Export (0) Print
Expand All

3.2.4.13.2 Domain Join Specific Message Processing

The following definitions are used in the specification of message processing that follows.

  • DomainNameString: A UnicodeUTF-8 string with the same properties specified for the parameter DomainNameParam.

  • DomainControllerString: A UTF-8 string that contains the name of a domain controller in the domain that the server is joining.

The following ordered statements describe the sequence of message-processing operations:

  1. If the NETSETUP_MACHINE_PWD_PASSED bit is set in Options, and the NETSETUP_JOIN_UNSECURE bit is not set in Options, the server MUST return ERROR_INVALID_PARAMETER. Otherwise, message processing continues.

  2. If the NETSETUP_MACHINE_PWD_PASSED bit is set in Options, and AccountName is not NULL, the server MUST return ERROR_INVALID_PARAMETER. Otherwise, message processing continues.

  3. If the NETSETUP_MACHINE_PWD_PASSED bit is set in Options, and either Password is NULL or the length of the PasswordString is zero, the server MUST return ERROR_PASSWORD_RESTRICTION. Otherwise, message processing continues.

  4. If the NETSETUP_MACHINE_PWD_PASSED bit is set in Options, the value of PasswordString MUST be copied to the value of ComputerPasswordString, and PasswordString MUST be set to NULL.

  5. If the server processing the message is already joined to a domain, and the NETSETUP_DOMAIN_JOIN_IF_JOINED bit is not set in Options, the server MUST return NERR_SetupAlreadyJoined. Otherwise, message processing continues.

  6. If DomainNameString contains the character "\", DomainNameString MUST be truncated such that the value of DomainNameString is equal to the substring of DomainNameString that ends prior to the first "\" character, and DomainControllerString MUST be equal to the substring beginning after the first "\" character. This is the name of the target domain controller as specified by the caller.

    The specified domain controller MUST be validated by invoking the DsrGetDcNameEx2 method ([MS-NRPC] section 3.5.4.3.1) on the DomainControllerString computer, specifying the following parameters:

    ComputerName = DomainControllerString

    AccountName = NULL

    AllowableAccountControlBits = 0

    DomainName = DomainNameString

    SiteName = 0

    Flags = B | J | R

    If the call succeeds and DomainControllerInfo->DomainControllerName matches DomainControllerString, execution continues at step 7.

    If the call fails, or the returned domain controller name does not match DomainControllerString, the server MUST invoke the DsrGetDcNameEx2 method ([MS-NRPC] section 3.5.4.3.1) on the DomainControllerString computer, specifying the following parameters:

    ComputerName = DomainControllerString

    AccountName = NULL

    AllowableAccountControlBits = 0

    DomainName = DomainNameString

    SiteName = 0

    Flags = B | J | S

    If the call fails, the server MUST stop message processing and return ERROR_NO_SUCH_DOMAIN. If the call succeeds and DomainControllerInfo->DomainControllerName matches DomainControllerString, execution continues at step 7. Otherwise, the server MUST stop message processing and return ERROR_INVALID_DOMAIN_ROLE.

  7. DomainNameString MUST be a validated domain name. The validation process is specified in section 3.2.4.16, where NameType is NetSetupDomain from the NETSETUP_NAME_TYPE (section 2.2.3.2) enumeration. If this validation fails, the server MUST stop message processing and return the error specified in the validation process.

  8. If ComputerNameNetBIOS is identical to DomainNameString, the server MUST return ERROR_INVALID_DOMAINNAME. Otherwise, message processing continues.

  9. If the NETSETUP_ACCT_CREATE bit is not set in Options, and the machine account does not exist in the domain, the server MUST return an implementation specific error.

  10. The server MUST apply all state changes specified in [MS-DISO] for the appropriate task. This SHOULD be accomplished by invoking the task with Options input parameters specified as follows:

    Options

    Task

    If the NETSETUP_JOIN_UNSECURE bit is not set.

    Join a domain by creating an Account via LDAP, as specified in [MS-DISO] section 8,<98> where:

    • TaskInputDomainName is DomainNameString.

    • TaskInputDomainController is DomainControllerString.

    • TaskInputDomainAdminAccount is the AccountName parameter to this method.

    • TaskInputDomainAdminPassword is PasswordString.

    If the NETSETUP_JOIN_UNSECURE bit is set.

    Join a domain using a predefined account as specified in [MS-DISO] section 6), where:

    • TaskInputDomainName is DomainNameString.

    • TaskInputDomainController is DomainControllerString.

  11. The server MUST stop impersonating the client by invoking the task StopImpersonatingClient (section 3.2.4.22.7).

If no errors occur, the server MUST return NERR_Success.

 
Show:
© 2014 Microsoft