3.1.1.6.2 Reference Update

msdn link

References

• Variable: dsname

• LDAP attributes: dNReferenceUpdate.

• LDAP classes: infrastructureUpdate.

• Glossary terms: dsname, Infrastructure FSMO master, NC replica, tombstone, GC.

• IDL_DRSVerifyNames method: see [MS-DRSR] section 4.1.27.

• Well-known Objects

In AD DS, attributes of attribute syntax Object (DS-DN), Object(DN-String), Object(DN-Binary), Object(Access-Point) and Object(OR-Name) can have attribute values that reference objects in an NC for which no NC replica is present on the server. The server does not get a replicated update when an object in the NC replica not present on the server is modified or deleted. In such a case, references to such objects will remain to an old dsname on the server. In order to update these kinds of references, a background task called reference update is run at regular intervals. By default, each reference is examined every two days.

The reference update task is not run on a Global Catalog.

If the Recycle Bin optional feature is not enabled and the Infrastructure FSMO master is not a global catalog, then the reference update task is run only on the Infrastructure FSMO master.

If the Recycle Bin optional feature is enabled, every DC that is not also a global catalog runs the reference update task.

The reference update task does processing as follows:

For each object P in each NC replica on the server do the following:

• Let S be the set of all attributes of P with attribute syntax Object(DS-DN), Object(DN-String), Object(DN-Binary), Object(OR-Name) and Object(Access-Point).

• For each attribute A in set S and for each value V of A do the following:

  • If there exists an object with dsname V in any NC replica on this DC, then skip this value V.

  • If attribute syntax of A is Object(DS-DN) then let G be P.A.V.guid_value. Let D be P.A.V.dn.

  • Otherwise, let G be P.A.V.object_DN.guid_value. Let D be P.A.object_DN.dn.

  • If the Recycle Bin optional feature is not enabled:

    • Retrieve the dsname N of object with objectGUID G from a GC by calling method IDL_DRSVerifyNames. IDL_DRSVerifyNames is explained in [MS-DRSR] section 4.1.27.

    • If N!name ≠ D then create an infrastructureUpdate object I in the well-known infrastructure update container (see section 6.1.1.4). Set I!dNReferenceUpdate to N. Delete I immediately to turn it to a tombstone.

      Creation of an infrastructureUpdate object K with attribute dNReferenceUpdate will trigger an update of all references to dsnames corresponding to K!dNReferenceUpdate, as explained in section 3.1.1.5.2.4.

  • If the Recycle Bin optional feature is enabled:

    • Retrieve the dsname N and the value Vgc of the isRecycled attribute of object with objectGUID G from a GC by calling method IDL_DRSVerifyNames. IDL_DRSVerifyNames is explained in [MS-DRSR] section 4.1.27.

    • If Vgc is TRUE and attribute A is a linked attribute, remove value V from attribute A. This removal is not replicated to any other DCs.

    • If N!name ≠ D then replace value V of attribute A with N!name. This replacement is not replicated to any other DCs.

    • If attribute A is a link value and the RDN of N!name is a delete-mangled RDN (see section 3.1.1.5.5), the value V is to be treated as a linked value to or from a deleted-object. That is, the value is not generally visible to LDAP clients unless the LDAP_SHOW_DEACTIVATED_LINK_OID control is used.

    • If attribute A is a link value and the RDN of N!name is not a delete-mangled RDN (see section 3.1.1.5.5), the value V is to be treated as a normal linked value. That is, the value is generally visible to LDAP clients.