| 术语 | netjoindomain |
| 释义 | NetJoinDomain 语法: C++ NET_API_STATUS NetJoinDomain( __in LPCWSTR lpServer, __in LPCWSTR lpDomain, __in LPCWSTR lpAccountOU, __in LPCWSTR lpAccount, __in LPCWSTR lpPassword, __in DWORD fJoinOptions ); NetJoinDomain功能 该NetJoinDomain函数将计算机加入到工作组或域。 参数 lpServer [in] 一个常量字符串,它指定的DNS或NetBIOS的计算机上执行该域加入操作名称的指针。如果该参数为NULL,则使用本地计算机。 lpDomain [in] 阿为一个恒定的空指针结尾的字符串指定域的名称或工作组参加。 或者,您可以指定首选域控制器来执行联接操作。在这种情况下,该字符串必须是形式的域名\\计算机名,其中DomainName是域的加入名称,MachineName是域控制器的名称来执行联接。 lpAccountOU [in] 还可以指定指针常量NULL结尾的字符串,其中包含的RFC 1779格式的组织单位名称(OU)中的计算机帐户。如果指定这个参数,字符串必须包含完整路径,例如,欧= testOU,DC =域,DC =域,dc = com的。否则,此参数必须为NULL。 lpAccount [in] 阿为一个恒定的空指针结尾的字符串,指定的帐户时所使用的名称连接到域控制器。该字符串必须指定一个域的NetBIOS名称和用户帐户(例如,雷德蒙德\\用户)或用户主要名称(UPN)在一个互联网的形式向用户式(例如登录名,“有人@例子。 com“的)。如果该参数为NULL,则调用方的上下文被使用。 lpPassword [in] 如果lpAccount参数指定的帐户名,此参数必须指向要使用的密码当连接到域控制器。否则,此参数必须为NULL。 您可以指定一个本地机器帐户密码,而不是为无担保加入用户的密码。有关详细信息,请参阅在fJoinOptions参数描述的NETSETUP_MACHINE_PWD_PASSED标志说明。 fJoinOptions [in] 一个位确定加入选项标志设置。此参数可以是一个或在Lmjoin.h头文件中定义多个下列值。 ValueMeaning NETSETUP_JOIN_DOMAIN 0x00000001Joins到一个域的计算机。如果该值未指定,计算机加入到工作组。 NETSETUP_ACCT_CREATE 0x00000002Creates在域上的帐户。 NETSETUP_WIN9X_UPGRADE 0x00000010The发生一起操作,作为升级的一部分。 NETSETUP_DOMAIN_JOIN_IF_JOINED 0x00000020Allows联接到一个新的领域,即使计算机已经加入到域。 NETSETUP_JOIN_UNSECURE 0x00000040Performs一个不安全的连接。 此选项请求域加入到预先创建的未与域用户帐户的身份验证凭据。此选项可以被用于与NETSETUP_MACHINE_PWD_PASSED选择一起。在这种情况下,lpPassword是前密码创建的计算机帐户。 在此之前的Windows Vista SP1和Windows Server 2008,一个不安全的连接并没有验证到域控制器。所有的沟通进行使用空(未经)会议。带有SP1的Windows和Windows Server 2008 Vista开始,计算机帐户名和密码是用来验证到域控制器。 NETSETUP_MACHINE_PWD_PASSED 0x00000080Indicates的lpPassword参数指定本地计算机帐户密码,而不是用户的密码。这个标志只为无担保的有效联接,您必须示意还设置NETSETUP_JOIN_UNSECURE标志。 如果您设置此标志,那么,在联接操作成功,机器密码将被设置为lpPassword值,如果该值是一个有效的机器的密码。 NETSETUP_DEFER_SPN_SET 0x00000100Indicates,关于计算机对象的服务主体名称(SPN)和DnsHostName属性不应该在这个时候更新。 通常,这些属性被更新联接操作过程中。相反,这些特性应该更新了随后调用NetRenameMachineInDomain功能。这些属性是不断更新的过程中重命名操作。有关详细信息,请参阅下面的备注部分。 NETSETUP_JOIN_WITH_NEW_NAME 0x00000400Join目标机器lpServer参数从指定的关于在lpServer参数中指定的机器的注册表中查询一个新名称。 使用此选项如果SetComputerNameEx已被调用之前,重新启动计算机。新的计算机的名称不会采取直到重新启动后生效。使用此选项,调用函数指示NetJoinDomain过程中使用域加入行动的新名称。需要重新启动后调用NetJoinDomain成功,届时无论是计算机的名称的变化和域成员身份变化已影响。 Windows XP/2000操作系统:这个标志是不支持。 NETSETUP_JOIN_READONLY 0x00000800Join目标机器lpServer参数中指定使用预先创建的,而不需要写域控制器的帐户。 此选项提供了能够加入到域的机器如果帐户已经置备并复制到一个只读的域控制器。目标只读域控制器是作为lpDomain参数部分指定的域名后,由一个'\\'字符分隔。这种配置必须包括机器的秘密。计算机帐户必须添加通过组作密码复制政策允许列表成员,和帐户密码必须复制到只读域控制器之前联接操作。有关详细信息,请参阅密码复制策略管理信息。 与Windows 7,一个备用机制开始是使用脱机域加入机制。有关更多信息,请参阅NetProvisionComputerAccount和NetRequestOfflineDomainJoin功能。 Windows Server 2003和Windows XP/2000操作系统:这个标志是不支持。 返回值 如果函数成功,返回值是NERR_Success。 如果函数失败,返回值可以是下面的错误代码或系统错误代码之一。 返回codeDescription ERROR_ACCESS_DENIEDAccess被拒绝。返回此错误如果调用方是不是管理员成员在目标计算机上的本地组。 ERROR_INVALID_PARAMETERA参数不正确。返回此错误,如果lpDomain参数为NULL。 ERROR_NO_SUCH_DOMAINThe指定的域不存在。 NERR_InvalidWorkgroupNameThe指定的工作组名称无效。 NERR_SetupAlreadyJoinedThe计算机已经加入到域。 NERR_WkstaNotStartedThe工作站服务尚未启动。 RPC_S_CALL_IN_PROGRESSA远程过程调用已在进行此线程。 RPC_S_PROTSEQ_NOT_SUPPORTEDThe远程过程调用协议序列不支持。 备注 加入(和unjoining)一到域或工作组计算机可以执行只能由管理员成员在目标计算机上的本地组。请注意,域管理员可以设置加入域的使用授权和权限分配的额外要求。 如果调用NetJoinDomain函数远程,您必须提供凭据,因为您不能在这些情况下委托证书。 不同的过程,或同一进程不同线程,不应该调用同时NetJoinDomain功能。这种情况可能会留在不一致的状态计算机。 如果遇到一个联接操作发生了问题,您不应该删除的计算机帐户,并立即按照与另一个连接尝试删除。这可能导致复制相关的问题,难以进行调查。当您删除计算机帐户,等到更改已复制,然后再尝试另一起行动,所有域控制器。 重新启动系统后,需要调用的操作来完成NetJoinDomain功能。 Windows Server 2003和Windows XP的:当一个到NetJoinDomain函数调用之前调用的NetRenameMachineInDomain函数,您应该推迟到重命名操作的SPN和计算机上的对象DnsHostName属性更新。