3.4.4.6.8.5 Authorization Error
If the client sends a request where any of the following are true:
The FSMO role specified by the MoveADOperationMasterRoleRequest/OperationMasterRole element is the "DomainNamingMaster" and the client does not have the "Change-Domain-Master" control access right on the Partitions container in the config NC (as described in [MS-ADTS] section 3.1.1.3.3.1).
The FSMO specified by the MoveADOperationMasterRoleRequest/OperationMasterRole element is the "InfrastructureMaster" and the client does not have the "Change-Infrastructure-Master" control access right on the Infrastructure container in the domain NC (as described in [MS-ADTS] section 3.1.1.3.3.2).
The FSMO specified by the element MoveADOperationMasterRoleRequest/OperationMasterRole is the "PDCEmulator" and the client does not have the "Change-PDC" control access right on the root of the domain NC (as described in [MS-ADTS] section 3.1.1.3.3.3).
The FSMO specified by the MoveADOperationMasterRoleRequest/OperationMasterRole element is the "RIDMaster" and the client does not have the "Change-Rid-Master" control access right on the RID Manager object, or the client does not have read permission on the RIDManagerReference attribute on the root of the domain NC (as described in [MS-ADTS] section 3.1.1.3.3.5).
The FSMO specified by the element MoveADOperationMasterRoleRequest/OperationMasterRole is the "SchemaMaster" and the client does not have the "Change-Schema-Master" control access right on the root of the schema NC (as described in [MS-ADTS] section 3.1.1.3.3.6).
Then the server MUST return a SOAP fault with a MoveADOperationMasterRoleFault fault subcode. The fault detail SHOULD be as specified in the following table.
|
Field |
Value |
|---|---|
|
[Code] |
soapenv:Receiver |
|
[Subcode] |
MoveADOperationMasterRoleFault |
|
[Action] |
http://schemas.microsoft.com/2008/1/ActiveDirectory/Data/fault |
|
[Reason] |
Active Directory returned an error processing the operation. |
|
[Detail] |
|