2 Unix SMB/CIFS implementation.
4 utility code to join/leave a domain
6 Copyright (C) Andrew Tridgell 2004
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 this code is used by other torture modules to join/leave a domain
24 as either a member, bdc or thru a trust relationship
28 #include "system/time.h"
29 #include "../lib/crypto/crypto.h"
30 #include "libnet/libnet.h"
31 #include "lib/cmdline/popt_common.h"
32 #include "librpc/gen_ndr/ndr_lsa_c.h"
33 #include "librpc/gen_ndr/ndr_samr_c.h"
35 #include "libcli/auth/libcli_auth.h"
36 #include "torture/rpc/torture_rpc.h"
37 #include "libcli/security/security.h"
38 #include "param/param.h"
41 struct dcerpc_pipe *p;
42 struct policy_handle user_handle;
43 struct policy_handle domain_handle;
44 struct libnet_JoinDomain *libnet_r;
45 struct dom_sid *dom_sid;
46 const char *dom_netbios_name;
47 const char *dom_dns_name;
48 struct dom_sid *user_sid;
49 struct GUID user_guid;
50 const char *netbios_name;
54 static NTSTATUS DeleteUser_byname(struct dcerpc_binding_handle *b,
56 struct policy_handle *handle, const char *name)
59 struct samr_DeleteUser d;
60 struct policy_handle user_handle;
62 struct samr_LookupNames n;
63 struct samr_Ids rids, types;
64 struct lsa_String sname;
65 struct samr_OpenUser r;
69 n.in.domain_handle = handle;
75 status = dcerpc_samr_LookupNames_r(b, mem_ctx, &n);
76 if (!NT_STATUS_IS_OK(status)) {
79 if (NT_STATUS_IS_OK(n.out.result)) {
80 rid = n.out.rids->ids[0];
85 r.in.domain_handle = handle;
86 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
88 r.out.user_handle = &user_handle;
90 status = dcerpc_samr_OpenUser_r(b, mem_ctx, &r);
91 if (!NT_STATUS_IS_OK(status)) {
92 printf("OpenUser(%s) failed - %s\n", name, nt_errstr(status));
95 if (!NT_STATUS_IS_OK(r.out.result)) {
96 printf("OpenUser(%s) failed - %s\n", name, nt_errstr(r.out.result));
100 d.in.user_handle = &user_handle;
101 d.out.user_handle = &user_handle;
102 status = dcerpc_samr_DeleteUser_r(b, mem_ctx, &d);
103 if (!NT_STATUS_IS_OK(status)) {
106 if (!NT_STATUS_IS_OK(d.out.result)) {
114 create a test user in the domain
115 an opaque pointer is returned. Pass it to torture_leave_domain()
119 struct test_join *torture_create_testuser_max_pwlen(struct torture_context *torture,
120 const char *username,
123 const char **random_password,
127 struct samr_Connect c;
128 struct samr_CreateUser2 r;
129 struct samr_OpenDomain o;
130 struct samr_LookupDomain l;
131 struct dom_sid2 *sid = NULL;
132 struct samr_GetUserPwInfo pwp;
133 struct samr_PwInfo info;
134 struct samr_SetUserInfo s;
135 union samr_UserInfo u;
136 struct policy_handle handle;
137 uint32_t access_granted;
139 DATA_BLOB session_key;
140 struct lsa_String name;
142 int policy_min_pw_len = 0;
143 struct test_join *join;
145 const char *dc_binding = torture_setting_string(torture, "dc_binding", NULL);
146 struct dcerpc_binding_handle *b = NULL;
148 join = talloc(NULL, struct test_join);
155 printf("Connecting to SAMR\n");
158 status = dcerpc_pipe_connect(join,
162 cmdline_credentials, NULL, torture->lp_ctx);
165 status = torture_rpc_connection(torture,
169 if (!NT_STATUS_IS_OK(status)) {
172 b = join->p->binding_handle;
174 c.in.system_name = NULL;
175 c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
176 c.out.connect_handle = &handle;
178 status = dcerpc_samr_Connect_r(b, join, &c);
179 if (!NT_STATUS_IS_OK(status)) {
180 const char *errstr = nt_errstr(status);
181 printf("samr_Connect failed - %s\n", errstr);
184 if (!NT_STATUS_IS_OK(c.out.result)) {
185 const char *errstr = nt_errstr(c.out.result);
186 printf("samr_Connect failed - %s\n", errstr);
191 printf("Opening domain %s\n", domain);
193 name.string = domain;
194 l.in.connect_handle = &handle;
195 l.in.domain_name = &name;
