3.1.1.12.4 Verify Conditions

Before an NC Rename operation is performed, the following conditions must be true for the abstract data of the DC performing the rename and the NCRenameDescription tuple (section 3.1.1.12.1.11) describing the operation, hereafter called NR.

  • NR.ConfigurationNCGuid is the GUID of a writable object in an NC replica hosted on this DC.

  • The value of the msDS-ReplicationEpoch attribute on the DC's NTDS Settings object (section 6.1.1.2.2.1.2.1.1) does not equal NR.NewReplicationEpoch.

  • The number of crossRef objects that refer to domain NCs in the Partitions container (that is, the count of domain crossrefs) equals NR.DomainsCount.

  • For every NCDescription AppNC in NR.AppNCs:

    • AppNC.CrossRefGuid is the GUID of a writable object in an NC replica hosted on this DC.

    • The DN of the object whose GUID is AppNC.CrossRefGuid equals AppNC.ExistingDN.

  • For every DomainDescription Domain in the union of NR.AllDomains:

    • Domain.CrossRefGuid is the GUID of a writable object in an NC replica hosted on this DC.

    • The value of the nCName attribute on the object whose GUID is Domain.CrossRefGuid equals Domain.ExistingDN.

    • There does not exist an object in an NC replica hosted on this DC whose DN is "CN=Domain.NewFlatName,CN=Partitions,CN=Configuration,NR.RootDomain.ExistingDN".

    • For every ServerDescription Server in Domain.Servers:

      • Server.serverGuid is the GUID of a writable object in an NC replica hosted on this DC.

      • Every value in Server.SPNs exists as a value of the servicePrincipalName attribute on the object whose DN is Server.ExistingDN.

    • For every TrustedDomainObjectDescription TrustedDomainObject in Domain.TrustedDomainObjects:

      • TrustedDomainObject.Guid refers to a writable object in an NC replica hosted on this DC.

      • The value of the securityIdentifier attribute on the object whose GUID is TrustedDomainObject.Guid equals TrustedDomainObject.SID.

      • There does not exist an object whose DN is "CN=TrustedDomainObject.NewTrustPartnerDNSName".

    • For every InterdomainTrustAccountDescription InterdomainTrustAccount in Domain.InterdomainTrustAccounts:

      • InterdomainTrustAccount.Guid refers to a writable object in an NC replica hosted on this DC.

      • The value of the sAMAccountName attribute on the object whose GUID is InterdomainTrustAccount.Guid equals InterdomainTrustAccount.ExistingFlatName.

      • There does not exist an object whose DN is "CN=InterdomainTrustAccount.NewFlatName,InterdomainTrustAccount.ParentDNFromDomainDN,Domain.NewDN".

    • The number of objects of class trustedDomain that are children of the object whose DN is "CN=System,Domain.ExistingDN" equals Domain.CountTrusts.

If an NC Rename operation is attempted when any of these conditions are not met, the NC Rename operation is not performed and the operation returns an error. This protocol does not prescribe what error is to be returned; the value of the error is strictly for implementation debugging purposes, and clients cannot rely on consistent or meaningful return codes.