1.3.1 Methods Categorized by Function

The DRS Remote Protocol contains methods that are diverse in function and fall into the following categories:

  • Context handle methods: IDL_DRSBind, IDL_DRSUnbind. These methods create and destroy RPC context handles that maintain volatile state used by drsuapi methods. The dsaop methods do not use context handles.

  • Replication methods: IDL_DRSGetNCChanges, IDL_DRSReplicaSync, IDL_DRSReplicaVerifyObjects, IDL_DRSGetReplInfo. The IDL_DRSGetNCChanges method replicates directory changes from the server to the client. The IDL_DRSReplicaSync and IDL_DRSReplicaVerifyObjects methods cause the server to call IDL_DRSGetNCChanges on the client. The IDL_DRSGetReplInfo method is used to gather information about the replication state of the server.

  • Cross-domain move method: IDL_DRSInterDomainMove. This method is used in the server implementation of LDAP Modify DN when the DN modification moves an object from one domain NC to another.

  • Lookups: IDL_DRSVerifyNames, IDL_DRSCrackNames, IDL_DRSGetMemberships, IDL_DRSGetMemberships2. These methods perform specialized directory lookups. They are all used by a DC client; the IDL_DRSCrackNames method is commonly used by a non-DC client.

  • DC Locator support methods: IDL_DRSDomainControllerInfo, IDL_DRSQuerySitesByCost. These methods retrieve information about the domain controllers in a domain or forest and information about the cost of connections between different sites.

  • Windows NT 4.0 operating system Replication support method: IDL_DRSGetNT4ChangeLog. This method is used in the implementation of Active Directory support for replication to Windows NT 4.0 backup domain controllers (BDCs), specifically in the implementation of moving the PDC Emulator FSMO role from one DC to another without triggering a full sync of Windows NT 4.0 BDCs (see [MS-NRPC] section 3.6).

  • Knowledge Consistency Checker (KCC) support methods: IDL_DRSUpdateRefs, IDL_DRSReplicaAdd, IDL_DRSReplicaDel, IDL_DRSReplicaModify, IDL_DRSExecuteKCC. These methods are used by the KCC ([MS-ADTS] section 6.2) and by administrator tools to manage replication topology.

  • Administrator-tool support methods: IDL_DRSAddEntry, IDL_DRSAddSidHistory, IDL_DRSRemoveDsServer, IDL_DRSRemoveDsDomain, IDL_DRSGetObjectExistence, IDL_DSAPrepareScript, IDL_DSAExecuteScript, IDL_DRSWriteSPN, IDL_DRSInitDemotion, IDL_DRSFinishDemotion, IDL_DRSReplicaDemotion, IDL_DRSAddCloneDC. These methods are used by administrator tools to perform various specialized functions.

  • msDS-KeyCredentialLink attribute support methods: IDL_DRSWriteNgcKey, IDL_DRSReadNgcKey. These methods are used to create or query the msDS-KeyCredentialLink attribute on a computer account.

The specification of each method in section 4, includes an Informative summary of behavior that provides a detailed introduction to the method.

Show: