[MS-DFSRH]: DFS Replication Helper Protocol Specification

More documents

Recommendations

Info

3.1.5.2.3 ModifyObject Method (Opnum 5)The ModifyObject method MUST execute an LDAP command under machine security credentials toadd, delete, or modify attributes of an Active Directory object with a specified distinguishedname.HRESULT ModifyObject([in] BSTR domainControllerName,[in] BSTR distinguishedName,[in] SAFEARRAY(_AdAttributeData)* attributes);domainControllerName: MUST be the FQDN of the domain controller to which the methodsends the LDAP request. The format of the distinguished name is specified in [RFC2251]section 4.1.3.distinguishedName: MUST be the distinguished name of the Active Directory object beingmodified. The distinguished name of any object in Active Directory MAY be used.attributes: MUST be the safe array of attributes that are to be added, modified, or deleted.Return Values: The method MUST return:• 0 on success.• For LDAP protocol failures:• If the LDAP error is LDAP_OPERATIONS_ERROR, dfsrHelperLdapErrorBase + the serversideerror code.• For all other LDAP errors, dfsrHelperLdapErrorBase + the LDAP return code. For moreinformation, see [LDAP-ERR].• For all other failures, an implementation-specific nonzero HRESULT error code, as specifiedin [MS-ERREF] section 2.1, between 0x80000000 and 0xFFFFFFFF. For protocol purposes,all nonzero values MUST be treated as equivalent failures.After the server receives this message, it MUST check whether the caller has sufficient rights toperform the operation. The implementation SHOULD perform a platform-specific check to verify thatthe rights are appropriate for the modification of Active Directory objects.• If the user does not have sufficient rights, the server MUST fail the operation immediately andreturn the dfsrHelperErrorNotLocalAdmin error code as its response to the client.• If the server fails to perform this security check because of an implementation-specific failure,the server MUST fail the operation immediately and return an appropriate error as its response tothe client.If the security check succeeds and the server can verify that the user has sufficient rights, theserver MUST proceed to the next steps of the method.When the server receives this message, it MUST validate the parameters:• Verify that domainControllerName and distinguishedName are not NULL and are not emptystrings.[MS-DFSRH] – v20080207DFS Replication Helper Protocol SpecificationCopyright © 2008 Microsoft Corporation.Release: Thursday, February 7, 200856 / 81
If parameter validation fails, the server MUST fail the operation immediately and return anappropriate error as its response to the client.If both the security check and the parameter validation succeed, the server MUST create a newLDAP command for modifying an existing Active Directory object with the specified distinguishedname and attributes.The server MUST execute this LDAP command against the domain controller that is specified indomainControllerName and check the return value of the LDAP protocol.If the LDAP protocol returns LDAP_SUCCESS, the server MUST return zero to the caller to indicatethe success of the call; otherwise, if the LDAP protocol returns any return code other thanLDAP_SUCCESS, the server MUST return the following error code to the caller:• If the error is LDAP_OPERATIONS_ERROR, the server gets the server-side error code of the LDAPoperation and MUST return dfsrHelperLdapErrorBase + the server-side error code to the caller.• For all other LDAP errors, the server MUST return dfsrHelperLdapErrorBase + the LDAP returncode to the caller.3.1.5.3 IADProxy2 InterfaceThe IADProxy2 interface, as specified in MS-DCOM, inherits from the IADProxy interface, which inturn inherits from the IUnknown interface. Method opnum field values start with 6. Opnum values 0through 2 represent the IUnknown::QueryInterface, AddRef, and Release methods, respectively.Opnums 3 through 5 are inherited from IADProxy.To receive incoming remote calls for this interface, the server MUST implement a DCOM object usingthe UUID {C4B0C7D9-ABE0-4733-A1E1-9FDEDF260C7A}.In these methods, the DFS-R Helper Protocol calls several Windows APIs and returns the error codesthat are returned by these APIs. These are referred to as nonzero implementation-specific errorcodes in the following sections.Methods in RPC Opnum OrderMethodCreateObjectDeleteObjectModifyObjectDescriptionCreate an Active Directory object with the specified distinguished name and attributes.Opnum: 6Delete an Active Directory object with the specified distinguished name and attributes.Opnum: 7Add, delete, or modify attributes of the specified Active Directory object.Opnum: 83.1.5.3.1 CreateObject Method (Opnum 6)The CreateObject method MUST execute an LDAP command under machine security credentials, orfor a cluster, under the specified network name credentials in order to create an Active Directoryobject that has a specific distinguished name and attributes.HRESULT CreateObject([in] BSTR domainControllerName,[MS-DFSRH] – v20080207DFS Replication Helper Protocol SpecificationCopyright © 2008 Microsoft Corporation.Release: Thursday, February 7, 200857 / 81
Page 2 and 3:
DateRevisionHistoryRevisionClassCom
Page 4 and 5:
2.2.1.5.17.11 EVENT_DFSR_VOLUME_JOU
Page 6 and 7: 1 IntroductionThe Distributed File
Page 8 and 9: [UNICODE4.0] The Unicode Consortium
Page 10 and 11: • IServerHealthReportThe IADProxy
Page 12 and 13: For more information about this LDA
Page 14 and 15: versionVector: MUST be the version
Page 16 and 17: Child ElementsElement Type Descript
Page 18 and 19: Element Type DescriptionbacklogInbo
Page 20 and 21: Child ElementsElement Type Descript
Page 22 and 23: Element Type DescriptionfileFilter
Page 24 and 25: 24 / 81[MS-DFSRH] - v20080207DFS Re
Page 26 and 27: Element Type Descriptionerror error
Page 28 and 29: Element Type Descriptionimplementat
Page 30 and 31: 2.2.1.5.15 errorReferences ElementT
Page 32 and 33: When the server detects any of the
Page 34 and 35: Error parameters:Ref IDMeaning1312.
Page 36 and 37: 2.2.1.5.17.13 EVENT_DFSR_CS_ERROR M
Page 38 and 39: Ref IDMeaning4206.8 The name of the
Page 40 and 41: Ref IDMeaning4304.2 The file path.4
Page 42 and 43: Ref IDMeaning4502.4 The name of the
Page 44 and 45: Ref IDMeaning5102.1 The replicated
Page 46 and 47: Ref IDMeaning6008.1 The configurati
Page 48 and 49: Ref IDMeaning6402.8 The member GUID
Page 50 and 51: Ref IDMeaning6410.3 The overlapped
Page 52 and 53: 3 Protocol Details3.1 Server Role D
Page 54 and 55: If the user does not have sufficien
Page 58 and 59: [in] BSTR distinguishedName,[in] SA
Page 60 and 61: [in] BSTR distinguishedName,[in] SA
Page 62 and 63: flags: Any values of the DfsrReport
Page 64 and 65: and 0xFFFFFFFF on failure. For prot
Page 66 and 67: 3.1.5.4.6 GetReferenceBacklogCount
Page 68 and 69: 4 Protocol Examples4.1 Example of M
Page 70 and 71: 0127727764510000000Monday, October
Page 72 and 73: 6 Appendix A: Full IDLThe DFS-R Hel
Page 74 and 75: [in] long flags,[out] SAFEARRAY(_Ve
Page 76 and 77: The IADProxy2 interface is availabl
Page 78 and 79: Section 2.2.1.5.17.22: This error i
Page 80 and 81: GlossaryHHealth report XML exampleH
show all

[MS-DFSRH]: DFS Replication Helper Protocol Specification

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?