1.5 Prerequisites/Preconditions

This protocol is an RPC interface and, as a result, has the prerequisites that [MS-RPCE] specifies as being common to RPC interfaces.

Netlogon replication uses the mailslot datagram delivery mechanism; therefore, it depends on this mailslot delivery mechanism being operational before Netlogon begins operation. For mailslot operational requirements, see [MS-MAIL] section 1.5. For more information about the mailslot delivery mechanism, see [MS-CIFS] section 2.2.4.33.

To use this protocol or to use Netlogon as a security support provider (SSP), a computer requires a shared secret (section 3.1.1) with the domain controller (DC).

The client of the secure channel is required to discover the DC to which it is establishing a secure channel. Thus, a domain member discovers a DC in its domain.

A BDC discovers the primary domain controller (PDC) in its domain. A DC discovers a DC for each of its trusted domains.

Upon establishing a secure channel, a client can call any of the methods of this protocol that require a secure channel. This requires both the client and the server to have a working RPC implementation, including the security extensions ([MS-RPCE] section 2.2.1.1.7). For a complete list of methods that require a secure channel, see section 3.5.

All methods of this protocol are RPC calls from the client to the server that perform the complete operation in a single call. No shared state between the client and server is assumed other than the security context that was previously established. There are no restrictions on the number of times that a method can be called or the order in which methods can be called, unless explicitly noted in sections 3.4 and 3.5.

The Netlogon Remote Protocol client and server can run only on domain-joined systems. This protocol is enabled or disabled during the domain join and unjoin tasks as described in [MS-ADOD] and specified in [MS-WKST] sections 3.2.4.12, 3.2.4.13, and 3.2.4.14.

Show: