3.5.4.4.11 NetrChainSetClientAttributes (Opnum 49)

When an RODC receives either the NetrServerAuthenticate3 method or the NetrLogonGetDomainInfo method with updates requested, it SHOULD<191> invoke the NetrChainSetClientAttributes method on a normal (writable) DC to update to a client's computer account object in Active Directory.

 NTSTATUS NetrChainSetClientAttributes(
   [in, string, ref] LOGONSRV_HANDLE PrimaryName,
   [in, string, ref] wchar_t* ChainedFromServerName,
   [in, string, ref] wchar_t* ChainedForClientName,
   [in, ref] PNETLOGON_AUTHENTICATOR Authenticator,
   [in, out, ref] PNETLOGON_AUTHENTICATOR ReturnAuthenticator,
   [in] DWORD dwInVersion,
   [in, ref] [switch_is(dwInVersion)] 
     NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES* pmsgIn,
   [in, out, ref] DWORD* pdwOutVersion,
   [in, out, ref] [switch_is(*pdwOutVersion)] 
     NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES* pmsgOut
 );

PrimaryName: The custom RPC binding handle, as specified in section 3.5.4.1.

ChainedFromServerName: The null-terminated Unicode string that contains the name of the read-only DC that issues the request.

ChainedForClientName: The null-terminated Unicode string that contains the name of the client computer that called NetrServerAuthenticate3 or NetrLogonGetDomainInfo on the RODC.

Authenticator: A pointer to a NETLOGON_AUTHENTICATOR structure that contains the client authenticator.

ReturnAuthenticator: A pointer to a NETLOGON_AUTHENTICATOR structure that contains the server return authenticator.

dwInVersion: One of the NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES union types selected based on the value of the pmsgIn field. The value MUST be 1.

pmsgIn: A pointer to an NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES_V1 structure that contains the values to update on the client's computer account object in Active Directory on the normal (writable) DC.

pdwOutVersion: A pointer to one of the NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES union types selected based on the value of the pmsgIn field. The value MUST be 1.

pmsgOut: A pointer to an NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES_V1 structure that contains information on the client workstation and the writable domain controller. For how it is populated by the server, see below.

Return Values: The method returns 0x00000000 on success.

On receiving this call, the normal (writable) DC MUST perform the following validation steps.

  • Verify that the server is a normal (writable) DC machine; otherwise, the server MUST return STATUS_NOT_SUPPORTED.

  • Verify that the dwInVersion parameter is set to 1. All other values are invalid and STATUS_NOT_SUPPORTED MUST be returned.

  • Verify that the pdwOutVersion parameter is set to 1. All other values are invalid and STATUS_NOT_SUPPORTED MUST be returned.

  • Verify that the Authenticator passed, and compute the ReturnAuthenticator, as specified in section 3.1.4.5. If the Authenticator verification fails, the server MUST return STATUS_ACCESS_DENIED.<192>

The return structure MUST be generated as follows:

  • NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES.HubName MUST be set to the NetBIOS name of the writable domain controller.

  • If NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES.OldDnsHostName is not NULL, it MUST be set to the client's DNS host name, if any. If there was a change in domain naming, this value holds the previous DNS host name.

  • If NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES.SupportedEncTypes is not NULL, it MUST be set to the supported encryption algorithms.

Show: