Export (0) Print
Expand All

6 Appendix A: Product Behavior

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include released service packs:

  • Windows 2000 Server operating system

  • Windows Server 2003 operating system

  • Windows Server 2008 operating system

  • Windows Server 2008 R2 operating system

  • Windows Server 2012 operating system

  • Windows Server 2012 R2 operating system

Exceptions, if any, are noted below. If a service pack or Quick Fix Engineering (QFE) number appears with the product version, behavior changed in that service pack or QFE. The new behavior also applies to subsequent service packs of the product unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms SHOULD or SHOULD NOT implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term MAY implies that the product does not follow the prescription.

<1> Section 2.2.1: FWD_PASSWORD_UPDATE_MSG is processed only by domain controllers running Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2. This message type is sent only by read-only domain controllers running Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2.

<2> Section 2.2.2: This bit is always set to one by the requestor and ignored by the responder. The associated message data in the OffsetLengthArray and Data fields contain a UTF-16 encoded string (which is also ignored by the responder). There is no benefit to the requestor sending this value (the UTF-16 encoded string represents the account name of the user); therefore, for the purposes of this specification, it has not been made mandatory.

<3> Section 2.2.2: The flags previously specified are supported in Windows as indicated in the following table. No flags have been deprecated.

Symbolic name

Available in

FLAG_LM_HASH

FLAG_NT_HASH

Windows 2000 Server

Windows Server 2003

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

FLAG_ACCOUNT_UNLOCKED

FLAG_MANUAL_PWD_EXPIRY

Windows 2000 Server SP3

Windows Server 2003

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

<4> Section 2.2.4: This message is processed only on domain controllers running Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2.

<5> Section 2.2.4: The flags specified are supported in Windows as indicated in the following table. No flags have been deprecated.

Symbolic name

Available in

FLAG_ACCOUNT_NAME

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

FLAG_CLEAR_TEXT_PASSWORD

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

<6> Section 2.2.7: This message is processed only on domain controllers running Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2.

<7> Section 3.2.4.5: The Windows implementation requires a writable domain controller running Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2. A definition of a writable domain controller is specified in [MS-ADTS]. The Windows implementation uses the domain controller locator service, as specified in [MS-ADTS], to locate the preferred domain controller.

<8> Section 3.2.4.5: The Windows implementation requires a writable domain controller running Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2. A definition of a writable domain controller is specified in [MS-ADTS]. The Windows implementation uses the domain controller locator service described in [MS-ADTS] to locate the preferred domain controller.

<9> Section 3.2.4.5: The Windows implementation attempts to replicate the change immediately from the target domain controller to the RODC as an optimization. A failure to replicate the changes is ignored by the RODC because standard Active Directory replication eventually replicates the change. Details are specified in [MS-DRSR] section 4.1.10 and section 4.1.10.1.3, the Replicate Single Object operation.

<10> Section 3.2.5: All status codes returned from the responder are ignored, unless otherwise stated.

<11> Section 3.3.5.2.2: Windows 2000 Server, Windows Server 2003, and Windows Server 2008 return STATUS_ACCESS_DENIED if either the responder is not the PDC or the requestor is an RODC.

<12> Section 3.3.5.2.2: Windows 2000 Server and Windows Server 2003 do not validate the syntactic correctness of messages, and the behavior for a malformed message is undefined.

<13> Section 3.3.5.2.2: Windows 2000 and Windows Server 2003 do not execute the replicate-single-object operation, and will only perform the password hash updates synchronously during message processing. If there is no object in the database that has an objectSid attribute value that corresponds to the value constructed by concatenating the Message.PasswordUpdate.Rid field with the configured domain SID, Windows 2000 and Windows Server 2003 will return STATUS_NO_SUCH_USER.

<14> Section 3.3.5.2.2: Windows 2000 Server and Windows Server 2003 do not perform this operation, and act as if it failed by following the steps after step 6.

<15> Section 3.3.5.3.2: Windows 2000 Server, Windows Server 2003, and Windows Server 2008 return STATUS_ACCESS_DENIED if either the responder is not the PDC or the requestor is an RODC.

<16> Section 3.3.5.4.2: Windows 2000 Server, Windows Server 2003, and Windows Server 2008 return STATUS_ACCESS_DENIED if the requestor is not an RODC.

<17> Section 3.3.5.4.2: Windows 2000 Server and Windows Server 2003 do not validate the syntactic correctness of messages, and the behavior for a malformed message is undefined.

<18> Section 3.3.5.4.2: Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 do not return an error if either FLAG_ACCOUNT_NAME or FLAG_CLEAR_TEXT_PASSWORD is not set.

<19> Section 3.3.5.4.2: Windows 2000 Server, Windows Server 2003, and Windows Server 2008 ignore the presence of any reserved flags and will continue processing.

<20> Section 3.3.5.6.2: Windows 2000 Server, Windows Server 2003, and Windows Server 2008 return STATUS_ACCESS_DENIED if the requestor is not an RODC.

<21> Section 3.3.5.6.2: Windows 2000 Server and Windows Server 2003 do not validate the syntactic correctness of messages, and the behavior for a malformed message is undefined.

<22> Section 3.3.5.6.2: Windows Server 2008 returns STATUS_SUCCESS without performing any of the updates specified in this section.

 
Show:
© 2014 Microsoft