5.39 DRS_EXTENSIONS_INT
The DRS_EXTENSIONS_INT structure is a concrete type for structured capabilities information used in version negotiation.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
cb |
|||||||||||||||||||||||||||||||
dwFlags |
|||||||||||||||||||||||||||||||
SiteObjGuid (16 bytes) |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
Pid |
|||||||||||||||||||||||||||||||
dwReplEpoch |
|||||||||||||||||||||||||||||||
dwFlagsExt |
|||||||||||||||||||||||||||||||
ConfigObjGUID (16 bytes) |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
dwExtCaps |
cb (4 bytes): The count of bytes in the fields dwFlags through dwExtCaps, inclusive.<38><39><40> This field allows the DRS_EXTENSIONS_INT structure to be extended by including new fields at the end of the structure.
dwFlags (4 bytes): The dwFlags field contains individual bit flags that describe the capabilities of the DC that produced the DRS_EXTENSIONS_INT structure.<41>
-
The following table lists the bit flags, which are presented in little-endian byte order.
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1A
EU
OD
CD
FM
VR
MA
SB
A
SS
EG
R
IC
BI
N
RD
C
2L
V
RA
E
2K
EA
N
CG
C
6G
M
2G
C
5P
B
3S
HT
MD
C
FR
3R
2G
C
10D
F
2W
B
3G
R
6G
R
5G
C
8 -
BAS (DRS_EXT_BASE, 0x00000001): Unused. SHOULD be 1 and MUST be ignored.
-
AS (DRS_EXT_ASYNCREPL, 0x00000002): If present, signifies that the DC supports DRS_MSG_REPADD_V2.
-
RM (DRS_EXT_REMOVEAPI, 0x00000004): If present, signifies that the DC supports IDL_DRSRemoveDsServer and IDL_DRSRemoveDsDomain.
-
MV (DRS_EXT_MOVEREQ_V2, 0x00000008): If present, signifies that the DC supports DRS_MSG_MOVEREQ_V2.
-
DF (DRS_EXT_GETCHG_DEFLATE, 0x00000010): If present, signifies that the DC supports DRS_MSG_GETCHGREPLY_V2.
-
DC (DRS_EXT_DCINFO_V1, 0x00000020): If present, signifies that the DC supports IDL_DRSDomainControllerInfo.
-
UO (DRS_EXT_RESTORE_USN_OPTIMIZATION, 0x00000040): Unused. SHOULD be 1 and MUST be ignored.
-
AE (DRS_EXT_ADDENTRY, 0x00000080): If present, signifies that the DC supports IDL_DRSAddEntry.
-
KE (DRS_EXT_KCC_EXECUTE, 0x00000100): If present, signifies that the DC supports IDL_DRSExecuteKCC.
-
AE2 (DRS_EXT_ADDENTRY_V2, 0x00000200): If present, signifies that the DC supports DRS_MSG_ADDENTRYREQ_V2.
-
LVR (DRS_EXT_LINKED_VALUE_REPLICATION, 0x00000400): If present, signifies that the DC supports link value replication, and this support is enabled.
-
DC2 (DRS_EXT_DCINFO_V2, 0x00000800): If present, signifies that the DC supports DRS_MSG_DCINFOREPLY_V2.
-
INR (DRS_EXT_INSTANCE_TYPE_NOT_REQ_ON_MOD, 0x00001000): Unused. SHOULD be 1 and MUST be ignored.
-
CB (DRS_EXT_CRYPTO_BIND, 0x00002000): A client-only flag. If present, it indicates that the security provider used for the connection supports session keys through RPC (example, Kerberos connections with mutual authentication enable RPC to expose session keys, but NTLM connections do not enable RPC to expose session keys).
-
GRI (DRS_EXT_GET_REPL_INFO, 0x00004000): If present, signifies that the DC supports IDL_DRSGetReplInfo.
-
SE (DRS_EXT_STRONG_ENCRYPTION, 0x00008000): If present, signifies that the DC supports additional 128-bit encryption for passwords over the wire. DCs MUST NOT replicate passwords to other DCs that do not support this extension.
-
DCF (DRS_EXT_DCINFO_VFFFFFFFF, 0x00010000): If present, signifies that the DC supports DRS_MSG_DCINFOREPLY_VFFFFFFFF.
-
TM (DRS_EXT_TRANSITIVE_MEMBERSHIP, 0x00020000): If present, signifies that the DC supports IDL_DRSGetMemberships.
-
SH (DRS_EXT_ADD_SID_HISTORY, 0x00040000): If present, signifies that the DC supports IDL_DRSAddSidHistory.
-
PB3 (DRS_EXT_POST_BETA3, 0x00080000): Reserved. MUST be set to 1 and ignored.
-
GC5 (DRS_EXT_GETCHGREQ_V5, 0x00100000): If present, signifies that the DC supports DRS_MSG_GETCHGREQ_V5.
-
GM2(DRS_EXT_GETMEMBERSHIPS2, 0x00200000): If present, signifies that the DC supports IDL_DRSGetMemberships2.
-
GC6 (DRS_EXT_GETCHGREQ_V6, 0x00400000): Unused. This bit was used for a pre-release version of Windows. No released version of Windows references it. This bit can be set or unset with no change in behavior.
-
ANC (DRS_EXT_NONDOMAIN_NCS, 0x00800000): If present, signifies that the DC supports application NCs.
-
GC8 (DRS_EXT_GETCHGREQ_V8, 0x01000000): If present, signifies that the DC supports DRS_MSG_GETCHGREQ_V8.