这是因为联接操作可以在某些情况下失败。是这种情况的一个例子是,当该SPN是从当前计算机的名称是无效的所得在新域中的计算机连接,但该SPN从派生的新名称,计算机将重命名操作后,是有效的在新的领域。在这种形势下,NetJoinDomain调用失败,除非您推迟到指定的命名在fJoinOptions参数NETSETUP_DEFER_SPN_SET标志当调用NetJoinDomain运作的两个属性更新。 要求: 最低支持:client-Windows 2000专业版 最低支持server-Windows 2000服务器 HeaderLmjoin.h(包括Lm.h) LibraryNetapi32.lib DLLNetapi32.dll 参见 网络管理概述 网络管理功能 NetAddAlternateComputerName NetEnumerateComputerNames NetProvisionComputerAccount NetRemoveAlternateComputerName NetRenameMachineInDomain NetRequestOfflineDomainJoin NetSetPrimaryComputerName NetUnjoinDomain 脱机域加入,分步指南 密码复制策略管理 如果有任何问题和意见,请发送给微软(wsddocfb@microsoft.com) 生成日期:2009年8月13日 ==英文原文==NetJoinDomain Function The NetJoinDomain function joins a computer to a workgroup or domain. Syntax C++ NET_API_STATUS NetJoinDomain( __in LPCWSTR lpServer, __in LPCWSTR lpDomain, __in LPCWSTR lpAccountOU, __in LPCWSTR lpAccount, __in LPCWSTR lpPassword, __in DWORD fJoinOptions ); Parameters lpServer [in] A pointer to a constant string that specifies the DNS or NetBIOS name of the computer on which to execute the domain join operation. If this parameter is NULL, the local computer is used. lpDomain [in] A pointer to a constant null-terminated character string that specifies the name of the domain or workgroup to join. Optionally, you can specify the preferred domain controller to perform the join operation. In this instance, the string must be of the form DomainName\\MachineName, where DomainName is the name of the domain to join, and MachineName is the name of the domain controller to perform the join. lpAccountOU [in] Optionally specifies the pointer to a constant null-terminated character string that contains the RFC 1779 format name of the organizational unit (OU) for the computer account. If you specify this parameter, the string must contain a full path, for example, OU=testOU,DC=domain,DC=Domain,DC=com. Otherwise, this parameter must be NULL. lpAccount [in] A pointer to a constant null-terminated character string that specifies the account name to use when connecting to the domain controller. The string must specify either a domain NetBIOS name and user account (for example, REDMOND\\user) or the user principal name (UPN) of the user in the form of an Internet-style login name (for example, "someone@example.com"). If this parameter is NULL, the caller's context is used. lpPassword [in] If the lpAccount parameter specifies an account name, this parameter must point to the password to use when connecting to the domain controller. Otherwise, this parameter must be NULL. You can specify a local machine account password rather than a user password for unsecured joins. For more information, see the description of the NETSETUP_MACHINE_PWD_PASSED flag described in the fJoinOptions parameter. fJoinOptions [in] A set of bit flags defining the join options. This parameter can be one or more of the following values defined in the Lmjoin.h header file. ValueMeaning NETSETUP_JOIN_DOMAIN 0x00000001Joins the computer to a domain. If this value is not specified, joins the computer to a workgroup. NETSETUP_ACCT_CREATE 0x00000002Creates the account on the domain. NETSETUP_WIN9X_UPGRADE 0x00000010The join operation is occurring as part of an upgrade. NETSETUP_DOMAIN_JOIN_IF_JOINED 0x00000020Allows a join to a new domain even if the computer is already joined to a domain. NETSETUP_JOIN_UNSECURE 0x00000040Performs an unsecured join. This