3.2.4.3.2 NetrDfsRemoveFtRoot (Opnum 11)

An application MUST determine the PDC of the domain of the DFS root target server that the ServerName parameter specifies.<145> If the ApiFlags parameter is not DFS_FORCE_REMOVE, the application MUST issue the RPC method to the DFS root target server that the ServerName parameter specifies; otherwise, the application MUST issue the RPC method to the PDC.

This method is supported only for a domainv1-based DFS namespace scenario. If a client application attempts to use it on a domainv2-based DFS namespace or target, the server MUST fail with a return value of ERROR_NOT_SUPPORTED.

If all prior steps succeeded without error, then the application MUST perform the following steps:

1. Invoke the NetrDfsSetDcAddress method to each server returned in the ppRootList parameter.<146>

2. Update the ACL on the object (as specified in section 2.3.3) of the DFS namespace to remove read/write access by the DFS root target server.

3. Remove the object itself if the remoteServerName attribute of the DFS namespace object (as specified in section 2.3.3) has exactly one value in it.

4. Call the NetrDfsFlushFtTable method on the PDC, specifying the DFS namespace name.