3.4.5.4.1 Calling NetrDatabaseDeltas

The client calling this method MUST be a backup domain controller (BDC). It MUST do the following:

• Pass a valid PDC name as the PrimaryName parameter.

• Pass the client BDC name as the ComputerName parameter.

• Pass a valid client Netlogon authenticator as the Authenticator parameter.

• Pass a valid database identifier as the DatabaseID parameter as follows:

  • For the SAM database, the DatabaseID parameter MUST be 0x00000000.

  • For the SAM built-in database, the DatabaseID parameter MUST be 0x00000001.

  • For the LSA database, the DatabaseID parameter MUST be 0x00000002.

• Pass the value of the local database serial number as the DomainModifiedCount.

• Pass the preferred maximum length of data to be returned in the DeltaArray parameter as the PreferredMaximumLength parameter.

On receiving the STATUS_MORE_ENTRIES status code, the client continues calling this routine in a loop updating DomainModifiedCount until all missing database entries are received. On receiving the STATUS_SUCCESS status code, the client terminates the loop. The client MAY terminate the loop early without receiving all entries. For example, if the client chooses to do so on a system shutdown notification.

On receiving STATUS_ACCESS_DENIED, the client SHOULD<118> reestablish the secure channel with the domain controller.