3.4.6.1 Timer Expiry on domainControllerCacheTimer

This event occurs whenever the domainControllerCacheTimer expires.

If the client is a domain controller (DC), the client MUST get a trusted domain list by performing the external behavior consistent with locally invoking LsarEnumerateTrustedDomains ([MS-LSAD] section 3.1.4.7.8).

• The EnumerationContext parameter MUST be set to 0.

• The PreferredMaximumLength SHOULD<126> be set to 4096.

• A policy handle is not needed locally.

The client MUST attempt to locate a DC (section 3.1.4.10) for each of the domain entries of the returned trusted domain list.

• If the client fails when attempting to locate a DC for a domain entry in the trusted domain list, the client MUST ignore errors and continue to attempt to locate DCs for the remaining domain entries in the trusted domain list.

• For each successfully located DC: If the DomainControllerInfo.Flags has bit G set, and the ServerSessionInfo table's entry PrimaryName field whose DomainName field matches the DomainControllerInfo.DomainName field does not match the DomainControllerInfo.DomainControllerName field, the client MUST update the name in PrimaryName so that it matches DomainControllerInfo.DomainControllerName. The client also MUST attempt to establish a session key with the located DC (section 3.1.4.10).