6.3.1.9 NETLOGON_SAM_LOGON_RESPONSE_EX

The NETLOGON_SAM_LOGON_RESPONSE_EX structure is the second extended version of the server's response to an LDAP ping (section 6.3.3) or a mailslot ping (section 6.3.5).

Opcode (2 bytes): Operation code (see section 6.3.1.3).

Sbz (2 bytes): This MUST be set to 0.

Flags (4 bytes): DS_FLAG Options (see section 6.3.1.2).

DomainGuid (16 bytes): The value of the NC's GUID attribute specified as a GUID structure, which is defined in [MS-DTYP] section 2.3.4.

DnsForestName (variable): UTF-8 encoded value of the DNS name of the forest, compressed as specified in [RFC1035] section 4.1.4. To get the decompressed string, see section 6.3.7.

DnsDomainName (variable): UTF-8 encoded value of the DNS name of the NC, compressed as specified in [RFC1035] section 4.1.4. To get the decompressed string, see section 6.3.7.

DnsHostName (variable): UTF-8 encoded value of the DNS name of the server, compressed as specified in [RFC1035] section 4.1.4. To get the decompressed string, see section 6.3.7.

NetbiosDomainName (variable): UTF-8 encoded value of the NetBIOS name of the NC, compressed as specified in [RFC1035] section 4.1.4. To get the decompressed string, see section 6.3.7.

NetbiosComputerName (variable): UTF-8 encoded value of the NetBIOS name of the server, compressed as specified in [RFC1035] section 4.1.4. To get the decompressed string, see section 6.3.7.

UserName (variable): UTF-8 encoded value of the user specified in the client's request, compressed as specified in [RFC1035] section 4.1.4. To get the decompressed string, see section 6.3.7.

DcSiteName (variable): UTF-8 encoded value of the site name of the server, compressed as specified in [RFC1035] section 4.1.4. To get the decompressed string, see section 6.3.7.

ClientSiteName (variable): UTF-8 encoded value of the site name of the client, compressed as specified in [RFC1035] section 4.1.4. To get the decompressed string, see section 6.3.7.

DcSockAddrSize (1 byte): A CHAR that contains the size of the server's IP address. This field is included only if the client specifies NETLOGON_NT_VERSION_5EX_WITH_IP in the request.

DcSockAddr (16 bytes): The domain controller IPv4 address, structured as shown in the following diagram. This field is included only if the client specifies NETLOGON_NT_VERSION_5EX_WITH_IP in the request.

0	1	2	3	4	5	6	7	8	9	1 0	1	2	3	4	5	6	7	8	9	2 0	1	2	3	4	5	6	7	8	9	3 0	1
sin_family																sin_port
sin_addr
sin_zero
...

sin_family (2 bytes): The socket family, represented in little-endian byte order. The value SHOULD always be AF_INET (that is, 2).

sin_port (2 bytes): The socket port, represented in little-endian byte order. The value SHOULD always be zero.

sin_addr (4 bytes): The socket address, represented in big-endian byte order. The value is an IPv4 address. If the domain controller does not have an IPv4 address, this value SHOULD be 127.0.0.1.

sin_zero (8 bytes): Reserved. MUST be set to zero when sending and ignored on receipt.

NextClosestSiteName (variable): This field is included only if the client specifies NETLOGON_NT_VERSION_WITH_CLOSEST_SITE in the request, and if the responding DC has DC functional level DS_BEHAVIOR_WIN2008 or greater. When included, NextClosestSiteName contains the name of the site that is closest by cost to ClientSiteName without being equal to it. The site name is UTF-8 encoded, compressed as specified in [RFC1035] section 4.1.4. To get the decompressed string, see section 6.3.7.

NtVersion (4 bytes): NETLOGON_NT_VERSION_1 | NETLOGON_NT_VERSION_5EX.

LmNtToken (2 bytes): This MUST be set to 0xFFFF.

Lm20Token (2 bytes): This MUST be set to 0xFFFF.

Note All multibyte quantities are represented in little-endian byte order.