName, [Optional] string lpAccount, [Optional] string lpPassword, NETSETUP_NAME_TYPE NameType);
|
||
|
||
/// <summary>Contains information about a user account that is used to join a device to Microsoft Azure Active Directory.</summary>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/ns-lmjoin-_dsreg_user_info typedef struct _DSREG_USER_INFO { LPWSTR
|
||
// pszUserEmail; LPWSTR pszUserKeyId; LPWSTR pszUserKeyName; } DSREG_USER_INFO, *PDSREG_USER_INFO;
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "5E639988-0F53-40D7-BBEC-F78B3D124CC0")]
|
||
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
|
||
public struct DSREG_USER_INFO
|
||
{
|
||
/// <summary>The email address of the user.</summary>
|
||
public string pszUserEmail;
|
||
|
||
/// <summary>The identifier of the Microsoft Passport key that is provisioned for the user.</summary>
|
||
public string pszUserKeyId;
|
||
|
||
/// <summary>The name of the Microsoft Passport key that is provisioned for the user.</summary>
|
||
public string pszUserKeyName;
|
||
}
|
||
|
||
/// <summary>
|
||
/// The <c>NETSETUP_PROVISIONING_PARAMS</c> structure contains information that is used when creating a provisioning package using
|
||
/// the NetCreateProvisionPackage function.
|
||
/// </summary>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// The <c>NETSETUP_PROVISIONING_PARAMS</c> structure provides flags for the NetCreateProvisioningPackage function which is supported
|
||
/// on Windows 8 and Windows Server 2012 for offline join operations.
|
||
/// </para>
|
||
/// <para>
|
||
/// In addition to domain joins, the provisioning package can provide certificates and policies to the machine. The provisioning
|
||
/// package can be used in four ways:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>Domain join</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Domain join and installation of certificates</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Domain join and installation of policies</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Domain join and installation of certificates and policies</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// When certificates need to be added to the package, this structure provides the <c>aCertTemplateNames</c> member as an array of
|
||
/// <c>NULL</c>-terminated certificate template names. The <c>aCertTemplateNames</c> member requires the <c>cCertTemplateNames</c>
|
||
/// member to provide an explicit count of the number of items in the array.
|
||
/// </para>
|
||
/// <para>There are two different ways to add policies. You can use one or both methods:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>
|
||
/// Policy name<6D>An array of <c>NULL</c>-terminated policy names is provided in the <c>aMachinePolicyNames</c> member. During runtime,
|
||
/// the policy name is mapped to the policy name in AD and the GUID that represents the policy in the enterprise space is retrieved.
|
||
/// The <c>aMachinePolicyNames</c> member requires the <c>cMachinePolicyNames</c> member to provide an explicit count of the number
|
||
/// of items in the array.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>
|
||
/// Policy path<74>A pointer to an array of <c>NULL</c>-terminated character strings provided in the <c>aMachinePolicyPaths</c> member
|
||
/// which specify the path to a file in the Registry Policy File format. For more information on the Registry Policy File Format ,
|
||
/// see Registry Policy File Format. The policy path is a full or relative path to the policy file.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/ns-lmjoin-_netsetup_provisioning_params typedef struct
|
||
// _NETSETUP_PROVISIONING_PARAMS { DWORD dwVersion; LPCWSTR lpDomain; LPCWSTR lpHostName; LPCWSTR lpMachineAccountOU; LPCWSTR
|
||
// lpDcName; DWORD dwProvisionOptions; LPCWSTR *aCertTemplateNames; DWORD cCertTemplateNames; LPCWSTR *aMachinePolicyNames; DWORD
|
||
// cMachinePolicyNames; LPCWSTR *aMachinePolicyPaths; DWORD cMachinePolicyPaths; LPWSTR lpNetbiosName; LPWSTR lpSiteName; LPWSTR
|
||
// lpPrimaryDNSDomain; } NETSETUP_PROVISIONING_PARAMS, *PNETSETUP_PROVISIONING_PARAMS;
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "E965804F-145A-4D8F-BB8E-466580AC65DA")]
|
||
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
|
||
public struct NETSETUP_PROVISIONING_PARAMS
|
||
{
|
||
/// <summary>
|
||
/// <para>
|
||
/// The version of Windows in the provisioning package. This parameter should use the following value defined in the Lmjoin.h
|
||
/// header file.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>NETSETUP_PROVISIONING_PARAMS_CURRENT_VERSION 0x00000001</term>
|
||
/// <term>The version for this package is Windows Server 2012.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public uint dwVersion;
|
||
|
||
/// <summary>
|
||
/// A pointer to a <c>NULL</c>-terminated character string that specifies the name of the domain where the computer account is created.
