3.5.4.6.1 NetrDatabaseDeltas (Opnum 7)

The NetrDatabaseDeltas method SHOULD<220> return a set of changes (or deltas) performed to the SAM database, SAM built-in database, or LSA databases after a particular value of the database serial number. It is used by BDCs to request database changes from the PDC that are missing on the BDC.

 NTSTATUS NetrDatabaseDeltas(
   [in, string] LOGONSRV_HANDLE PrimaryName,
   [in, string] wchar_t* ComputerName,
   [in] PNETLOGON_AUTHENTICATOR Authenticator,
   [in, out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator,
   [in] DWORD DatabaseID,
   [in, out] PNLPR_MODIFIED_COUNT DomainModifiedCount,
   [out] PNETLOGON_DELTA_ENUM_ARRAY* DeltaArray,
   [in] DWORD PreferredMaximumLength
 );

PrimaryName: The custom binding handle (as defined in section 3.5.4.1) that represents the connection to the PDC.

ComputerName: The null-terminated Unicode string that contains the NetBIOS name of the BDC calling this method.

Authenticator: A pointer to a NETLOGON_AUTHENTICATOR structure that contains the client authenticator.

ReturnAuthenticator: A pointer to a NETLOGON_AUTHENTICATOR structure that contains the server return authenticator.

DatabaseID: The identifier for a specific account database set as follows:

Value

Meaning

0x00000000

Indicates the SAM database.

0x00000001

Indicates the SAM built-in database.

0x00000002

Indicates the LSA database.

DomainModifiedCount: A pointer to an NLPR_MODIFIED_COUNT structure, as specified in section 2.2.1.5.26, that contains the database serial number. On input, this is the value of the database serial number on the client. On output, this is the value of the database serial number corresponding to the last element (delta) returned in the DeltaArray parameter.

DeltaArray: A pointer to a NETLOGON_DELTA_ENUM_ARRAY structure that contains an array of enumerated changes (deltas) to the specified database with database serial numbers larger than the database serial number value specified in the input value of the DomainModifiedCount parameter.

PreferredMaximumLength: The value that specifies the preferred maximum size, in bytes, of data to return in the DeltaArray parameter. This is not a hard upper limit but serves as a guide to the server. The server SHOULD<221> stop including elements in the returned DeltaArray after the size of the returned data equals or exceeds the value of the PreferredMaximumLength parameter. It is up to the client implementation to choose the value for this parameter.

Return Values: The method returns 0x00000000 on success; otherwise, it returns a nonzero error code.

The synchronization that this method performs is not a full synchronization; rather, a subset of database changes is returned. To perform a full synchronization, call NetrDatabaseSync.

The server that receives this call MUST do the following:

  • Verify that the client is a BDC.

  • Verify the client authenticator. The server MUST return status code STATUS_ACCESS_DENIED if the verification fails.

  • Validate that DatabaseID is one of the allowed values, 0x00000000 through 0x00000002. If the DatabaseID is not one of these values, the server MUST return the status code STATUS_INVALID_LEVEL.

  • Given the BDC database serial number, obtain all database records that are missing on the BDC and return the array of deltas, NETLOGON_DELTA_ENUM_ARRAY, for the missing records. The number of elements returned is affected by the value of the PreferredMaximumLength parameter. The server SHOULD<222> stop including elements in the returned array after the size of the returned data equals or exceeds the value of the PreferredMaximumLength parameter. The server SHOULD also limit the number of elements per local configuration to avoid large array allocations.

  • Compute and return the server authenticator.

  • The server MUST set the value of the DomainModifiedCount parameter to the database serial number of the last delta returned in the array.

  • If not all missing records are returned, the server MUST return the status code STATUS_MORE_ENTRIES.

  • The server maintains and updates a state that indicates the client progress in the synchronization protocol, as defined in section 3.6.