3.1.1.5.4.1.2 Constraints

  • Article

For originating updates, the following constraints MUST be satisfied for the Modify DN operation. These constraints are not enforced for replicated updates.

  • DeleteOldRDN = TRUE. Otherwise, the server returns the error unwillingToPerform / ERROR_INVALID_PARAMETER.

  • OldDN ≠ NULL. Otherwise, the server returns the error noSuchObject / ERROR_DS_OBJ_NOT_FOUND.

  • NewRDN ≠ NULL. Otherwise, the server returns the error protocolError / ERROR_INVALID_PARAMETER.

  • All naming constraints on NewRDN MUST be satisfied. This is explained in section 3.1.1.3.1.2.

  • O is present. Otherwise, the server returns the error noSuchObject / ERROR_DS_OBJ_NOT_FOUND.

  • NP is present. Otherwise, the server returns the error other / ERROR_DS_NO_PARENT_OBJECT.

  • Both O and NP MUST be within the same NC Replica. Otherwise, the server returns the error unwillingToPerform / ERROR_DS_ILLEGAL_MOD_OPERATION.

  • NP is not equal to O or a descendant of O. If it is, then the server returns unwillingToPerform / ERROR_DS_ILLEGAL_MOD_OPERATION.

  • (O is in the System container) if and only if (NP is the System container or an object inside the System container). Otherwise, the server returns the error other / ERROR_DS_UNWILLING_TO_PERFORM if the DC functional level is DS_BEHAVIOR_WIN2000, and the error other / ERROR_DS_DISALLOWED_IN_SYSTEM_CONTAINER if the DC functional level is DS_BEHAVIOR_WIN2003 or greater.

  • O is not an LSA-specific object (section 3.1.1.5.2.3). Otherwise, the server returns the error unwillingToPerform / ERROR_DS_ILLEGAL_MOD_OPERATION.

  • O!isDeleted ≠ TRUE. Otherwise, the server returns the error unwillingToPerform / ERROR_DS_ILLEGAL_MOD_OPERATION.

  • O MUST not be NC root. Otherwise, the server returns the error unwillingToPerform / ERROR_DS_ILLEGAL_MOD_OPERATION if the DC functional level is DS_BEHAVIOR_WIN2000, and unwillingToPerform / ERROR_DS_MODIFYDN_DISALLOWED_BY_INSTANCE_TYPE if the DC functional level is DS_BEHAVIOR_WIN2003 or greater.

  • If (O is in config NC) and (operation is rename), then (O!systemFlags & FLAG_CONFIG_ALLOW_RENAME ≠ 0). Otherwise, the server returns the error unwillingToPerform / ERROR_DS_ILLEGAL_MOD_OPERATION if the DC functional level is DS_BEHAVIOR_WIN2000, and unwillingToPerform / ERROR_DS_MODIFYDN_DISALLOWED_BY_FLAG if the DC functional level is DS_BEHAVIOR_WIN2003 or greater.

  • If (O is in config NC) and (operation is move), then either (O!systemFlags & FLAG_CONFIG_ALLOW_MOVE ≠ 0) or ((((O!parent)!parent)!parent before and after move is the same) and (O!systemFlags & FLAG_CONFIG_ALLOW_LIMITED_MOVE ≠ 0)). Otherwise, the server returns the error unwillingToPerform / ERROR_DS_MODIFYDN_DISALLOWED_BY_FLAG. The FLAG_CONFIG_ALLOW_LIMITED_MOVE flag is used to move server objects between site containers.

  • If (operation is move) and (O is in schema NC), then the server returns the error unwillingToPerform / ERROR_DS_ILLEGAL_MOD_OPERATION if the DC functional level is DS_BEHAVIOR_WIN2000, and unwillingToPerform / ERROR_DS_NO_OBJECT_MOVE_IN_SCHEMA_NC if the DC functional level is DS_BEHAVIOR_WIN2003 or greater.

  • If (O is a classSchema object) or (O is an attributeSchema object), then (O!systemFlags & FLAG_SCHEMA_BASE_OBJECT = 0). Otherwise, if the fschemaUpgradeInProgress field is FALSE on the LDAPConnection instance in dc.ldapConnections ([MS-DRSR] section 5.116) corresponding to the LDAP connection on which the operation is being performed then the server returns the error unwillingToPerform / ERROR_DS_ILLEGAL_BASE_SCHEMA_MOD.

  • If (O is in domain or schema NCs) and (operation is rename) and (attribute O!systemFlags is present), then (O!systemFlags & FLAG_DOMAIN_DISALLOW_RENAME = 0). Otherwise, the server returns the error unwillingToPerform / ERROR_DS_MODIFYDN_DISALLOWED_BY_FLAG.

  • If (O is in domain NC) and (operation is move) and (attribute O!systemFlags is present), then (O!systemFlags & FLAG_DOMAIN_DISALLOW_MOVE = 0). Otherwise, the server returns the error unwillingToPerform / ERROR_DS_ILLEGAL_MOD_OPERATION if the DC functional level is DS_BEHAVIOR_WIN2000, and unwillingToPerform / ERROR_DS_MODIFYDN_DISALLOWED_BY_FLAG if the DC functional level is DS_BEHAVIOR_WIN2003 or greater.

  • The object class of O MUST satisfy the possSuperiors schema constraint for the objectClass of NP. Schema constraints are explained in Restrictions on schema extensions in section 3.1.1.2.

  • There exists no object CC such that CC!parent = NP, CC!name = O!name, and CCO. Otherwise, the server returns the error entryAlreadyExists / ERROR_DS_OBJ_STRING_NAME_EXISTS.