4.1.17.3 Server Behavior of the IDL_DRSRemoveDsDomain Method
Informative summary of behavior: Removes the crossRef object that defines a domain NC. Fails if any DC is currently hosting this domain as its default NC, as indicated by the state of that DC's nTDSDSA object. Fails if the server is not the Domain Naming FSMO role owner for the forest.
The removal of the crossRef object signals any DC currently hosting a partial replica of the removed domain NC to remove that replica from its state.
This method undoes the effects of the IDL_DRSAddEntry method when IDL_DRSAddEntry is used to create a crossRef object.
The IDL_DRSRemoveDsServer method removes the state within a forest, including the state on a DC's nTDSDSA object, associated with hosting a domain as a default NC on some DC. Therefore, IDL_DRSRemoveDsServer can be used to establish a precondition for the success of IDL_DRSRemoveDsDomain.
-
ULONG IDL_DRSRemoveDsDomain( [in, ref] DRS_HANDLE hDrs, [in] DWORD dwInVersion, [in, ref, switch_is(dwInVersion)] DRS_MSG_RMDMNREQ *pmsgIn, [out, ref] DWORD *pdwOutVersion, [out, ref, switch_is(*pdwOutVersion)] DRS_MSG_RMDMNREPLY *pmsgOut); domainDN: unicodestring otherNtdsdsa: DSName cr: DSName rt: ULONG ValidateDRSInput(hDrs, 15) pdwOutVersion^ := 1 pmsgOut^.V1.Reserved := 0 if dwInVersion ≠ 1 then return ERROR_INVALID_PARAMETER endif domainDN := pmsgIn^.V1.DomainDN if domainDN = null or domainDN = "" then return ERROR_INVALID_PARAMETER endif /* This function cannot be called on a DC for the domain * to be removed. */ if DefaultNC().dn = domainDN then return ERROR_DS_ILLEGAL_MOD_OPERATION endif /* Make sure no DCs still have NC replicas of this domain NC. */ otherNtdsdsa := select one o from ConfigNC() where (nTDSDSA in o!objectClass) and (domainDN in o!hasMasterNCs or domainDN in o!msDS-hasMasterNCs) if otherNtdsdsa ≠ null then return ERROR_DS_NC_STILL_HAS_DSAS endif /* Find the crossRef object for the domain named by domainDN. */ cr := select one o from ConfigNC() where (o!nCName = domainDN) and (crossRef in o!objectClass) if cr = null then return ERROR_DS_NO_CROSSREF_FOR_NC endif /* Make sure we are the Domain Naming FSMO role owner */ if GetFSMORoleOwner(FSMO_DOMAIN_NAMING) ≠ DSAObj()) then /* We are not the Domain Naming FSMO role owner */ return ERROR_DS_OBJ_NOT_FOUND else /* We are the Domain Naming FSMO role owner. If the Config NC * has not replicated at least once since startup, our ownership * of the NC is not considered to be verified, so exit * with an error. */ if not HasNCReplicated(ConfigNC()) then return ERROR_DS_ROLE_NOT_VERIFIED; endif endif if (not AccessCheckObject(cr, RIGHT_DELETE)) and (not AccessCheckObject(cr.parent, RIGHT_DS_DELETE_CHILD)) then return ERROR_ACCESS_DENIED endif rt:= RemoveObj(cr,false) if rt ≠ 0 then return rt endif DelSubRef(cr!ncName) return 0