3.1.9 Domain Controller Time Source Initialization

The client initializes the Trusted Domain abstract data model element by calling the NetrLogonGetTimeServiceParentDomain method (as specified in [MS-NRPC] section 3.5.4.8.6) with the following input parameters:

• ServerName MUST be set to NULL.

Upon successful completion, the output parameter DomainName contains the name of a trusted domain in which a secure connection can be established between the client and server.

The client initializes the RID element by calling the NetrLogonGetTrustRid method (as specified in [MS-NRPC] section 3.5.4.8.1) with the following input parameters:

• ServerName MUST be set to NULL.

• DomainName MUST be set to the value of the Trusted Domain element.

Upon successful completion, the output parameter Rid contains the RID that uniquely identifies a trusted account.

The client initializes the IsLastIncomingResponseAuthenticated abstract data model element to true and initializes the Key Selector abstract data model element to zero. If the selected DC has a DC functional level of DS_BEHAVIOR_WIN2012 or greater (as specified in [MS-ADTS] section 6.1.4.2), then the ExtendedAuthenticatorSupported ADM element MUST be set to true; otherwise it MUST be set to false.<17>