|
||
/// </summary>
|
||
public string lpDomain;
|
||
|
||
/// <summary>The lp host name</summary>
|
||
public string lpHostName;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// A optional pointer to a <c>NULL</c>-terminated character string that contains the RFC 1779 format name of the organizational
|
||
/// unit (OU) where the computer account will be created. If you specify this parameter, the string must contain a full path, for
|
||
/// example, OU=testOU,DC=domain,DC=Domain,DC=com. Otherwise, this parameter must be <c>NULL</c>.
|
||
/// </para>
|
||
/// <para>If this parameter is <c>NULL</c>, the well known computer object container will be used as published in the domain.</para>
|
||
/// </summary>
|
||
public string lpMachineAccountOU;
|
||
|
||
/// <summary>
|
||
/// An optional pointer to a <c>NULL</c>-terminated character string that contains the name of the domain controller to target.
|
||
/// </summary>
|
||
public string lpDcName;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// A set of bit flags that define provisioning options. This parameter can be one or more of the following values defined in the
|
||
/// Lmjoin.h header file.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>NETSETUP_PROVISION_DOWNLEVEL_PRIV_SUPPORT 0x00000001</term>
|
||
/// <term>
|
||
/// If the caller requires account creation by privilege, this option will cause a retry on failure using account creation
|
||
/// functions enabling interoperability with domain controllers running on earlier versions of Windows. The lpMachineAccountOU is
|
||
/// not supported when using downlevel privilege support.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_PROVISION_REUSE_ACCOUNT 0x00000002</term>
|
||
/// <term>
|
||
/// If the named account already exists, an attempt will be made to reuse the existing account. This option requires sufficient
|
||
/// credentials for this operation (Domain Administrator or the object owner).
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_PROVISION_USE_DEFAULT_PASSWORD 0x00000004</term>
|
||
/// <term>
|
||
/// Use the default machine account password which is the machine name in lowercase. This is largely to support the older
|
||
/// unsecure join model where the pre-created account typically used this default password.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_PROVISION_SKIP_ACCOUNT_SEARCH 0x00000008</term>
|
||
/// <term>
|
||
/// Do not try to find the account on any domain controller in the domain. This option makes the operation faster, but should
|
||
/// only be used when the caller is certain that an account by the same name hasn't recently been created. This option is only
|
||
/// valid when the lpDcName parameter is specified. When the prerequisites are met, this option allows for must faster
|
||
/// provisioning useful for scenarios such as batch processing.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NETSETUP_PROVISION_ROOT_CA_CERTS 0x00000010</term>
|
||
/// <term>
|
||
/// This option retrieves all of the root Certificate Authority certificates on the local machine and adds them to the
|
||
/// provisioning package.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public uint dwProvisionOptions;
|
||
|
||
/// <summary>A pointer to an array of <c>NULL</c>-terminated certificate template names.</summary>
|
||
public IntPtr aCertTemplateNames;
|
||
|
||
/// <summary>
|
||
/// When <c>aCertTemplateNames</c> is not <c>NULL</c>, this member provides an explicit count of the number of items in the array.
|
||
/// </summary>
|
||
public uint cCertTemplateNames;
|
||
|
||
/// <summary>A pointer to an array of <c>NULL</c>-terminated machine policy names.</summary>
|
||
public IntPtr aMachinePolicyNames;
|
||
|
||
/// <summary>
|
||
/// When <c>aMachinePolicyNames</c> is not <c>NULL</c>, this member provides an explicit count of the number of items in the array.
|
||
/// </summary>
|
||
public uint cMachinePolicyNames;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// A pointer to an array of character strings. Each array element is a NULL-terminated character string which specifies the full
|
||
/// or partial path to a file in the Registry Policy File format. For more information on the Registry Policy File Format , see
|
||
/// Registry Policy File Format
|
||
/// </para>
|
||
/// <para>This path could be a UNC path on a remote server.</para>
|
||
/// </summary>
|
||
public IntPtr aMachinePolicyPaths;
|
||
|
||
/// <summary>
|
||
/// When <c>aMachinePolicyPaths</c> is not <c>NULL</c>, this member provides an explicit count of the number of items in the array.
