3.4.3 Initialization

  • Article

If the client is running on a member workstation, the client MUST initialize the LocatedDCsCache with one entry, as follows:

  • The client MUST attempt to locate a domain controller (DC) from the client's domain by performing the steps as specified in section 3.1.4.10 for the domain specified by the domain-name ADM element. If a DC is successfully located, the LocatedDCsCache is populated based on the resulting DomainControllerInfo structure.

  • If the client fails to locate a DC, the client ignores errors and MUST continue initialization.

If the client is running on a DC, the client MUST initialize the LocatedDCsCache for each domain trusted by the client DC, as follows:

  • The client MUST get a trusted domain list by performing the external behavior consistent with locally invoking the LsarEnumerateTrustedDomains method ([MS-LSAD] section 3.1.4.7.8).

    • The EnumerationContext parameter MUST be set to 0.

    • The PreferredMaximumLength parameter SHOULD<93> be set to 4096.

    • A policy handle is not needed locally.

  • The client MUST attempt to locate a DC (section 3.1.4.10) for each of the domain entries of the returned trusted domain list.

    • If the client fails when attempting to locate a DC for a domain entry in the trusted domain list, the client MUST ignore errors and continue to attempt to locate DCs for the remaining domain entries in the trusted domain list.

    • For each successfully located DC, the client MUST add an entry to the ServerSessionInfo table with the new entry's PrimaryName set to DOMAIN_CONTROLLER_INFOW.DomainControllerName and the new entry's DomainName set to DOMAIN_CONTROLLER_INFOW.DomainName.

  • For each located DC, the client MUST attempt to establish a session key with the located DC (section 3.1.4.10)

ServerSessionInfo MUST be empty.

ClientCapabilities are initialized in an implementation-specific way to reflect the capabilities that are offered by that client implementation. The client sets the value according to the bit field, defined as shown in Netlogon Negotiable Options (section 3.1.4.2). Bits C, G, I, J, K, L, O, P, R, S, T, V, W, and Y SHOULD<94> be set to 1 when a corresponding capability is supported by a given implementation. Bit U is set if the client is determined to be running on a domain controller (section 3.1.4.8). Other bits are not used and can be set to zero, but are ignored upon receipt.

RejectMD5Servers MUST be initialized to FALSE.

RequireSignOrSeal MUST<95> be initialized to TRUE.

RequireStrongKey SHOULD<96> be initialized to FALSE.

domain-name is a shared Abstract Data Model element with DomainName.NetBIOS in ([MS-WKST] section 3.2.1.6).

TrustPasswordVersion MUST be initialized to 0.