3.4.5.4.1 Calling NetrDatabaseDeltas

The client calling this method MUST be a backup domain controller (BDC). It MUST do the following:

  • Pass a valid PDC name as the PrimaryName parameter.

  • Pass the client BDC name as the ComputerName parameter.

  • Pass a valid client Netlogon authenticator as the Authenticator parameter.

  • Pass a valid database identifier as the DatabaseID parameter as follows:

    • For the SAM database, the DatabaseID parameter MUST be 0x00000000.

    • For the SAM built-in database, the DatabaseID parameter MUST be 0x00000001.

    • For the LSA database, the DatabaseID parameter MUST be 0x00000002.

  • Pass the value of the local database serial number as the DomainModifiedCount.

  • Pass the preferred maximum length of data to be returned in the DeltaArray parameter as the PreferredMaximumLength parameter.

On receiving the STATUS_MORE_ENTRIES status code, the client continues calling this routine in a loop updating DomainModifiedCount until all missing database entries are received. On receiving the STATUS_SUCCESS status code, the client terminates the loop. The client MAY terminate the loop early without receiving all entries. For example, if the client chooses to do so on a system shutdown notification.

On receiving STATUS_ACCESS_DENIED, the client SHOULD<119> reestablish the secure channel with the domain controller.