0

Windows has a builtin standard dialog (the "Directory Object Picker") that Win32 applications can use to let the user choose from all system-recognized user accounts for further processing by the application. This is usually accessed via the documented IDsObjectPicker COM interface. Under NT 4.0 and older, a different standard dialog was used.

However it is unclear how to use this when a Windows machine is joined to an Azure AD domain or uses a Microsoft Account (in the cloud, formerly known as MS Passport) for logging on, as is supported by Windows 2012 (Win8) and later.

So that is the question. What options can be used to make this dialog work with such cloud based accounts, or is there a newer standard dialog to use for the job?

I tried using existing application code that displayed the IDsObjectPicker dialog on a Windows 11 machine joined to an AzureAD domain, but the dialog wouldn't allow me to select even the cloud account I was logged in with when running the code.

The existing code set DSOP_SCOPE_INIT_INFO::FilterFlags.Uplevel.flBothModes to DSOP_FILTER_USERS and provided the interface with multiple variations of such scope descriptions to cover all traditional system configurations.

jb_dk
  • 117
  • 6
  • 1
    Try different `DSOP_SCOPE_INIT_INFO::flType`, [Flags that indicate the scope types described by this structure. You can combine multiple scope types if all specified scopes use the same settings](https://learn.microsoft.com/en-us/windows/win32/api/objsel/ns-objsel-dsop_scope_init_info#members). – YangXiaoPo-MSFT Jun 13 '23 at 05:18
  • Figuring out the relevant scope types and other option bits from the lack of documentation is a hard problem, that is why I ask. – jb_dk Jun 14 '23 at 08:28
  • Note that the 7 "related" questions listed by Stackoverflow below are all clearly unrelated to using winapi prompting the Windows user to choose a (possibly different) Windows user from Azure-active-directory or microsoft-account to grant permissions to. – jb_dk Jun 22 '23 at 07:51

0 Answers0