Andrew/Tridge,
I just want to close loop on this request even we already worked together
and resolved the related issue. I want to make sure the document is updated
properly to include the error conditions.
The first error can be returned by Windows DC handling IDL_DRSAddEntry if it
is a Domain Naming FSMO role owner but its ownership canotn be validated
because the DC has never been synchronized with any existing partners. This
is not explicitly called out in the document. I filed a request to specify
this condition.
For the second error, when the nTDSDSA object is created under server object,
it needs to find an existing crossRef that matches the domain name. If it
cannot be found , then ERROR_DS_NO_CROSSREF_FOR_NC will be returned. The
logic is specified in the subroutine CreateNtdsDsa (4.1.1.2.3 MS-DSRS),which
is called by IDL_DRSAddEntry() as following:
domainCR := select one v from ConfigNC() where v!nCName = domainName
and crossRef in v!objectClass
and FLAG_CR_NTDS_DOMAIN in v!systemFlags
We need to update the error condition here mentioning if domainCR cannot be
found, then ERROR_DS_NO_CROSSREF_FOR_NC will be returned. This explains
that his your workaround is the correct way.
I will send you the final update when it is available. Please let me know
if there is any more questions regarding this issue.
Thanks!
Hongwei
-----Original Message-----
From: Andrew Bartlett [mailto:abart...@samba.org]
Sent: Tuesday, August 30, 2011 11:29 PM
To: Interoperability Documentation Help
Cc: cifs-protocol@cifs.org
Subject: Errors when doing a DsAddEntry
We have been looking at DRSUAPI/DsAddEntry, and have a few questions.
We are trying to implement subdomain support in Samba4 before the plugfest.
We have been able to generate error cases that do not seem to be 'possible' in
the docs. Can you please clarify exactly what errors this function should be
able to return, and document how to avoid these:
in join-s1.txt we have an error that is only listed in the docs when removing a
DC from the domain.
extended_err : WERR_DS_ROLE_NOT_VERIFIED
This is currently blocking us. Our only theory is that we must perform a
replication cycle before we do this call.
in join-s1-2.txt we have another error, that we worked around by creating the
partitions object before creating the server object.
However, as we need to match the server-side behaviour, we need to know the
undocumented circumstances that cause this error.
extended_err : WERR_DS_NO_CROSSREF_FOR_NC
Finally, is there any documentation of the high-level procedure for creating a
subdomain?
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
_______________________________________________
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
