4.1.17.3 Server Behavior of the IDL_DRSRemoveDsDomain Method

Informative summary of behavior: Removes the crossRef object that defines a domain NC. Fails if any DC is currently hosting this domain as its default NC, as indicated by the state of that DC's nTDSDSA object. Fails if the server is not the Domain Naming FSMO role owner for the forest.

The removal of the crossRef object signals any DC currently hosting a partial replica of the removed domain NC to remove that replica from its state.

This method undoes the effects of the IDL_DRSAddEntry method when IDL_DRSAddEntry is used to create a crossRef object.

The IDL_DRSRemoveDsServer method removes the state within a forest, including the state on a DC's nTDSDSA object, associated with hosting a domain as a default NC on some DC. Therefore, IDL_DRSRemoveDsServer can be used to establish a precondition for the success of IDL_DRSRemoveDsDomain.

 ULONG
 IDL_DRSRemoveDsDomain(
     [in, ref] DRS_HANDLE hDrs,
     [in] DWORD dwInVersion,
     [in, ref, switch_is(dwInVersion)]
         DRS_MSG_RMDMNREQ *pmsgIn,
     [out, ref] DWORD *pdwOutVersion,
     [out, ref, switch_is(*pdwOutVersion)]
         DRS_MSG_RMDMNREPLY *pmsgOut);
  
 domainDN: unicodestring
 otherNtdsdsa: DSName
 cr: DSName
 rt: ULONG
  
 ValidateDRSInput(hDrs, 15)
  
 pdwOutVersion^ := 1
 pmsgOut^.V1.Reserved := 0
  
 if dwInVersion ≠ 1 then
   return ERROR_INVALID_PARAMETER
 endif
  
 domainDN := pmsgIn^.V1.DomainDN
  
 if domainDN = null or domainDN = "" then
   return ERROR_INVALID_PARAMETER
 endif
  
 /* This function cannot be called on a DC for the domain 
  * to be removed. */
 if DefaultNC().dn = domainDN then
   return ERROR_DS_ILLEGAL_MOD_OPERATION
 endif
  
 /* Make sure no DCs still have NC replicas of this domain NC. */
 otherNtdsdsa := select one o from ConfigNC() where
              (nTDSDSA in o!objectClass) and
              (domainDN in o!hasMasterNCs or
               domainDN in o!msDS-hasMasterNCs)
 if otherNtdsdsa ≠ null then
   return ERROR_DS_NC_STILL_HAS_DSAS
 endif
  
 /* Find the crossRef object for the domain named by domainDN. */
 cr := select one o from ConfigNC() where
         (o!nCName = domainDN) and (crossRef in o!objectClass)
  
 if cr = null then
   return ERROR_DS_NO_CROSSREF_FOR_NC
 endif
  
 /* Make sure we are the Domain Naming FSMO role owner */
 if GetFSMORoleOwner(FSMO_DOMAIN_NAMING) ≠ DSAObj()) then
   /* We are not the Domain Naming FSMO role owner */  
   return ERROR_DS_OBJ_NOT_FOUND
 else
   /* We are the Domain Naming FSMO role owner. If the Config NC
    * has not replicated at least once since startup, our ownership
    * of the NC is not considered to be verified, so exit
    * with an error. */
   if not HasNCReplicated(ConfigNC()) then
     return ERROR_DS_ROLE_NOT_VERIFIED;
   endif
 endif
  
 if (not AccessCheckObject(cr, RIGHT_DELETE)) and
    (not AccessCheckObject(cr.parent, RIGHT_DS_DELETE_CHILD)) then
   return ERROR_ACCESS_DENIED
 endif
  
 rt:= RemoveObj(cr,false)
 if rt ≠ 0 then
   return rt
 endif
  
 DelSubRef(cr!ncName)
 return 0