Export (0) Print
Expand All

4.1.7.3 Server Behavior of the IDL_DRSFinishDemotion Method

Informative summary of behavior: The IDL_DRSFinishDemotion method either performs one or more steps toward the complete removal of a DC from an AD LDSforest, or it undoes the effects of the first phase of removal (performed by IDL_DRSInitDemotion).<15>

ULONG
IDL_DRSFinishDemotion(
    [in, ref] DRS_HANDLE hDrs,
    [in] DWORD dwInVersion,
    [in, ref, switch_is(dwInVersion)] 
        DRS_MSG_FINISH_DEMOTIONREQ* pmsgIn,
    [out, ref] DWORD *pdwOutVersion,
    [out, ref, switch_is(*pdwOutVersion)] 
        DRS_MSG_FINISH_DEMOTIONREPLY* pmsgOut
    )

msgIn: DRS_MSG_FINISH_DEMOTIONREQ_V1
msgOut: DRS_MSG_FINISH_DEMOTIONREPLY_V1
ret: DWORD
res: boolean

ValidateDRSInput(hDrs, 27)

if dwInVersion ≠ 1 then
  return ERROR_INVALID_PARAMETER
endif

if pmsgIn = null then
  return ERROR_INVALID_PARAMETER
endif

msgIn := pmsgIn^.V1
if DS_DEMOTE_OPT_FAIL_ON_UNKNOWN_OP in msgIn.dwOperations then
  /* unknown operation bit is set */
  return ERROR_INVALID_PARAMETER
endif
if DS_DEMOTE_UNREGISTER_SPNS in msgIn.dwOperations
    and msgIn.szScriptBase = null then
  /* szScriptBase must be specified when UNREGISTER_SPN is
   * requested */
  return ERROR_INVALID_PARAMETER
endif
if not IsMemberOfBuiltinAdminGroup() then
  /* only BA is allowed to demote an AD LDS service */
  return ERROR_DS_DRA_ACCESS_DENIED
endif

pdwOutVersion^ := 1
msgOut.dwOperationDone := 0
msgOut.dwOpFailed := 0
msgOut.dwOpError := ERROR_SUCCESS

if DS_DEMOTE_ROLLBACK_DEMOTE in msgIn.dwOperations then
  /* Begin operations corresponding to dwOperations value of DS_DEMOTE_ROLLBACK_DEMOTE */

  /* undo the effects of IDL_DRSInitDemotion */

  dc.fEnableUpdates := TRUE

  msgOut.dwOperationDone := 
      msgOut.dwOperationDone + {DS_DEMOTE_ROLLBACK_DEMOTE}    

  msgOut.dwOpError := ERROR_SUCCESS
  /* no other operations are allowed on rollback */
  /* End operations corresponding to dwOperations value of DS_DEMOTE_ROLLBACK_DEMOTE */

else
  if DS_DEMOTE_COMMIT_DEMOTE in msgIn.dwOperations then
  /* Begin operations corresponding to dwOperations value of DS_DEMOTE_COMMIT_DEMOTE */
    
    After this call to IDL_DRSFinishDemotion completes, the server should discontinue being a DC, which for AD LDS means stopping the MS-DRSR protocol, the MS-DSSP protocol, the LDAP protocol, and if they are already enabled also the MS-ADCAP protocol, the WS-Enumeration protocol, the WS-Transfer protocol, the MS-WSTIM protocol, the MS-WSDS protocol, and the MS-WSPELD protocol.  In addition, the state model, constraints and processing rules, and so on, in MS-ADTS should also be stopped.

      msgOut.dwOperationDone := 
        msgOut.dwOperationDone + {DS_DEMOTE_COMMIT_DEMOTE}
    
    msgOut.dwOpError := ERROR_SUCCESS
  /* End operations corresponding to dwOperations value of DS_DEMOTE_COMMIT_DEMOTE */
  endif
  if DS_DEMOTE_DELETE_CSMETA in msgIn.dwOperations then
  /* Begin operations corresponding to dwOperations value of DS_DEMOTE_DELETE_CSMETA */

    ret := RemoveADLDSServer()
    if ret = ERROR_SUCCESS then
      msgOut.dwOperationDone := 
        msgOut.dwOperationDone + {DS_DEMOTE_DELETE_CSMETA}
    else
      msgOut.dwOpFailed = 
        msgOut.dwOpFailed + {DS_DEMOTE_DELETE_CSMETA}
      if msgOut.dwOpError = ERROR_SUCCESS then
        msgOut.dwOpError := ret
      endif
    endif
  /* End operations corresponding to dwOperations value of DS_DEMOTE_DELETE_CSMETA */
  endif
  if DS_DEMOTE_UNREGISTER_SCPS in msgIn.dwOperations then
  /* Begin operations corresponding to dwOperations value of DS_DEMOTE_UNREGISTER_SCPS */
    ret := RemoveADLDSSCP()
    if ret = ERROR_SUCCESS then
      msgOut.dwOperationDone := 
        msgOut.dwOperationDone + {DS_DEMOTE_UNREGISTER_SCPS}
    else
      msgOut.dwOpFailed = 
        msgOut.dwOpFailed + {DS_DEMOTE_UNREGISTER_SCPS}
      if msgOut.dwOpError = ERROR_SUCCESS then
        msgOut.dwOpError := ret
      endif
    endif
  /* End operations corresponding to dwOperations value of DS_DEMOTE_UNREGISTER_SCPS */
  endif
  if DS_DEMOTE_UNREGISTER_SPNS in msgIn.dwOperations then
  /* Begin operations corresponding to dwOperations value of DS_DEMOTE_UNREGISTER_SPNS */
    res := RemoveADLDSSPNs(msgIn.szScriptBase)
    if res = TRUE then
      msgOut.dwOperationDone := 
        msgOut.dwOperationDone + {DS_DEMOTE_UNREGISTER_SPNS}
    else
      msgOut.dwOpFailed = 
        msgOut.dwOpFailed + {DS_DEMOTE_UNREGISTER_SPNS}
    endif
  /* End operations corresponding to dwOperations value of DS_DEMOTE_UNREGISTER_SPNS */
  endif
endif
pmsgOut^ := msgOut
pdwMsgOut^ := 1
return ERROR_SUCCESS
 
Show:
© 2015 Microsoft