4.1.1.2.3 CreateNtdsDsa

  • Article 
 procedure CreateNtdsDsa( 
   hDrs: DRS_HANDLE,
   e: ENTINF,
   entList: ADDRESS OF ENTINFLIST,
   pmsgOut: ADDRESS OF DRS_MSG_ADDENTRYREPLY,
   ver: DWORD,
   info: ADDRESS OF ADDENTRY_REPLY_INFO): boolean

Informative summary of behavior: This procedure creates an nTDSDSA object.

  
 domainName, domainCR, domain, cr, v,
     partitionsObj, sl, dsaObj: DSName
 accessAllowed: boolean
 dcfl, err: DWORD
 spn: unicodestring
 prefixTable: PrefixTable
  
  
 /* Only attributes and classed in the base schema can be specified.*/
 prefixTable := NewPrefixTable()
  
  
 domainName := GetDomainNameFromEntinf(e)
  
  
 domainCR := select one v from ConfigNC() where v!nCName = domainName
   and crossRef in v!objectClass 
   and FLAG_CR_NTDS_DOMAIN in v!systemFlags
  
  
 domain := select one v from all where v = domainName
  
  
 if domain ≠ null then
   /* Perform access check. */
   accessAllowed :=
       AccessCheckCAR(domain, DS-Replication-Manage-Topology)
 else 
   /* Creating the domain crossRef in the same call is
    * allowed. The call will fail if the caller does not have right
    * to create the crossRef object. */
   accessAllowed := IsDomainToBeCreated(entList, domain)
 endif
  
  
 if not accessAllowed then
   SetErrorData(SV_PROBLEM_DIR_ERROR, serviceError,
       ERROR_ACCESS_DENIED, pmsgOut, ver)
   return false
 endif
 correctOrder := DoAttributesSatisfyPreCheckForCreateNtdsDsa (entList)
  
 if not correctOrder then
   SetErrorData( SV_PROBLEM_DIR_ERROR, serviceError, 
     ERROR_DS_NO_CROSSREF_FOR_NC, pmsgOut, ver)
   return false
 endif
 /* Check for the functional level compliance. The functional level
  * of a DC cannot be less than the functional level of the forest.
  * If the DC is not the first DC in is domain, its functional level
  * cannot be less than the functional level of its domain. */ 
 dcfl := ENTINF_GetValue(e, msDS-Behavior-Version, prefixTable)
 if dcfl = null then
   dcfl := 0
 endif
  
  
 if domain = DefaultNC() and
    dcfl < DefaultNC()!msDS-Behavior-Version then
   SetErrorData(SV_PROBLEM_WILL_NOT_PERFORM, serviceError,
       ERROR_DS_INCOMPATIBLE_VERSION, pmsgOut, ver)
   return false
 endif
  
  
 partitionsObj := DescendantObject(ConfigNC(), "CN=Partitions,")
    
 if dcfl < partitionsObj!msDS-Behavior-Version then
   SetErrorData(SV_PROBLEM_WILL_NOT_PERFORM, serviceError,
       ERROR_DS_INCOMPATIBLE_VERSION, pmsgOut, ver)
   return false
 endif
  
  
 /* serverReference attribute is not updated here; instead, it is used
  * to find the computer object of the DC so that the replication SPN 
  * can be added to the DC's computer object. */
 sl := ENTINF_GetValue(e, serverReference, prefixTable)
 ENTINF_SetValue(e, serverReference, null, prefixTable)
  
  
 /* Create the object in the system context; this is necessary to
  * avoid the system-only class constraint defined in the schema.*/
 err := PerformAddOperationAsSystem(e, dsaObj, prefixTable)
 if err ≠ 0 then
   /* Pick up the error information PerformAddOperationAsSystem set.*/
   SetErrorData(0, 0, 0, pmsgOut, ver)
   return false
 endif
  
  
 /* Find the computer object and update its SPN. */  
 if sl ≠ null then
   dcObj := select one v from subtree DefaultNC() where v = sl
   spn := ConstructReplSpn(domainCR!dnsHostName, dcObj.guid)
   dcObj!servicePrincipalName := dcObj!servicePrincipalName + {spn}
 endif
  
  
 /* Return the objectGUID of the new nTDSDSA object. */
 info^.objGuid := dsaObj.guid
  
  
 return true