option requests a domain join to a pre-created account without authenticating with domain user credentials. This option can be used in conjunction with NETSETUP_MACHINE_PWD_PASSED option. In this case, lpPassword is the password of the pre-created machine account. Prior to Windows Vista with SP1 and Windows Server 2008, an unsecure join did not authenticate to the domain controller. All communication was performed using a null (unauthenticated) session. Starting with Windows Vista with SP1 and Windows Server 2008, the machine account name and password are used to authenticate to the domain controller. NETSETUP_MACHINE_PWD_PASSED 0x00000080Indicates that the lpPassword parameter specifies a local machine account password rather than a user password. This flag is valid only for unsecured joins, which you must indicate by also setting the NETSETUP_JOIN_UNSECURE flag. If you set this flag, then after the join operation succeeds, the machine password will be set to the value of lpPassword, if that value is a valid machine password. NETSETUP_DEFER_SPN_SET 0x00000100Indicates that the service principal name (SPN) and the DnsHostName properties on the computer object should not be updated at this time. Typically, these properties are updated during the join operation. Instead, these properties should be updated during a subsequent call to the NetRenameMachineInDomain function. These properties are always updated during the rename operation. For more information, see the following Remarks section. NETSETUP_JOIN_WITH_NEW_NAME 0x00000400Join the target machine specified in lpServer parameter with a new name queried from the registry on the machine specified in the lpServer parameter. This option is used if SetComputerNameEx has been called prior to rebooting the machine. The new computer name will not take effect until a reboot. With this option, the caller instructs the NetJoinDomain function to use the new name during the domain join operation. A reboot is required after calling NetJoinDomain successfully at which time both the computer name change and domain membership change will have taken affect. Windows XP/2000: This flag is not supported. NETSETUP_JOIN_READONLY 0x00000800Join the target machine specified in lpServer parameter using a pre-created account without requiring a writable domain controller. This option provides the ability to join a machine to domain if an account has already been provisioned and replicated to a read-only domain controller. The target read-only domain controller is specified as part of the lpDomain parameter, after the domain name delimited by a ‘\\’ character. This provisioning must include the machine secret. The machine account must be added via group membership into the allowed list for password replication policy, and the account password must be replicated to the read-only domain controller prior to the join operation. For more information, see the information on Password Replication Policy Administration . Starting with Windows 7, an alternate mechanism is to use the offline domain join mechanism. For more information, see the NetProvisionComputerAccount and NetRequestOfflineDomainJoin functions. Windows Server 2003 and Windows XP/2000: This flag is not supported. Return Value If the function succeeds, the return value is NERR_Success. If the function fails, the return value can be one of the following error codes or one of the system error