198 status = dcerpc_samr_LookupDomain_r(b, join, &l);
199 if (!NT_STATUS_IS_OK(status)) {
200 printf("LookupDomain failed - %s\n", nt_errstr(status));
203 if (!NT_STATUS_IS_OK(l.out.result)) {
204 printf("LookupDomain failed - %s\n", nt_errstr(l.out.result));
208 struct samr_EnumDomains e;
209 uint32_t resume_handle = 0, num_entries;
210 struct samr_SamArray *sam;
213 e.in.connect_handle = &handle;
214 e.in.buf_size = (uint32_t)-1;
215 e.in.resume_handle = &resume_handle;
217 e.out.num_entries = &num_entries;
218 e.out.resume_handle = &resume_handle;
220 status = dcerpc_samr_EnumDomains_r(b, join, &e);
221 if (!NT_STATUS_IS_OK(status)) {
222 printf("EnumDomains failed - %s\n", nt_errstr(status));
225 if (!NT_STATUS_IS_OK(e.out.result)) {
226 printf("EnumDomains failed - %s\n", nt_errstr(e.out.result));
229 if ((num_entries != 2) || (sam && sam->count != 2)) {
230 printf("unexpected number of domains\n");
233 for (i=0; i < 2; i++) {
234 if (!strequal(sam->entries[i].name.string, "builtin")) {
235 domain = sam->entries[i].name.string;
240 printf("Opening domain %s\n", domain);
242 name.string = domain;
243 l.in.connect_handle = &handle;
244 l.in.domain_name = &name;
247 status = dcerpc_samr_LookupDomain_r(b, join, &l);
248 if (!NT_STATUS_IS_OK(status)) {
249 printf("LookupDomain failed - %s\n", nt_errstr(status));
252 if (!NT_STATUS_IS_OK(l.out.result)) {
253 printf("LookupDomain failed - %s\n", nt_errstr(l.out.result));
257 printf("cannot proceed without domain name\n");
262 talloc_steal(join, *l.out.sid);
263 join->dom_sid = *l.out.sid;
264 join->dom_netbios_name = talloc_strdup(join, domain);
265 if (!join->dom_netbios_name) goto failed;
267 o.in.connect_handle = &handle;
268 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
269 o.in.sid = *l.out.sid;
270 o.out.domain_handle = &join->domain_handle;
272 status = dcerpc_samr_OpenDomain_r(b, join, &o);
273 if (!NT_STATUS_IS_OK(status)) {
274 printf("OpenDomain failed - %s\n", nt_errstr(status));
277 if (!NT_STATUS_IS_OK(o.out.result)) {
278 printf("OpenDomain failed - %s\n", nt_errstr(o.out.result));
282 printf("Creating account %s\n", username);
285 name.string = username;
286 r.in.domain_handle = &join->domain_handle;
287 r.in.account_name = &name;
288 r.in.acct_flags = acct_type;
289 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
290 r.out.user_handle = &join->user_handle;
291 r.out.access_granted = &access_granted;
294 status = dcerpc_samr_CreateUser2_r(b, join, &r);
295 if (!NT_STATUS_IS_OK(status)) {
296 printf("CreateUser2 failed - %s\n", nt_errstr(status));
300 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_USER_EXISTS)) {
301 status = DeleteUser_byname(b, join, &join->domain_handle, name.string);
302 if (NT_STATUS_IS_OK(status)) {
307 if (!NT_STATUS_IS_OK(r.out.result)) {
308 printf("CreateUser2 failed - %s\n", nt_errstr(r.out.result));
312 join->user_sid = dom_sid_add_rid(join, join->dom_sid, rid);
314 pwp.in.user_handle = &join->user_handle;
315 pwp.out.info = &info;
317 status = dcerpc_samr_GetUserPwInfo_r(b, join, &pwp);
318 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(pwp.out.result)) {
319 policy_min_pw_len = pwp.out.info->min_password_length;
322 random_pw = generate_random_password(join, MAX(8, policy_min_pw_len), max_pw_len);
324 printf("Setting account password '%s'\n", random_pw);
327 s.in.user_handle = &join->user_handle;
331 encode_pw_buffer(u.info24.password.data, random_pw, STR_UNICODE);
332 u.info24.password_expired = 0;
334 status = dcerpc_fetch_session_key(join->p, &session_key);
335 if (!NT_STATUS_IS_OK(status)) {
336 printf("SetUserInfo level %u - no session key - %s\n",
337 s.in.level, nt_errstr(status));
338 torture_leave_domain(torture, join);
342 arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
