4.1.1.2.3 CreateNtdsDsa
-
procedure CreateNtdsDsa( hDrs: DRS_HANDLE, e: ENTINF, entList: ADDRESS OF ENTINFLIST, pmsgOut: ADDRESS OF DRS_MSG_ADDENTRYREPLY, ver: DWORD, info: ADDRESS OF ADDENTRY_REPLY_INFO): boolean
Informative summary of behavior: This procedure creates an nTDSDSA object.
-
domainName, domainCR, domain, cr, v, partitionsObj, sl, dsaObj: DSName accessAllowed: boolean dcfl, err: DWORD spn: unicodestring prefixTable: PrefixTable /* Only attributes and classed in the base schema can be specified.*/ prefixTable := NewPrefixTable() domainName := GetDomainNameFromEntinf(e) domainCR := select one v from ConfigNC() where v!nCName = domainName and crossRef in v!objectClass and FLAG_CR_NTDS_DOMAIN in v!systemFlags domain := select one v from all where v = domainName if domain ≠ null then /* Perform access check. */ accessAllowed := AccessCheckCAR(domain, DS-Replication-Manage-Topology) else /* Creating the domain crossRef in the same call is * allowed. The call will fail if the caller does not have right * to create the crossRef object. */ accessAllowed := IsDomainToBeCreated(entList, domain) endif if not accessAllowed then SetErrorData(SV_PROBLEM_DIR_ERROR, serviceError, ERROR_ACCESS_DENIED, pmsgOut, ver) return false endif correctOrder := DoAttributesSatisfyPreCheckForCreateNtdsDsa (entList) if not correctOrder then SetErrorData( SV_PROBLEM_DIR_ERROR, serviceError, ERROR_DS_NO_CROSSREF_FOR_NC, pmsgOut, ver) return false endif /* Check for the functional level compliance. The functional level * of a DC cannot be less than the functional level of the forest. * If the DC is not the first DC in is domain, its functional level * cannot be less than the functional level of its domain. */ dcfl := ENTINF_GetValue(e, msDS-Behavior-Version, prefixTable) if dcfl = null then dcfl := 0 endif if domain = DefaultNC() and dcfl < DefaultNC()!msDS-Behavior-Version then SetErrorData(SV_PROBLEM_WILL_NOT_PERFORM, serviceError, ERROR_DS_INCOMPATIBLE_VERSION, pmsgOut, ver) return false endif partitionsObj := DescendantObject(ConfigNC(), "CN=Partitions,") if dcfl < partitionsObj!msDS-Behavior-Version then SetErrorData(SV_PROBLEM_WILL_NOT_PERFORM, serviceError, ERROR_DS_INCOMPATIBLE_VERSION, pmsgOut, ver) return false endif /* serverReference attribute is not updated here; instead, it is used * to find the computer object of the DC so that the replication SPN * can be added to the DC's computer object. */ sl := ENTINF_GetValue(e, serverReference, prefixTable) ENTINF_SetValue(e, serverReference, null, prefixTable) /* Create the object in the system context; this is necessary to * avoid the system-only class constraint defined in the schema.*/ err := PerformAddOperationAsSystem(e, dsaObj, prefixTable) if err ≠ 0 then /* Pick up the error information PerformAddOperationAsSystem set.*/ SetErrorData(0, 0, 0, pmsgOut, ver) return false endif /* Find the computer object and update its SPN. */ if sl ≠ null then dcObj := select one v from subtree DefaultNC() where v = sl spn := ConstructReplSpn(domainCR!dnsHostName, dcObj.guid) dcObj!servicePrincipalName := dcObj!servicePrincipalName + {spn} endif /* Return the objectGUID of the new nTDSDSA object. */ info^.objGuid := dsaObj.guid return true