2.7.1.6 Cross-Domain Move - Client Application

In this use case, cross-domain movement of an object is performed between two domain controllers that are present in different domains.

Goal

To move an object from one domain to another domain.

Context of Use

To perform cross-domain movement when an object is required to be moved from one domain to another domain. An administrator launches the client application in order to perform the action.

Use case diagram for performing a cross-domain move

Figure 12: Use case diagram for performing a cross-domain move

Actors

  • Client application

    The client application is the primary actor that initiates the cross-domain move of a particular object.

  • Windows Authentication Services

    Windows Authentication Services [MS-AUTHSOD] is the supporting actor that authenticates the administrator's identity. This is done so that access control decisions can be made by the Active Directory system.

  • Domain Controller 1 (DC1)

    DC1 is the supporting actor that is a domain controller in a domain.

  • Domain Controller 2 (DC2)

    DC2 is the supporting actor that is a domain controller in another domain.

Stakeholders

  • Domain administrators and applications

    Domain administrators and applications are the entities that move objects from one domain to another.

Preconditions

  • The environment, as described in section 2.5, is in place and the system-wide preconditions, as described in section 2.6, are satisfied. The Active Directory system completes initialization, as described in section 2.6.

  • DC1 and DC2 are in different domains.

  • The requester has permissions to perform a cross-domain move operation, as described in [MS-ADTS] section 3.1.1.5.4.2.1.

Main Success Scenario

  1. Trigger: An administrator triggers a request on the domain client to move an object from DC1 to DC2.

  2. The client application establishes a connection to DC1. Windows Authentication Services authenticates the client application using the supplied credentials ([MS-AUTHSOD] section 2).

  3. The domain client sends a Modify DN request to DC1 for movement of the object, as specified in [MS-ADTS] section 3.1.1.5.4.

  4. DC1 sends an interdomain move request to DC2, as specified in [MS-ADTS] section 3.1.1.5.4.2.3.

  5. DC2 adds a new object to its replica.

  6. DC1 creates a proxy object and deletes the original object.

Postcondition

An object is moved from one domain to the other.

Extensions

None.