[MS-DFSRH]: DFS Replication Helper Protocol Specification

More documents

Recommendations

Info

If the user does not have sufficient rights, the server MUST fail the operation immediately andreturn the dfsrHelperErrorNotLocalAdmin error code as its response to the client.If the server fails to perform this check because of an implementation-specific failure, the serverMUST fail the operation immediately and return an appropriate error as its response to the client.If the check succeeds and the server can verify that the user has sufficient rights, the server MUSTproceed to the next steps of the method.After it receives this message, the server MUST validate the parameters:• Verify that domainControllerName and distinguishedName are not NULL and are not emptystrings.• Verify that attributes are not NULL and present a valid one-dimensional safe array. SAFEARRAY isas specified in [MS-DCOM]. For more information, see [SAFEARRAY].If parameter validation fails, the server MUST immediately fail the operation and return anappropriate error as its response to the client.If both the security check and the parameter validation succeed, the server MUST create a newLDAP command for creating a new Active Directory object that has the specified distinguished nameand attributes.If the verifyNameDomainControllerName parameter is not NULL or is an empty string, the serverMUST append the LDAP_SERVER_VERIFY_NAME_OID control to the LDAP command. The value ofthe verifyNameDomainControllerName parameter MUST be passed to this control as a value. If forany reason this control cannot be created or appended to the command, the server MUST fail theoperation immediately and return the dfsrHelperErrorCreateVerifyServerControl error code as itsresponse to the client.Otherwise, the server MUST execute the LDAP command against the domain controller that isspecified in domainControllerName and check the return value of the LDAP protocol.If the LDAP protocol returns LDAP_SUCCESS, the server MUST return zero to the caller to indicatethe success of the call; otherwise, if the LDAP protocol returned any return code other thanLDAP_SUCCESS, the server MUST return the following error code to the caller:• If the error is LDAP_OPERATIONS_ERROR, the server gets the server-side error code of the LDAPoperation and MUST return dfsrHelperLdapErrorBase + the server-side error code to the caller.• For all other LDAP errors, the server MUST return dfsrHelperLdapErrorBase + the LDAP returncode to the caller.3.1.5.2.2 DeleteObject Method (Opnum 4)The DeleteObject method MUST execute an LDAP command under machine security credentials todelete an Active Directory object with a specified distinguished name.HRESULT DeleteObject([in] BSTR domainControllerName,[in] BSTR distinguishedName);domainControllerName: MUST be the FQDN of the domain controller to which the methodsends the LDAP command.[MS-DFSRH] – v20080207DFS Replication Helper Protocol SpecificationCopyright © 2008 Microsoft Corporation.Release: Thursday, February 7, 200854 / 81
distinguishedName: MUST be the distinguished name of the Active Directory object that isbeing deleted. The distinguished name of any object in Active Directory can be used. Theformat of the distinguished name is specified in [RFC2251] section 4.1.3.Return Values: The method MUST return:• 0 on success.• For LDAP protocol failures:• If the LDAP error is LDAP_OPERATIONS_ERROR, dfsrHelperLdapErrorBase + the serversideerror code.• For all other LDAP errors, dfsrHelperLdapErrorBase + the LDAP return code. For moreinformation, see [LDAP-ERR].• For all other failures, an implementation-specific nonzero HRESULT error code, as specifiedin [MS-ERREF] section 2.1, between 0x80000000 and 0xFFFFFFFF. For protocol purposes,all nonzero values MUST be treated as equivalent failures.After receiving this message, the server MUST check whether the caller has sufficient rights toperform the operation. The implementation SHOULD perform a platform-specific check to verify thatthe rights are appropriate for the deletion of Active Directory objects.