SAMR x3e opcode in AD machine join

Anthony Liguori aliguor at
Mon Aug 5 08:01:02 GMT 2002

When a WinXP client joins an AD domain, one of the new RPC calls that 
appears is a SAMR x3e call.  The call appears right before any other SAMR 
call (EnumDomains, LookupDomain, OpenDomain, etc.) and returns a policy 
handle and NTSTATUS code.  The call takes a UNISTR2 (that's typically 
"\\DC" either NETBIOS or dns name depending on what is specified when 
joining the domain) and what appears to be an ACCESS_MASK.

This function behaves exactly as one would expect a SamrConnect call to 
behave even though SamrConnect is already implemented with opcode x39. The 
call has to be some varient of SamrConnect because no call to SamrConnect 
is made before the other Samr calls to obtain to policy handle.  One 
possibility is that its a different version of SamrConnect perhaps with 
different flags for the ACCESS_MASK parameter.

Another possibility is that it is the SamrIConnect call. On WinXP, dumping 
the exports from samsrv.dll will reveal a bunch of SamrIxxx calls.  At 
first, I thought they may just be internal versions of the call (the 
regular Samr calls might just stub to the SamrI call) but SamrConnect 
never actually calls SamrIConnect.  Perhaps there are new versions of some 
of the Samr calls that are now used in Win2k prefixed with SamrI.

Any ideas?

Anthony Liguori
IBM Extreme Blue / Active Blue Directory
aliguor at
(512) 838-1208
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba-technical mailing list