-
GR5 (DRS_EXT_GETCHGREPLY_V5, 0x02000000): Unused. SHOULD be 1 and MUST be ignored.
-
GR6 (DRS_EXT_GETCHGREPLY_V6, 0x04000000): If present, signifies that the DC supports DRS_MSG_GETCHGREPLY_V6.
-
WB3 (DRS_EXT_WHISTLER_BETA3, 0x08000000): If present, signifies that the DC supports DRS_MSG_ADDENTRYREPLY_V3, DRS_MSG_REPVERIFYOBJ, DRS_MSG_GETCHGREPLY_V7, and DRS_MSG_QUERYSITESREQ_V1.
-
DF2 (DRS_EXT_W2K3_DEFLATE, 0x10000000): If present, signifies that the DC supports the W2K3 AD deflation library.
-
GC10 (DRS_EXT_GETCHGREQ_V10, 0x20000000): If present, signifies that the DC supports DRS_MSG_GETCHGREQ_V10.
-
R2 (DRS_EXT_RESERVED_FOR_WIN2K_OR_DOTNET_PART2, 0x40000000): Unused. MUST be 0 and ignored.
-
R3 (DRS_EXT_RESERVED_FOR_WIN2K_OR_DOTNET_PART3, 0x80000000): Unused. MUST be 0 and ignored.
SiteObjGuid (16 bytes): A GUID. The objectGUID of the site object of which the DC's DSA object is a descendant. For non-DC client callers, this field SHOULD be set to zero.
Pid (4 bytes): A 32-bit, signed integer value that specifies a process identifier. The client sets the Pid field to the current client process, or the server sets the Pid to the current server process. This is for informational and debugging purposes only. The assignment of this field is implementation-specific.<42>
dwReplEpoch (4 bytes): A 32-bit, unsigned integer value that specifies the replication epoch. This value is set to zero by all client callers. The server sets this value by assigning the value of msDS-ReplicationEpoch from its nTDSDSA object. If dwReplEpoch is not included in DRS_EXTENSIONS_INT, the value is considered to be zero.<43>
dwFlagsExt (4 bytes): An extension of the dwFlags field that contains individual bit flags. These bit flags determine which extended capabilities are enabled in the DC that produced the DRS_EXTENSIONS_INT structure. For non-DC client callers, no bits SHOULD be set. If dwFlagsExt is not included in DRS_EXTENSIONS_INT, all bit flags are considered unset.
-
The following table lists the bit flags, which are presented in little-endian byte order.<44>
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1X
X
X
X
X
R B
L H
D A
X
X
X
X
X
CID
X
G R 9
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
-
DA (DRS_EXT_ADAM, 0x00000001): If present, signifies that the DC supports DRS_MSG_REPSYNC_V1, DRS_MSG_UPDREFS_V1, DRS_MSG_INIT_DEMOTIONREQ_V1, DRS_MSG_REPLICA_DEMOTIONREQ_V1, and DRS_MSG_FINISH_DEMOTIONREQ_V1.
-
LH (DRS_EXT_LH_BETA2, 0x00000002): If present, signifies that the DC supports the DRS_SPECIAL_SECRET_PROCESSING and DRS_GET_ALL_GROUP_MEMBERSHIP flags as well as InfoLevel 3 in DRS_MSG_DCINFOREQ_V1.
-
RB (DRS_EXT_RECYCLE_BIN, 0x00000004): If present, signifies that the DC has enabled the Recycle Bin optional feature.
-
GR9 (DRS_EXT_GETCHGREPLY_V9, 0x00000100): If present, signifies that the DC supports DRS_MSG_GETCHGREPLY_V9.
-
CID (DRS_EXT_RPC_CORRELATIONID_1, 0x00000400): If present, signifies that the DC supports DRS_MSG_GETCHGREQ_V11 (section 4.1.10.2.8), DRS_MSG_REPADD_V3 (section 4.1.19.1.4), DRS_MSG_REPSYNC_V2 (section 4.1.23.1.3), and DRS_MSG_UPDREFS_V2 (section 4.1.26.1.3).
ConfigObjGUID (16 bytes): A GUID. This field is set to zero by all client callers. The server sets this field by assigning it the value of the objectGUID of the config NC object. If ConfigObjGUID is not included in DRS_EXTENSIONS_INT, the value is considered to be the NULL GUID value.<45>
dwExtCaps (4 bytes): A mask for the dwFlagsExt field that contains individual bit flags. These bit flags describe the potential extended capabilities of the DC that produced the DRS_EXTENSIONS_INT structure. For non-DC client callers, no bits SHOULD be set. If neither dwFlagsExt nor dwExtCaps is included in DRS_EXTENSIONS_INT, all bits in dwExtCaps are considered unset. If dwFlagsExt is included in DRS_EXTENSIONS_INT but dwExtCaps is not, all relevant bits in dwExtCaps (as explained below) are implicitly set.<46>
-
Each bit in dwExtCaps corresponds exactly to each bit in dwFlagsExt. If the DC that produced the DRS_EXTENSIONS_INT structure supports a capability described by a bit in the dwFlagsExt field (that is, the bit either is or could potentially be set), then the corresponding bit in dwExtCaps MUST be set. If a bit in dwExtCaps is not set, it is assumed that the corresponding bit in dwFlagsExt will not and cannot be set.
-
Note The dwExtCaps field is relevant only for capabilities that are labeled as "optional features" in the bit descriptions of dwFlagsExt. The bits in dwExtCaps that correspond to capabilities in dwFlagsExt that are not labeled as "optional features" MUST NOT be different from the setting of the dwFlagsExt bits. Currently, the capabilities represented by the DA and LH bits fit into this category.