|
||
/// </summary>
|
||
public uint cMachinePolicyPaths;
|
||
|
||
/// <summary>The lp netbios name</summary>
|
||
public string lpNetbiosName;
|
||
|
||
/// <summary>The lp site name</summary>
|
||
public string lpSiteName;
|
||
|
||
/// <summary>The lp primary DNS domain</summary>
|
||
public string lpPrimaryDNSDomain;
|
||
}
|
||
|
||
/// <summary>Contains information about how a device is joined to Microsoft Azure Active Directory.</summary>
|
||
// https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/ns-lmjoin-_dsreg_join_info typedef struct _DSREG_JOIN_INFO {
|
||
// DSREG_JOIN_TYPE joinType; PCCERT_CONTEXT pJoinCertificate; LPWSTR pszDeviceId; LPWSTR pszIdpDomain; LPWSTR pszTenantId; LPWSTR
|
||
// pszJoinUserEmail; LPWSTR pszTenantDisplayName; LPWSTR pszMdmEnrollmentUrl; LPWSTR pszMdmTermsOfUseUrl; LPWSTR pszMdmComplianceUrl;
|
||
// LPWSTR pszUserSettingSyncUrl; DSREG_USER_INFO *pUserInfo; } DSREG_JOIN_INFO, *PDSREG_JOIN_INFO;
|
||
[PInvokeData("lmjoin.h", MSDNShortId = "9B0F7BE3-BDCD-437E-9157-9A646A2A20E2")]
|
||
public class DSREG_JOIN_INFO : SafeHANDLE
|
||
{
|
||
/// <summary>An enumeration value that specifies the type of the join.</summary>
|
||
public DSREG_JOIN_TYPE joinType => Value.joinType;
|
||
|
||
/// <summary>
|
||
/// Representations of the certification for the join. This is a pointer to <c>CERT_CONTEXT</c> structure which can be found in <c>Vanara.PInvoke.Cryptography</c>.
|
||
/// </summary>
|
||
public Crypt32.CERT_CONTEXT? pJoinCertificate => Value.pJoinCertificate.ToNullableStructure<Crypt32.CERT_CONTEXT>();
|
||
|
||
/// <summary>The PSZ device identifier</summary>
|
||
public string pszDeviceId => Value.pszDeviceId;
|
||
|
||
/// <summary>A string that represents Azure Active Directory (Azure AD).</summary>
|
||
public string pszIdpDomain => Value.pszIdpDomain;
|
||
|
||
/// <summary>The identifier of the joined Azure AD tenant.</summary>
|
||
public string pszTenantId => Value.pszTenantId;
|
||
|
||
/// <summary>The email address for the joined account.</summary>
|
||
public string pszJoinUserEmail => Value.pszJoinUserEmail;
|
||
|
||
/// <summary>The display name for the joined account.</summary>
|
||
public string pszTenantDisplayName => Value.pszTenantDisplayName;
|
||
|
||
/// <summary>The URL to use to enroll in the Mobile Device Management (MDM) service.</summary>
|
||
public string pszMdmEnrollmentUrl => Value.pszMdmEnrollmentUrl;
|
||
|
||
/// <summary>The URL that provides information about the terms of use for the MDM service.</summary>
|
||
public string pszMdmTermsOfUseUrl => Value.pszMdmTermsOfUseUrl;
|
||
|
||
/// <summary>The URL that provides information about compliance for the MDM service.</summary>
|
||
public string pszMdmComplianceUrl => Value.pszMdmComplianceUrl;
|
||
|
||
/// <summary>The URL for synchronizing user settings.</summary>
|
||
public string pszUserSettingSyncUrl => Value.pszUserSettingSyncUrl;
|
||
|
||
/// <summary>Information about the user account that was used to join a device to Azure AD.</summary>
|
||
public DSREG_USER_INFO? pUserInfo => Value.pUserInfo.ToNullableStructure<DSREG_USER_INFO>();
|
||
|
||
/// <summary>
|
||
/// Internal method that actually releases the handle. This is called by <see cref="M:Vanara.PInvoke.SafeHANDLE.ReleaseHandle"/>
|
||
/// for valid handles and afterwards zeros the handle.
|
||
/// </summary>
|
||
/// <returns><c>true</c> to indicate successful release of the handle; <c>false</c> otherwise.</returns>
|
||
protected override bool InternalReleaseHandle() { NetFreeAadJoinInformation(handle); return true; }
|
||
|
||
private _DSREG_JOIN_INFO Value => handle.ToStructure<_DSREG_JOIN_INFO>();
|
||
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
struct _DSREG_JOIN_INFO
|
||
{
|
||
public DSREG_JOIN_TYPE joinType;
|
||
public IntPtr pJoinCertificate;
|
||
public StrPtrUni pszDeviceId;
|
||
public StrPtrUni pszIdpDomain;
|
||
public StrPtrUni pszTenantId;
|
||
public StrPtrUni pszJoinUserEmail;
|
||
public StrPtrUni pszTenantDisplayName;
|
||
public StrPtrUni pszMdmEnrollmentUrl;
|
||
public StrPtrUni pszMdmTermsOfUseUrl;
|
||
public StrPtrUni pszMdmComplianceUrl;
|
||
public StrPtrUni pszUserSettingSyncUrl;
|
||
public IntPtr pUserInfo;
|
||
}
|
||
}
|
||
}
|
||
} |