Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The client calling this method MUST be a backup domain controller (BDC). The client MUST do the following:
Have a secure channel established with a domain controller in the domain identified by domain-name and pass its name as the ServerName parameter.
Pass a valid client Netlogon authenticator as the Authenticator parameter.
The client MUST decrypt the EncryptedNtOwfPassword return parameter that was encrypted (as specified in [MS-SAMR] section 2.2.11.1.1) with the Session-Key for the secure channel as the specified key.
After the method returns, the client MUST verify the ReturnAuthenticator, as defined in section 3.1.4.5.
On receiving STATUS_ACCESS_DENIED, the client SHOULD<104> reestablish the secure channel with the domain controller.