3.1.1.3.3.18 replicateSingleObject
This operation causes the DC to request replication of a single object, specified in the modify request, from a source DC to the DC processing the request. The requester MUST have the "DS-Replication-Synchronize" control access right on the root of the NC that contains the object to be replicated.
The type of modification specified in the LDAP modify operation does not matter; however the value specified does matter. The value specified for the replicateSingleObject attribute in the modify request contains (1) the DN of the DSA object of the source DC, and (2) the DN of the object to be replicated. These are encoded in the value string as two DNs separated by a colon: "DSA Object DN:Object To Be Replicated DN". Each DN specified is either an [RFC2253]-style DN or one of the alternative DN formats described in section 3.1.1.3.1.2.4. If the value is not in the specified format, the server rejects the request with the error operationsError / ERROR_DS_OBJ_NOT_FOUND.
If the DC is an RODC, an additional colon can be added to the end of the value string, followed by the literal string "SECRETS_ONLY". The presence of this additional parameter indicates that the RODC MUST request replication of the object's secret attributes instead of the other attributes. When this flag is specified, the "DS-Replication-Synchronize" control access right is not checked. Instead, the requester MUST possess the "Read-Only-Replication-Secret-Synchronization" control access right on the root of the NC containing the object whose secret attributes are to be replicated.
This operation is a synchronous operation. The LDAP response is returned by the server after the replication of the object from the source DC to the DC processing the request has completed. However, if the object to be replicated does not exist on the source DC, or if the object to be replicated has been deleted on the source DC, or if the object to be replicated does not have a parent object on the DC processing the request, an error is returned and the replication is not performed.
The following shows an LDIF sample that performs the replicateSingleObject operation. This sample requests that the object whose DN is "CN=TestObject, CN=Users, DC=Fabrikam, DC=com" be replicated from the DC whose nTDSDSA object is "CN=NTDS Settings,CN=TESTDC-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Fabrikam,DC=com".
-
dn: changetype: modify replace: replicateSingleObject replicateSingleObject: CN=NTDS Settings, CN=TESTDC-01,CN=Servers,CN=Default-First-Site-Name, CN=Sites,CN=Configuration,DC=Fabrikam,DC=com:CN=TestObject, CN=Users, DC=Fabrikam, DC=com -