codes . Return codeDescription ERROR_ACCESS_DENIEDAccess is denied. This error is returned if the caller was not a member of the Administrators local group on the target computer. ERROR_INVALID_PARAMETERA parameter is incorrect. This error is returned if the lpDomain parameter is NULL. ERROR_NO_SUCH_DOMAINThe specified domain did not exist. NERR_InvalidWorkgroupNameThe specified workgroup name is not valid. NERR_SetupAlreadyJoinedThe computer is already joined to a domain. NERR_WkstaNotStartedThe Workstation service has not been started. RPC_S_CALL_IN_PROGRESSA remote procedure call is already in progress for this thread. RPC_S_PROTSEQ_NOT_SUPPORTEDThe remote procedure call protocol sequence is not supported. Remarks Joining (and unjoining) a computer to a domain or workgroup can be performed only by a member of the Administrators local group on the target computer. Note that the domain administrator can set additional requirements for joining the domain using delegation and assignment of privileges. If you call the NetJoinDomain function remotely, you must supply credentials because you cannot delegate credentials under these circumstances. Different processes, or different threads of the same process, should not call the NetJoinDomain function at the same time. This situation can leave the computer in an inconsistent state. If you encounter a problem during a join operation, you should not delete a computer account and immediately follow the deletion with another join attempt. This can lead to replication-related problems that are difficult to investigate. When you delete a computer account, wait until the change has replicated to all domain controllers before attempting another join operation. A system reboot is required after calling the NetJoinDomain function for the operation to complete. Windows Server 2003 and Windows XP: When a call to the NetJoinDomain function precedes a call to the NetRenameMachineInDomain function, you should defer the update of the SPN and DnsHostName properties on the computer object until the rename operation. This is because the join operation can fail in certain situations. An example of such a situation is when the SPN that is derived from the current computer name is not valid in the new domain that the computer is joining, but the SPN derived from the new name that the computer will have after the rename operation is valid in the new domain. In this situation, the call to NetJoinDomain fails unless you defer the update of the two properties until the rename operation by specifying the NETSETUP_DEFER_SPN_SET flag in the fJoinOptions parameter when you call NetJoinDomain. Requirements Minimum supported clientWindows 2000 Professional Minimum supported serverWindows 2000 Server HeaderLmjoin.h (include Lm.h) LibraryNetapi32.lib DLLNetapi32.dll See Also Network Management Overview Network Management Functions NetAddAlternateComputerName NetEnumerateComputerNames NetProvisionComputerAccount NetRemoveAlternateComputerName NetRenameMachineInDomain NetRequestOfflineDomainJoin NetSetPrimaryComputerName NetUnjoinDomain Offline Domain Join Step-by-Step Guide Password Replication Policy Administration Send comments about this topic to Microsoft Build date: 8/13/2009 ==原始网址==http://msdn.microsoft.com/en-us/library/aa370433(VS.85).aspx\n |
| 随便看 |
|
windows api函数参考手册包含2258条windows api函数文档,详细介绍nodejs、java、rust调用windows api的方法技巧,是学习windows api编程的入门中文文档。