3.3.5.4.2 Normative Specification

Upon receiving this message, the responder SHOULD<17> return STATUS_NOT_SUPPORTED if the requestor is not an RODC. Otherwise, the responder MUST process the data from the message subject to all of the following constraints. All of the following actions MUST be performed in the same transaction:

1. The responder SHOULD validate the integrity of the message with respect to embedded offsets and sizes. Responder implementations SHOULD return STATUS_INVALID_PARAMETER upon receiving malformed messages.<18>

2. If either FLAG_ACCOUNT_NAME or FLAG_CLEAR_TEXT_PASSWORD is not set, the responder SHOULD<19> return STATUS_REVISION_MISMATCH to the requestor.

3. If any reserved flag (marked as X in PasswordUpdateForward Request Message (section 2.2.4)) is set, the responder SHOULD return STATUS_REVISION_MISMATCH.<20>

4. If there is no object in the database that has a sAMAccountName attribute value that corresponds to the data value supplied in Message.PasswordUpdateForward.Data that is specified by the first array element in Message.PasswordUpdateForward.OffsetLengthArray, the responder MUST return STATUS_NOT_FOUND.

5. If the responder is not a writable NC replica in the same domain as the RODC, the responder MUST return an error.

6. If RODC is not allowed to cache credentials for the target user account, as specified in [MS-DRSR] section 4.1.10.5.15, the responder MUST return STATUS_ACCESS_DENIED.

7. The state changes for the password attributes in the database MUST be the same as those specified for clearTextPassword in [MS-SAMR].

8. If no errors occur during message processing, the responder MUST return STATUS_SUCCESS; otherwise, the responder MUST return an error code, as specified in section 2.2.9.

9. All updates MUST occur as originating updates.