344 status = dcerpc_samr_SetUserInfo_r(b, join, &s);
345 if (!NT_STATUS_IS_OK(status)) {
346 printf("SetUserInfo failed - %s\n", nt_errstr(status));
349 if (!NT_STATUS_IS_OK(s.out.result)) {
350 printf("SetUserInfo failed - %s\n", nt_errstr(s.out.result));
355 s.in.user_handle = &join->user_handle;
359 u.info21.acct_flags = acct_type | ACB_PWNOEXP;
360 u.info21.fields_present = SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_DESCRIPTION | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME;
362 u.info21.comment.string = talloc_asprintf(join,
363 "Tortured by Samba4: %s",
364 timestring(join, time(NULL)));
366 u.info21.full_name.string = talloc_asprintf(join,
367 "Torture account for Samba4: %s",
368 timestring(join, time(NULL)));
370 u.info21.description.string = talloc_asprintf(join,
371 "Samba4 torture account created by host %s: %s",
372 lpcfg_netbios_name(torture->lp_ctx),
373 timestring(join, time(NULL)));
375 printf("Resetting ACB flags, force pw change time\n");
377 status = dcerpc_samr_SetUserInfo_r(b, join, &s);
378 if (!NT_STATUS_IS_OK(status)) {
379 printf("SetUserInfo failed - %s\n", nt_errstr(status));
382 if (!NT_STATUS_IS_OK(s.out.result)) {
383 printf("SetUserInfo failed - %s\n", nt_errstr(s.out.result));
387 if (random_password) {
388 *random_password = random_pw;
394 torture_leave_domain(torture, join);
399 * Set privileges on an account.
402 static void init_lsa_StringLarge(struct lsa_StringLarge *name, const char *s)
406 static void init_lsa_String(struct lsa_String *name, const char *s)
411 bool torture_setup_privs(struct torture_context *tctx,
412 struct dcerpc_pipe *p,
415 const struct dom_sid *user_sid)
417 struct dcerpc_binding_handle *b = p->binding_handle;
418 struct policy_handle *handle;
422 test_lsa_OpenPolicy2(b, tctx, &handle),
423 "failed to open policy");
425 for (i=0; i < num_privs; i++) {
426 struct lsa_LookupPrivValue r;
427 struct lsa_LUID luid;
428 struct lsa_String name;
430 init_lsa_String(&name, privs[i]);
432 r.in.handle = handle;
436 torture_assert_ntstatus_ok(tctx,
437 dcerpc_lsa_LookupPrivValue_r(b, tctx, &r),
438 "lsa_LookupPrivValue failed");
439 if (!NT_STATUS_IS_OK(r.out.result)) {
440 torture_comment(tctx, "lsa_LookupPrivValue failed for '%s' with %s\n",
441 privs[i], nt_errstr(r.out.result));
447 struct lsa_AddAccountRights r;
448 struct lsa_RightSet rights;
450 rights.count = num_privs;
451 rights.names = talloc_zero_array(tctx, struct lsa_StringLarge, rights.count);
452 for (i=0; i < rights.count; i++) {
453 init_lsa_StringLarge(&rights.names[i], privs[i]);
456 r.in.handle = handle;
457 r.in.sid = discard_const_p(struct dom_sid, user_sid);
458 r.in.rights = &rights;
460 torture_assert_ntstatus_ok(tctx,
461 dcerpc_lsa_AddAccountRights_r(b, tctx, &r),
462 "lsa_AddAccountRights failed");
463 torture_assert_ntstatus_ok(tctx, r.out.result,
464 "lsa_AddAccountRights failed");
467 test_lsa_Close(b, tctx, handle);
472 struct test_join *torture_create_testuser(struct torture_context *torture,
473 const char *username,
476 const char **random_password)
478 return torture_create_testuser_max_pwlen(torture, username, domain, acct_type, random_password, 255);
481 NTSTATUS torture_delete_testuser(struct torture_context *torture,
482 struct test_join *join,
483 const char *username)
487 status = DeleteUser_byname(join->p->binding_handle,
489 &join->domain_handle,
495 _PUBLIC_ struct test_join *torture_join_domain(struct torture_context *tctx,
496 const char *machine_name,
498 struct cli_credentials **machine_credentials)
501 struct libnet_context *libnet_ctx;
502 struct libnet_JoinDomain *libnet_r;
503 struct test_join *tj;
504 struct samr_SetUserInfo s;
505 union samr_UserInfo u;
507 tj = talloc_zero(tctx, struct test_join);
508 if (!tj) return NULL;
510 libnet_r = talloc_zero(tj, struct libnet_JoinDomain);
