18.104.22.168.2 Reference Update
LDAP attributes: dNReferenceUpdate.
LDAP classes: infrastructureUpdate.
In AD DS, attributes of attribute syntax Object (DS-DN), Object(DN-String), Object(DN-Binary), Object(Access-Point) and Object(OR-Name) can have attribute values that reference objects in an NC for which no NC replica is present on the server. The server does not get a replicated update when an object in the NC replica not present on the server is modified or deleted. In such a case, references to such objects will remain to an old dsname on the server. In order to update these kinds of references, a background task called reference update is run at regular intervals. By default, each reference is examined every two days.
The reference update task is not run on a Global Catalog.
If the Recycle Bin optional feature is enabled, every DC that is not also a global catalog runs the reference update task.
The reference update task does processing as follows:
For each object P in each NC replica on the server do the following:
Let S be the set of all attributes of P with attribute syntax Object(DS-DN), Object(DN-String), Object(DN-Binary), Object(OR-Name) and Object(Access-Point).
For each attribute A in set S and for each value V of A do the following:
If there exists an object with dsname V in any NC replica on this DC, then skip this value V.
If attribute syntax of A is Object(DS-DN) then let G be P.A.V.guid_value. Let D be P.A.V.dn.
Otherwise, let G be P.A.V.object_DN.guid_value. Let D be P.A.object_DN.dn.
If the Recycle Bin optional feature is not enabled:
Retrieve the dsname N of object with objectGUID G from a GC by calling method IDL_DRSVerifyNames. IDL_DRSVerifyNames is explained in [MS-DRSR] section 4.1.27.
If N!name ≠ D then create an infrastructureUpdate object I in the well-known infrastructure update container (see section 22.214.171.124). Set I!dNReferenceUpdate to N. Delete I immediately to turn it to a tombstone.
Creation of an infrastructureUpdate object K with attribute dNReferenceUpdate will trigger an update of all references to dsnames corresponding to K!dNReferenceUpdate, as explained in section 126.96.36.199.2.4.
If the Recycle Bin optional feature is enabled:
Retrieve the dsname N and the value Vgc of the isRecycled attribute of object with objectGUID G from a GC by calling method IDL_DRSVerifyNames. IDL_DRSVerifyNames is explained in [MS-DRSR] section 4.1.27.
If Vgc is true and attribute A is a linked attribute, remove value V from attribute A. This removal is not replicated to any other DCs.
If N!name ≠ D then replace value V of attribute A with N!name. This replacement is not replicated to any other DCs.
If attribute A is a link value and the RDN of N!name is a delete-mangled RDN (see section 188.8.131.52.5), the value V is to be treated as a linked value to or from a deleted-object. That is, the value is not generally visible to LDAP clients unless the LDAP_SHOW_DEACTIVATED_LINK_OID control is used.
If attribute A is a link value and the RDN of N!name is not a delete-mangled RDN (see section 184.108.40.206.5), the value V is to be treated as a normal linked value. That is, the value is generally visible to LDAP clients.