4.1.7.3 Server Behavior of the IDL_DRSFinishDemotion Method

Informative summary of behavior: The IDL_DRSFinishDemotion method either performs one or more steps toward the complete removal of a DC from an AD LDS forest, or it undoes the effects of the first phase of removal (performed by IDL_DRSInitDemotion).<16>

 ULONG
 IDL_DRSFinishDemotion(
     [in, ref] DRS_HANDLE hDrs,
     [in] DWORD dwInVersion,
     [in, ref, switch_is(dwInVersion)] 
         DRS_MSG_FINISH_DEMOTIONREQ* pmsgIn,
     [out, ref] DWORD *pdwOutVersion,
     [out, ref, switch_is(*pdwOutVersion)] 
         DRS_MSG_FINISH_DEMOTIONREPLY* pmsgOut
     )
  
 msgIn: DRS_MSG_FINISH_DEMOTIONREQ_V1
 msgOut: DRS_MSG_FINISH_DEMOTIONREPLY_V1
 ret: DWORD
 res: boolean
  
 ValidateDRSInput(hDrs, 27)
  
 if dwInVersion ≠ 1 then
   return ERROR_INVALID_PARAMETER
 endif
  
 if pmsgIn = null then
   return ERROR_INVALID_PARAMETER
 endif
  
 msgIn := pmsgIn^.V1
 if DS_DEMOTE_OPT_FAIL_ON_UNKNOWN_OP in msgIn.dwOperations then
   /* unknown operation bit is set */
   return ERROR_INVALID_PARAMETER
 endif
 if DS_DEMOTE_UNREGISTER_SPNS in msgIn.dwOperations
     and msgIn.szScriptBase = null then
   /* szScriptBase must be specified when UNREGISTER_SPN is
    * requested */
   return ERROR_INVALID_PARAMETER
 endif
 if not IsMemberOfBuiltinAdminGroup() then
   /* only BA is allowed to demote an AD LDS service */
   return ERROR_DS_DRA_ACCESS_DENIED
 endif
  
 pdwOutVersion^ := 1
 msgOut.dwOperationDone := 0
 msgOut.dwOpFailed := 0
 msgOut.dwOpError := ERROR_SUCCESS
  
 if DS_DEMOTE_ROLLBACK_DEMOTE in msgIn.dwOperations then
   /* Begin operations corresponding to dwOperations value of DS_DEMOTE_ROLLBACK_DEMOTE */
  
   /* undo the effects of IDL_DRSInitDemotion */
  
   dc.fEnableUpdates := TRUE
  
   msgOut.dwOperationDone := 
       msgOut.dwOperationDone + {DS_DEMOTE_ROLLBACK_DEMOTE}    
  
   msgOut.dwOpError := ERROR_SUCCESS
   /* no other operations are allowed on rollback */
   /* End operations corresponding to dwOperations value of DS_DEMOTE_ROLLBACK_DEMOTE */
  
 else
   if DS_DEMOTE_COMMIT_DEMOTE in msgIn.dwOperations then
   /* Begin operations corresponding to dwOperations value of DS_DEMOTE_COMMIT_DEMOTE */
     
     After this call to IDL_DRSFinishDemotion completes, the server must discontinue being a DC, which for AD LDS means stopping the MS-DRSR protocol, the MS-DSSP protocol, the LDAP protocol, and if they are already enabled also the MS-ADCAP protocol, the WS-Enumeration protocol, the WS-Transfer protocol, the MS-WSTIM protocol, the MS-WSDS protocol, and the MS-WSPELD protocol.  In addition, the state model, constraints and processing rules, and so on, in MS-ADTS must also be stopped.
  
       msgOut.dwOperationDone := 
         msgOut.dwOperationDone + {DS_DEMOTE_COMMIT_DEMOTE}
     
     msgOut.dwOpError := ERROR_SUCCESS
   /* End operations corresponding to dwOperations value of DS_DEMOTE_COMMIT_DEMOTE */
   endif
   if DS_DEMOTE_DELETE_CSMETA in msgIn.dwOperations then
   /* Begin operations corresponding to dwOperations value of DS_DEMOTE_DELETE_CSMETA */
  
     ret := RemoveADLDSServer()
     if ret = ERROR_SUCCESS then
       msgOut.dwOperationDone := 
         msgOut.dwOperationDone + {DS_DEMOTE_DELETE_CSMETA}
     else
       msgOut.dwOpFailed = 
         msgOut.dwOpFailed + {DS_DEMOTE_DELETE_CSMETA}
       if msgOut.dwOpError = ERROR_SUCCESS then
         msgOut.dwOpError := ret
       endif
     endif
   /* End operations corresponding to dwOperations value of DS_DEMOTE_DELETE_CSMETA */
   endif
   if DS_DEMOTE_UNREGISTER_SCPS in msgIn.dwOperations then
   /* Begin operations corresponding to dwOperations value of DS_DEMOTE_UNREGISTER_SCPS */
     ret := RemoveADLDSSCP()
     if ret = ERROR_SUCCESS then
       msgOut.dwOperationDone := 
         msgOut.dwOperationDone + {DS_DEMOTE_UNREGISTER_SCPS}
     else
       msgOut.dwOpFailed = 
         msgOut.dwOpFailed + {DS_DEMOTE_UNREGISTER_SCPS}
       if msgOut.dwOpError = ERROR_SUCCESS then
         msgOut.dwOpError := ret
       endif
     endif
   /* End operations corresponding to dwOperations value of DS_DEMOTE_UNREGISTER_SCPS */
   endif
   if DS_DEMOTE_UNREGISTER_SPNS in msgIn.dwOperations then
   /* Begin operations corresponding to dwOperations value of DS_DEMOTE_UNREGISTER_SPNS */
     res := RemoveADLDSSPNs(msgIn.szScriptBase)
     if res = TRUE then
       msgOut.dwOperationDone := 
         msgOut.dwOperationDone + {DS_DEMOTE_UNREGISTER_SPNS}
     else
       msgOut.dwOpFailed = 
         msgOut.dwOpFailed + {DS_DEMOTE_UNREGISTER_SPNS}
     endif
   /* End operations corresponding to dwOperations value of DS_DEMOTE_UNREGISTER_SPNS */
   endif
 endif
 pmsgOut^ := msgOut
 pdwMsgOut^ := 1
 return ERROR_SUCCESS
Show: