3.1.1.5.2.8.1 Constraints

Regular Add operation constraints apply to the NC-Add operation (as defined in previous sections), with the exception of constraints pertaining to the parent object (for example, the possSuperiors schema constraint).

There are two distinct NC-Add scenarios that are supported with regard to maintaining crossRef requirements:

  1. The crossRef corresponding to the new NC does not exist. In this case, a new crossRef object is created. If the DC is the domain naming FSMO, then the crossRef is created locally. Otherwise, the crossRef is created on the domain naming FSMO DC using the IDL_DRSAddEntry call with appropriate parameters (see [MS-DRSR] section 4.1.1 for details).

  2. The crossRef corresponding to the new NC has been pre-created (that is, it was created previously). The crossRef object is located finding the object where the value of nCName matches the DN of the NC being created. Once located, the following constraints on the crossRef are validated:

    1. If Enabled is true, the server MUST return ERROR_DS_CROSS_REF_EXISTS.

    2. If the dnsRoot attribute value does not match the dnsName of the DC processing the NC-Add operation, the server MUST return ERROR_DS_MASTERDSA_REQUIRED.