Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All DSRUpdateReadOnlyServerDnsRecords (Opnum 48)

The DsrUpdateReadOnlyServerDnsRecords method will allow an RODC to send a control command to a normal (writable) DC for site-specific and CName types of DNS records update. For registration, site-specific records SHOULD be for the site in which RODC resides. For the types of DNS records, see [MS-ADTS] section 6.3.2.

 NTSTATUS DsrUpdateReadOnlyServerDnsRecords(
   [in, unique, string] LOGONSRV_HANDLE ServerName,
   [in, string] wchar_t* ComputerName,
   [in] PNETLOGON_AUTHENTICATOR Authenticator,
   [out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator,
   [in, unique, string] wchar_t* SiteName,
   [in] unsigned long DnsTtl,
   [in, out] PNL_DNS_NAME_INFO_ARRAY DnsNames

ServerName: The custom RPC binding handle (as specified in section that represents the connection to the normal (writable) DC.

ComputerName: A null-terminated Unicode string that contains the client computer NetBIOS name.

Authenticator: A pointer to a NETLOGON_AUTHENTICATOR structure (as specified in section that contains the client authenticator that will be used to authenticate the client.

ReturnAuthenticator: A pointer to a NETLOGON_AUTHENTICATOR structure that contains the server return authenticator.

SiteName: A pointer to a null-terminated Unicode string that contains the site name where the RODC resides.

DnsTtl: The Time To Live value, in seconds, for DNS records.

DnsNames: A pointer to an NL_DNS_NAME_INFO_ARRAY (section structure that contains an array of NL_DNS_NAME_INFO structures.

Return Values: The method returns 0x00000000 (NO_ERROR) on success; otherwise, it returns a nonzero error code.

On receiving this call, the server performs the following steps:

  • Verifies that the server is a normal (writable) DC; otherwise, the server MUST return STATUS_NOT_SUPPORTED.<239>

  • Verifies that the caller (ComputerName) is an RODC; otherwise, the server MUST return STATUS_NOT_SUPPORTED.

  • Verifies that the Authenticator passed, and compute the ReturnAuthenticator, as specified in section If the Authenticator verification fails, the server MUST return STATUS_ACCESS_DENIED.

  • Validates the requested DNS name type. Only site-specific and CName types are supported. For an unsupported DNS name type, sets the DNS name status to STATUS_NOT_SUPPORTED.

  • Validates the site name for site-specific DNS name registration. Sets DNS name status to STATUS_ACCESS_DENIED for an invalid site name.

  • Validates Ndnc domain name for the registration of NlDnsNdncDomainName DnsDomainInfoType. Sets DNS name status to STATUS_ACCESS_DENIED for an invalid Ndnc domain name.

This method can be called only by a machine that has established a secure channel with the server.

© 2015 Microsoft