Calling NetrDatabaseDeltas

The client calling this method MUST be a BDC. It MUST do the following:

  • Pass a valid PDC name as the PrimaryName parameter.

  • Pass the client BDC name as the ComputerName parameter.

  • Pass a valid client Netlogon authenticator as the Authenticator parameter.

  • Pass a valid database identifier as the DatabaseID parameter as follows:

    • For the SAM database, the DatabaseID parameter MUST be 0x00000000.

    • For the SAM built-in database, the DatabaseID parameter MUST be 0x00000001.

    • For the LSA database, the DatabaseID parameter MUST be 0x00000002.

  • Pass the value of the local database serial number as the DomainModifiedCount.

  • Pass the preferred maximum length of data to be returned in the DeltaArray parameter as the PreferredMaximumLength parameter.

On receiving the STATUS_MORE_ENTRIES status code, the client SHOULD <139> continue calling this routine in a loop updating DomainModifiedCount until all missing database entries are received. On receiving the STATUS_SUCCESS status code, the client MUST terminate the loop. The client MAY terminate the loop early on without receiving all entries. For example, the client MAY choose to do so on a system shutdown notification.

On receiving STATUS_ACCESS_DENIED, the client SHOULD <140> reestablish the secure channel with the domain controller.