• If the user does not have sufficient rights, the server MUST fail the operation immediately andreturn the dfsrHelperErrorNotLocalAdmin error code as its response to the client.• If the server fails to perform this check because of an implementation-specific failure, the serverMUST fail the operation immediately and return an appropriate error as its response to theclient.If the check succeeds and the server can verify that the user has sufficient rights, the server MUSTproceed to the next steps of the method.After the server receives this message, it MUST validate the parameters:• Verify that domainControllerName and distinguishedName are not NULL and are not emptystrings.• If parameter validation fails, the server MUST fail the operation immediately and return anappropriate error as its response to the client.If both the security check and the parameter validation succeed, the server MUST create a newLDAP command to delete an existing Active Directory object with the specified distinguished name.The server MUST execute this LDAP command against the domain controller that is specified indomainControllerName and check the return value of the LDAP protocol.If the LDAP protocol returns LDAP_SUCCESS, the server MUST return zero to the caller to indicatethe success of the call; otherwise, if the LDAP protocol returned any return code other thanLDAP_SUCCESS, the server MUST return the following error code to the caller:• If the error is LDAP_OPERATIONS_ERROR, the server gets the server-side error code of the LDAPoperation and MUST return dfsrHelperLdapErrorBase + the server-side error code to the caller.• For all other LDAP errors, the server MUST return dfsrHelperLdapErrorBase + the LDAP returncode to the caller.[MS-DFSRH] – v20080207DFS Replication Helper Protocol SpecificationCopyright © 2008 Microsoft Corporation.Release: Thursday, February 7, 200855 / 81
Page 2 and 3:
DateRevisionHistoryRevisionClassCom
Page 4 and 5: 2.2.1.5.17.11 EVENT_DFSR_VOLUME_JOU
Page 6 and 7: 1 IntroductionThe Distributed File
Page 8 and 9: [UNICODE4.0] The Unicode Consortium
Page 10 and 11: • IServerHealthReportThe IADProxy
Page 12 and 13: For more information about this LDA
Page 14 and 15: versionVector: MUST be the version
Page 16 and 17: Child ElementsElement Type Descript
Page 18 and 19: Element Type DescriptionbacklogInbo
Page 20 and 21: Child ElementsElement Type Descript
Page 22 and 23: Element Type DescriptionfileFilter
Page 24 and 25: 24 / 81[MS-DFSRH] - v20080207DFS Re
Page 26 and 27: Element Type Descriptionerror error
Page 28 and 29: Element Type Descriptionimplementat
Page 30 and 31: 2.2.1.5.15 errorReferences ElementT
Page 32 and 33: When the server detects any of the
Page 34 and 35: Error parameters:Ref IDMeaning1312.
Page 36 and 37: 2.2.1.5.17.13 EVENT_DFSR_CS_ERROR M
Page 38 and 39: Ref IDMeaning4206.8 The name of the
Page 40 and 41: Ref IDMeaning4304.2 The file path.4
Page 42 and 43: Ref IDMeaning4502.4 The name of the
Page 44 and 45: Ref IDMeaning5102.1 The replicated
Page 46 and 47: Ref IDMeaning6008.1 The configurati
Page 48 and 49: Ref IDMeaning6402.8 The member GUID
Page 50 and 51: Ref IDMeaning6410.3 The overlapped
Page 52 and 53: 3 Protocol Details3.1 Server Role D
Page 56 and 57: 3.1.5.2.3 ModifyObject Method (Opnu
Page 58 and 59: [in] BSTR distinguishedName,[in] SA
Page 60 and 61: [in] BSTR distinguishedName,[in] SA
Page 62 and 63: flags: Any values of the DfsrReport
Page 64 and 65: and 0xFFFFFFFF on failure. For prot
Page 66 and 67: 3.1.5.4.6 GetReferenceBacklogCount
Page 68 and 69: 4 Protocol Examples4.1 Example of M
Page 70 and 71: 0127727764510000000Monday, October
Page 72 and 73: 6 Appendix A: Full IDLThe DFS-R Hel
Page 74 and 75: [in] long flags,[out] SAFEARRAY(_Ve
Page 76 and 77: The IADProxy2 interface is availabl
Page 78 and 79: Section 2.2.1.5.17.22: This error i
Page 80 and 81: GlossaryHHealth report XML exampleH
show all

[MS-DFSRH]: DFS Replication Helper Protocol Specification

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?