516 libnet_ctx = libnet_context_init(tctx->ev, tctx->lp_ctx);
522 tj->libnet_r = libnet_r;
524 libnet_ctx->cred = cmdline_credentials;
525 libnet_r->in.binding = torture_setting_string(tctx, "binding", NULL);
526 if (!libnet_r->in.binding) {
527 libnet_r->in.binding = talloc_asprintf(libnet_r, "ncacn_np:%s", torture_setting_string(tctx, "host", NULL));
529 libnet_r->in.level = LIBNET_JOINDOMAIN_SPECIFIED;
530 libnet_r->in.netbios_name = machine_name;
531 libnet_r->in.account_name = talloc_asprintf(libnet_r, "%s$", machine_name);
532 if (!libnet_r->in.account_name) {
537 libnet_r->in.acct_type = acct_flags;
538 libnet_r->in.recreate_account = true;
540 status = libnet_JoinDomain(libnet_ctx, libnet_r, libnet_r);
541 if (!NT_STATUS_IS_OK(status)) {
542 if (libnet_r->out.error_string) {
543 DEBUG(0, ("Domain join failed - %s\n", libnet_r->out.error_string));
545 DEBUG(0, ("Domain join failed - %s\n", nt_errstr(status)));
550 tj->p = libnet_r->out.samr_pipe;
551 tj->user_handle = *libnet_r->out.user_handle;
552 tj->dom_sid = libnet_r->out.domain_sid;
553 talloc_steal(tj, libnet_r->out.domain_sid);
554 tj->dom_netbios_name = libnet_r->out.domain_name;
555 talloc_steal(tj, libnet_r->out.domain_name);
556 tj->dom_dns_name = libnet_r->out.realm;
557 talloc_steal(tj, libnet_r->out.realm);
558 tj->user_guid = libnet_r->out.account_guid;
559 tj->netbios_name = talloc_strdup(tj, machine_name);
560 if (!tj->netbios_name) {
566 s.in.user_handle = &tj->user_handle;
570 u.info21.fields_present = SAMR_FIELD_DESCRIPTION | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME;
571 u.info21.comment.string = talloc_asprintf(tj,
572 "Tortured by Samba4: %s",
573 timestring(tj, time(NULL)));
574 u.info21.full_name.string = talloc_asprintf(tj,
575 "Torture account for Samba4: %s",
576 timestring(tj, time(NULL)));
578 u.info21.description.string = talloc_asprintf(tj,
579 "Samba4 torture account created by host %s: %s",
580 lpcfg_netbios_name(tctx->lp_ctx), timestring(tj, time(NULL)));
582 status = dcerpc_samr_SetUserInfo_r(tj->p->binding_handle, tj, &s);
583 if (!NT_STATUS_IS_OK(status)) {
584 printf("SetUserInfo (non-critical) failed - %s\n", nt_errstr(status));
586 if (!NT_STATUS_IS_OK(s.out.result)) {
587 printf("SetUserInfo (non-critical) failed - %s\n", nt_errstr(s.out.result));
590 *machine_credentials = cli_credentials_init(tj);
591 cli_credentials_set_conf(*machine_credentials, tctx->lp_ctx);
592 cli_credentials_set_workstation(*machine_credentials, machine_name, CRED_SPECIFIED);
593 cli_credentials_set_domain(*machine_credentials, libnet_r->out.domain_name, CRED_SPECIFIED);
594 if (libnet_r->out.realm) {
595 cli_credentials_set_realm(*machine_credentials, libnet_r->out.realm, CRED_SPECIFIED);
597 cli_credentials_set_username(*machine_credentials, libnet_r->in.account_name, CRED_SPECIFIED);
598 cli_credentials_set_password(*machine_credentials, libnet_r->out.join_password, CRED_SPECIFIED);
599 cli_credentials_set_kvno(*machine_credentials, libnet_r->out.kvno);
600 if (acct_flags & ACB_SVRTRUST) {
601 cli_credentials_set_secure_channel_type(*machine_credentials,
603 } else if (acct_flags & ACB_WSTRUST) {
604 cli_credentials_set_secure_channel_type(*machine_credentials,
607 DEBUG(0, ("Invalid account type specificed to torture_join_domain\n"));
608 talloc_free(*machine_credentials);
615 struct dcerpc_pipe *torture_join_samr_pipe(struct test_join *join)
620 struct policy_handle *torture_join_samr_user_policy(struct test_join *join)
622 return &join->user_handle;
625 static NTSTATUS torture_leave_ads_domain(struct torture_context *torture,
627 struct libnet_JoinDomain *libnet_r)
632 struct ldb_dn *server_dn;
633 struct ldb_context *ldb_ctx;
635 char *remote_ldb_url;
637 /* Check if we are a domain controller. If not, exit. */
