6.1.1.2.1.1 Cross-Ref Objects
The following is the description of the flags and their meaning for crossRef objects stored in systemFlags. The flags are presented in big-endian byte order.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
G |
D |
N |
X: Unused. Must be zero and ignored.
NC (FLAG_CR_NTDS_NC, 0x00000001): NC exists within the forest (not external).
D (FLAG_CR_NTDS_DOMAIN, 0x00000002): NC is a domain.
GC (FLAG_CR_NTDS_NOT_GC_REPLICATED, 0x00000004): NC MUST not be replicated to GC servers as a read-only replica.
The following attributes and attribute values are common to crossRef objects representing all NC types:
parent: crossRefContainer object
objectClass: crossRef
Enabled: If FALSE, this is a "pre-created" crossRef; that is, the crossRef exists, but the corresponding NC root does not yet exist. See section 3.1.1.5.2.8.
dnsRoot: If Enabled equals FALSE, in AD DS dnsRoot holds the DNS name of the DC that will create the root of this NC. If Enabled equals FALSE, in AD LDS, dnsRoot holds the DNS name of the DC that will create the root of this NC followed by a colon (":"), followed by the LDAP port number used by the DC, followed by another colon (":"), followed by the SSL port number used by the DC. If Enabled is not FALSE, in AD DS dnsRoot holds the fully qualified DNS name used for LDAP referrals (section 3.1.1.4.6). If Enabled is not FALSE, in AD LDS dnsRoot is absent.
nCName: If Enabled is not FALSE, a reference to the NC root corresponding to this crossRef.
msDS-Replication-Notify-First-DSA-Delay: Indicates the number of seconds that each DC MUSTÂ delay after receiving updates (originating or replicated) to objects in the NC referred to by nCName before the DC notifies another DC of updates received according to the DCs local repsTos. See IDL_DRSReplicaSync in [MS-DRSR] section 4.1.23.
msDS-Replication-Notify-Subsequent-DSA-Delay: Indicates the number of seconds that each DC MUST delay after notifying the first DC of updates received to objects in the NC referred to by nCName before notifying each additional DC according to the DCs local repsTos. See IDL_DRSReplicaSync in [MS-DRSR] section 4.1.23.