Platform SDK: Access Control

LookupAccountSid

The LookupAccountSid function accepts a security identifier (SID) as input. It retrieves the name of the account for this SID and the name of the first domain on which this SID is found.

BOOL LookupAccountSid(
  LPCTSTR lpSystemName,  // name of local or remote computer
  PSID Sid,              // security identifier
  LPTSTR Name,           // account name buffer
  LPDWORD cbName,        // size of account name buffer
  LPTSTR DomainName,     // domain name
  LPDWORD cbDomainName,  // size of domain name buffer
  PSID_NAME_USE peUse    // SID type
);

Parameters

lpSystemName
[in] Pointer to a null-terminated string specifying the target computer. This string can be the name of a remote computer. If this string is NULL, the SID is looked up on the local computer.
Sid
[in] Pointer to the SID to look up.
Name
[out] Pointer to a buffer that receives a null-terminated string containing the account name corresponding to the Sid parameter.
cbName
[in/out] On input, specifies the size, in characters, of the Name buffer. If the function fails because the buffer is too small, cbName receives the required buffer size, including the terminating null character.
DomainName
[out] Pointer to a buffer that receives a null-terminated string containing the name of the domain where the account name was found.

For Windows NT/Windows 2000 systems, the domain name returned for most accounts in the local computer's security database is the computer's name as of the last start of the system. Backslashes are excluded. If the computer's name changes, the old name continues to be returned as the domain name until the system is restarted.

For Windows NT Server/Windows 2000 Server systems, the domain name returned for most accounts in the local computer's security database is the name of the domain for which the server is a domain controller.

Some accounts are predefined by the system. The domain name returned for these accounts is BUILTIN.

cbDomainName
[in/out] On input, specifies the size, in characters, of the DomainName buffer. If the function fails because the buffer is too small, cbDomainName receives the required buffer size, including the terminating null character.
peUse
[out] Pointer to a variable that receives a SID_NAME_USE value indicating the type of the account.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The LookupAccountSid function attempts to find a name for the specified security identifier by first checking a list of well-known SIDs. If the supplied SID does not correspond to a well-known SID, the function checks built-in and administratively defined local accounts. Next, the function checks the primary domain. Security identifiers not recognized by the primary domain are checked against the trusted domains corresponding to their SID prefixes.

LookupAccountSid fails and GetLastError returns ERROR_NONE_MAPPED if it cannot find an account name for the SID. This can occur if a network timeout prevents the function from finding the name. It also occurs for SIDs that have no corresponding account name, such as a logon SID that identifies a logon session.

Windows 2000: In addition to looking up SIDs for local accounts, local domain accounts, and explicitly trusted domain accounts, LookupAccountSid can look up SIDs for any account in any domain in the Windows 2000 forest, including SIDs that appear only in the SIDhistory field of an account in the forest. The SIDhistory field stores former SIDs of an account that has been moved from another domain. To perform these look-ups, the function queries the global catalog of the forest. However, these look-ups require that the computer from which LookupAccountSid is called be either running Windows 2000 or in a domain running in Windows 2000 native mode. Account lookup by SIDhistory is not possible if the calling computer is a Windows NT 4.0 system in either a Windows NT 4.0 domain or a mixed-mode Windows 2000 domain.

Requirements

  Windows NT/2000: Requires Windows NT 3.1 or later.
  Header: Declared in Winbase.h; include Windows.h.
  Library: Use Advapi32.lib.
  Unicode: Implemented as Unicode and ANSI versions on Windows NT/2000.

See Also

Access Control Overview, Access Control Functions, EqualPrefixSid, LookupAccountName