No navigation frame on the left?  Click here.

NetEnumerateTrustedDomains

NetEnumerateTrustedDomains() is a useful function that provides a list of domains in which a machine trusts. In that, it is rather similar to LsaEnumerateTrustedDomains(), but that's where the similarities stop.

First, the big drawback: NETD() only reports on trusted domains in the sense used in the manuals -- that is, domains trusted by the domain in which your machine is a member. Trust relationships between a member server and its domain are not shown.

[8 June 1999] An even bigger drawback: NETD() seems to work erratically, if at all. For the time being I strongly recommend the LSA function LsaEnumerateTrustedDomains() instead.

But there are advantages. As the sample below shows, using the function is as easy as 1-2-3; it provides only the trusted domain list, with no superfluous info; and it does not require admin privilege on the target machine.

There are three points I'd like to make: One, the return format is unusual (for a Net*() function) in that the buffer, allocated by the function and to be deallocated by your code calling NetApiBuffer Free(), contains a list of Unicode strings, each terminated with a single null character (which, obviously, is two null bytes in Unicode); after the last string, right where the next one would normally start, there is an extra null character.

Two, the header files in at least two SDK versions are incorrect. They declare NETD() like this:

    NTSTATUS
    NetEnumerateTrustedDomains (
        IN LPWSTR ServerName OPTIONAL,
        OUT LPWSTR *DomainNames
        );

The correct declaration is this:

    NTSTATUS NET_API_FUNCTION
    NetEnumerateTrustedDomains (
        IN LPWSTR ServerName OPTIONAL,
        OUT LPWSTR *DomainNames
        );

Note the added "NET_API_FUNCTION". Make sure you change your headers (or write your own declaration)!

Three, the return values are NTSTATUS codes. You can find those in NTSTATUS.H, which comes with the DDK. Holler if you can't find it.