638 if (!libnet_r->out.server_dn_str) {
642 tmp_ctx = talloc_named(mem_ctx, 0, "torture_leave temporary context");
644 libnet_r->out.error_string = NULL;
645 return NT_STATUS_NO_MEMORY;
648 ldb_ctx = ldb_init(tmp_ctx, torture->ev);
650 libnet_r->out.error_string = NULL;
651 talloc_free(tmp_ctx);
652 return NT_STATUS_NO_MEMORY;
655 /* Remove CN=Servers,... entry from the AD. */
656 server_dn = ldb_dn_new(tmp_ctx, ldb_ctx, libnet_r->out.server_dn_str);
657 if (! ldb_dn_validate(server_dn)) {
658 libnet_r->out.error_string = NULL;
659 talloc_free(tmp_ctx);
660 return NT_STATUS_NO_MEMORY;
663 remote_ldb_url = talloc_asprintf(tmp_ctx, "ldap://%s",
664 dcerpc_binding_get_string_option(libnet_r->out.samr_binding, "host"));
665 if (!remote_ldb_url) {
666 libnet_r->out.error_string = NULL;
667 talloc_free(tmp_ctx);
668 return NT_STATUS_NO_MEMORY;
671 ldb_set_opaque(ldb_ctx, "credentials", cmdline_credentials);
672 ldb_set_opaque(ldb_ctx, "loadparm", cmdline_lp_ctx);
674 rtn = ldb_connect(ldb_ctx, remote_ldb_url, 0, NULL);
675 if (rtn != LDB_SUCCESS) {
676 libnet_r->out.error_string = NULL;
677 talloc_free(tmp_ctx);
678 return NT_STATUS_UNSUCCESSFUL;
681 rtn = ldb_delete(ldb_ctx, server_dn);
682 if (rtn != LDB_SUCCESS) {
683 libnet_r->out.error_string = NULL;
684 talloc_free(tmp_ctx);
685 return NT_STATUS_UNSUCCESSFUL;
688 DEBUG(0, ("%s removed successfully.\n", libnet_r->out.server_dn_str));
690 talloc_free(tmp_ctx);
695 leave the domain, deleting the machine acct
698 _PUBLIC_ void torture_leave_domain(struct torture_context *torture, struct test_join *join)
700 struct samr_DeleteUser d;
706 d.in.user_handle = &join->user_handle;
707 d.out.user_handle = &join->user_handle;
709 /* Delete machine account */
710 status = dcerpc_samr_DeleteUser_r(join->p->binding_handle, join, &d);
711 if (!NT_STATUS_IS_OK(status)) {
712 printf("DeleteUser failed\n");
714 if (!NT_STATUS_IS_OK(d.out.result)) {
715 printf("Delete of machine account %s failed\n",
718 printf("Delete of machine account %s was successful.\n",
722 if (join->libnet_r) {
723 status = torture_leave_ads_domain(torture, join, join->libnet_r);
730 return the dom sid for a test join
732 _PUBLIC_ const struct dom_sid *torture_join_sid(struct test_join *join)
734 return join->dom_sid;
737 const struct dom_sid *torture_join_user_sid(struct test_join *join)
739 return join->user_sid;
742 const char *torture_join_netbios_name(struct test_join *join)
744 return join->netbios_name;
747 const struct GUID *torture_join_user_guid(struct test_join *join)
749 return &join->user_guid;
752 const char *torture_join_dom_netbios_name(struct test_join *join)
754 return join->dom_netbios_name;
757 const char *torture_join_dom_dns_name(struct test_join *join)
759 return join->dom_dns_name;
762 const char *torture_join_server_dn_str(struct test_join *join)
764 if (join->libnet_r) {
765 return join->libnet_r->out.server_dn_str;
771 #if 0 /* Left as the documentation of the join process, but see new implementation in libnet_become_dc.c */
772 struct test_join_ads_dc {
773 struct test_join *join;
776 struct test_join_ads_dc *torture_join_domain_ads_dc(const char *machine_name,
778 struct cli_credentials **machine_credentials)
780 struct test_join_ads_dc *join;
782 join = talloc(NULL, struct test_join_ads_dc);
787 join->join = torture_join_domain(machine_name,
789 machine_credentials);
796 /* W2K: modify userAccountControl from 4096 to 532480 */
798 /* W2K: modify RDN to OU=Domain Controllers and skip the $ from server name */
800 /* ask objectVersion of Schema Partition */
802 /* ask rIDManagerReferenz of the Domain Partition */
804 /* ask fsMORoleOwner of the RID-Manager$ object
805 * returns CN=NTDS Settings,CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ...
