Jump to content

LookupAccountName returns root domain account instead of local user account


Recommended Posts

Posted

Hi!

 

Prerequisites:

 

Local user account named "FooBar" created

Computer/machine joined to domain named "FooBar", i.e., both strings are equal

Problem:

 

A call to LookupAccountName (winbase.h, Advapi32.dll) given an empty lpSystemName and using an isolated lpAccountName, i.e., "FooBar" instead of "MyMachine\FooBar", returns a SID structure that does not point to the machine-local user account "FooBar" but to the account of the domain "FooBar", i.e., SidTypeDomain (see SID_NAME_USE Enumeration).

 

Now, the documentation on LookupAccountName inarguably states that you have to use a "fully qualified account name [...] to ensure that LookupAccountName finds the account in the desired domain". But it also says that it will attempt to find a SID checking well-known SIDs first, then built-in and administratively defined local accounts, and only next check the primary domain.

 

Question:

 

Is the documentation ambiguous, or does it not reflect correctly what happens actually?

 

Best regards.

 

More...

  • Replies 0
  • Created
  • Last Reply

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...