public static extern uint LsaLookupSids2(
SafeLsaPolicyHandle PolicyHandle,
LsaLookupSidsFlags LookupOptions,
uint Count,
[In, MarshalAs(UnmanagedType.LPArray)] IntPtr[] Sids,
out SafeLsaMemoryHandle ReferencedDomains,
out SafeLsaMemoryHandle Names);
/// <summary>
/// Looks up a list of account names and returns information about each in a <see cref="SystemAccountInfo"/> class. Requires the
/// <see cref="DesiredAccess.LookupNames"/> right.
/// </summary>
/// <returns>Contains a corresponding result for each name provided in <paramref name="sids"/>.</returns>
/// <exception cref="ArgumentException">At least one user name must be supplied.</exception>
public IList <SystemAccountInfo> GetAccountInfo(bool preferInternetNames, bool disallowConnectedAccts, params SecurityIdentifier[] sids)
{
if (sids == null || sids.Length == 0)
{
throw new ArgumentException(@"At least one SecurityIdentifier must be supplied.", nameof(sids));
}
LsaLookupSidsFlags opts = (preferInternetNames ? LsaLookupSidsFlags.LSA_LOOKUP_PREFER_INTERNET_NAMES : 0) |
(disallowConnectedAccts ? LsaLookupSidsFlags.LSA_LOOKUP_DISALLOW_CONNECTED_ACCOUNT_INTERNET_SID : 0);
IEnumerable <PinnedSid> psids = sids.Select(s => new PinnedSid(s));
NTStatus ret = LsaLookupSids2(Handle, opts, (uint)sids.Length, psids.Select(s => s.PSID).ToArray(), out SafeLsaMemoryHandle domains, out SafeLsaMemoryHandle names);
if (ret != NTStatus.STATUS_SUCCESS && ret != NTStatus.STATUS_SOME_NOT_MAPPED)
{
ThrowIfLsaError(ret);
}
LSA_TRUST_INFORMATION[] d = domains.DangerousGetHandle().ToStructure <LSA_REFERENCED_DOMAIN_LIST>().DomainList.ToArray();
LSA_TRANSLATED_NAME[] tn = names.DangerousGetHandle().ToIEnum <LSA_TRANSLATED_NAME>(sids.Length).ToArray();
var retVal = new SystemAccountInfo[sids.Length];
for (var i = 0; i < sids.Length; i++)
{
retVal[i] = new SystemAccountInfo(tn[i].Name.ToString(), tn[i].Use, sids[i], tn[i].DomainIndex, d);
}
return(retVal);
}
