2.7.1.6 Cross-Domain Move - Client Application
In this use case, cross-domain movement of an object is performed between two domain controllers that are present in different domains.
Goal
To move an object from one domain to another domain.
Context of Use
To perform cross-domain movement when an object is required to be moved from one domain to another domain. An administrator launches the client application in order to perform the action.

Figure 12: Use case diagram for performing a cross-domain move
Actors
Client application
The client application is the primary actor that initiates the cross-domain move of a particular object.
Windows Authentication Services
Windows Authentication Services [MS-AUTHSOD] is the supporting actor that authenticates the administrator's identity. This is done so that access control decisions can be made by the Active Directory system.
Domain Controller 1 (DC1)
DC1 is the supporting actor that is a domain controller in a domain.
Domain Controller 2 (DC2)
DC2 is the supporting actor that is a domain controller in another domain.
Stakeholders
Domain administrators and applications
Domain administrators and applications are the entities that move objects from one domain to another.
Preconditions
The environment, as described in section 2.5, is in place and the system-wide preconditions, as described in section 2.6, are satisfied. The Active Directory system completes initialization, as described in section 2.6.
DC1 and DC2 are in different domains.
The requester has permissions to perform a cross-domain move operation, as described in [MS-ADTS] section 3.1.1.5.4.2.1.
Main Success Scenario
Trigger: An administrator triggers a request on the domain client to move an object from DC1 to DC2.
The client application establishes a connection to DC1. Windows Authentication Services authenticates the client application using the supplied credentials ([MS-AUTHSOD] section 2).
The domain client sends a Modify DN request to DC1 for movement of the object, as specified in [MS-ADTS] section 3.1.1.5.4.
DC1 sends an interdomain move request to DC2, as specified in [MS-ADTS] section 3.1.1.5.4.2.3.
DC2 adds a new object to its replica.
DC1 creates a proxy object and deletes the original object.
Postcondition
An object is moved from one domain to the other.
Extensions
None.