808 /* ask for dnsHostName of CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ... */
810 /* ask for objectGUID of CN=NTDS Settings,CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ... */
812 /* ask for * of CN=Default-First-Site-Name, ... */
814 /* search (&(|(objectClass=user)(objectClass=computer))(sAMAccountName=<machine_name>$)) in Domain Partition
815 * attributes : distinguishedName, userAccountControl
818 /* ask * for CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
819 * should fail with noSuchObject
822 /* add CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
824 * objectClass = server
825 * systemFlags = 50000000
826 * serverReferenz = CN=<machine_name>,OU=Domain Controllers,...
829 /* ask for * of CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ...
830 * should fail with noSuchObject
833 /* search for (ncname=<domain_nc>) in CN=Partitions,CN=Configuration,...
834 * attributes: ncName, dnsRoot
837 /* modify add CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
838 * serverReferenz = CN=<machine_name>,OU=Domain Controllers,...
839 * should fail with attributeOrValueExists
842 /* modify replace CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
843 * serverReferenz = CN=<machine_name>,OU=Domain Controllers,...
846 /* DsAddEntry to create the CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ...
850 /* replicate CN=Schema,CN=Configuration,...
851 * using DRSUAPI_DS_BIND_GUID_W2K ("6abec3d1-3054-41c8-a362-5a0c5b7d5d71")
855 /* replicate CN=Configuration,...
856 * using DRSUAPI_DS_BIND_GUID_W2K ("6abec3d1-3054-41c8-a362-5a0c5b7d5d71")
860 /* replicate Domain Partition
861 * using DRSUAPI_DS_BIND_GUID_W2K ("6abec3d1-3054-41c8-a362-5a0c5b7d5d71")
865 /* call DsReplicaUpdateRefs() for all partitions like this:
866 * req1: struct drsuapi_DsReplicaUpdateRefsRequest1
868 * naming_context: struct drsuapi_DsReplicaObjectIdentifier
869 * __ndr_size : 0x000000ae (174)
870 * __ndr_size_sid : 0x00000000 (0)
871 * guid : 00000000-0000-0000-0000-000000000000
873 * dn : 'CN=Schema,CN=Configuration,DC=w2k3,DC=vmnet1,DC=vm,DC=base'
874 * dest_dsa_dns_name : *
875 * dest_dsa_dns_name : '4a0df188-a0b8-47ea-bbe5-e614723f16dd._msdcs.w2k3.vmnet1.vm.base'
876 * dest_dsa_guid : 4a0df188-a0b8-47ea-bbe5-e614723f16dd
877 * options : 0x0000001c (28)
878 * 0: DRSUAPI_DS_REPLICA_UPDATE_ASYNCHRONOUS_OPERATION
879 * 0: DRSUAPI_DS_REPLICA_UPDATE_WRITEABLE
880 * 1: DRSUAPI_DS_REPLICA_UPDATE_ADD_REFERENCE
881 * 1: DRSUAPI_DS_REPLICA_UPDATE_DELETE_REFERENCE
882 * 1: DRSUAPI_DS_REPLICA_UPDATE_0x00000010
884 * 4a0df188-a0b8-47ea-bbe5-e614723f16dd is the objectGUID the DsAddEntry() returned for the
885 * CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ...
888 /* W2K3: see libnet/libnet_become_dc.c */
git.samba.org / samba.git / blob