Directory Services


The DsGetForestTrustInformationW function obtains forest trust data for a specified domain.

DWORD DsGetForestTrustInformationW(
  LPCWSTR ServerName,
  LPCWSTR TrustedDomainName,
  DWORD Flags,


[in, optional] Contains the name of the domain controller that DsGetForestTrustInformationW is connected remotely to. The caller must be an authenticated user on this server. If this parameter is NULL, the local server is used.
[in, optional] Contains the NETBIOS or DNS name of the trusted domain that the forest trust data is to be retrieved for. This domain must have the TRUST_ATTRIBUTE_FOREST_TRANSITIVE trust attribute. For more information, see TRUSTED_DOMAIN_INFORMATION_EX.

If this parameter is NULL, the forest trust data for the domain hosted by ServerName is retrieved.

[in] Contains a set of flags that modify the behavior of this function. This can be be zero or the following value.
Value Meaning
DS_GFTI_UPDATE_TDO If this flag is set, DsGetForestTrustInformationW will update the forest trust data of the trusted domain identified by the TrustedDomainName parameter. In this case, the TrustedDomainName parameter cannot be NULL. The caller must have access to modify the trust data or ERROR_ACCESS_DENIED is returned.

This flag is only valid if ServerName specifies the primary domain controller of the domain.

[out] Pointer to an LSA_FOREST_TRUST_INFORMATION structure pointer that receives the forest trust data that describes the namespaces claimed by the domain specified by TrustedDomainName. The Time member of all returned records will be zero.

The caller must free this structure when it is no longer required by calling NetApiBufferFree.

Return Values

Returns NO_ERROR if successful or a Win32 error code otherwise. Possible error codes include the following.
Return Code Description
ERROR_INVALID_FLAGS The Flags parameter contains one or more invalid flags.
ERROR_INVALID_FUNCTION The domain specified by TrustedDomainName does not have the TRUST_ATTRIBUTE_FOREST_TRANSITIVE trust attribute on the trusted domian controller.
ERROR_NO_SUCH_DOMAIN The domain specified by TrustedDomainName does not exist or does not have that TRUST_ATTRIBUTE_FOREST_TRANSITIVE trust attribute on the server identified by the ServerName parameter.


Client: Included in Windows XP and Windows 2000 Professional.
Server: Included in Windows Server 2003 and Windows 2000 Server.
Unicode: Implemented as Unicode version only.
Header: Declared in Dsgetdc.h.
Library: Use Netapi32.lib.

See Also

TRUSTED_DOMAIN_INFORMATION_EX, Directory Service Functions, NetApiBufferFree