3.4.5.4.2 Calling NetrDatabaseSync2

  • Article

The client calling this method MUST be a backup domain controller (BDC). The client SHOULD<119> call this method in a loop (referred to in this section as the synchronization loop) until all database records are received as indicated by the return code STATUS_SUCCESS.

The client MUST do the following:

  • Pass a valid PDC name as the PrimaryName parameter.

  • Pass the client BDC name as the ComputerName parameter.

  • Pass a valid client Netlogon authenticator as the Authenticator parameter.

  • Pass a valid database identifier as the DatabaseID parameter as follows:

    • For the SAM database, the DatabaseID parameter MUST be 0x00000000.

    • For the SAM built-in database, the DatabaseID parameter MUST be 0x00000001.

    • For the LSA database, DatabaseID MUST be 0x00000002.

  • Set RestartState to NormalState unless this call is a restart of a synchronization loop, in which case set RestartState as follows:

    • GroupState if the last delta type of the previous synchronization loop was AddOrChangeGroup.

    • UserState if the last delta type of the previous synchronization loop was AddOrChangeUser.

    • GroupMemberState if the last delta type of the previous synchronization loop was ChangeGroupMembership.

    • AliasState if the last delta type of the previous synchronization loop was AddOrChangeAlias.

    • AliasMemberState if the last delta type of the previous synchronization loop was ChangeAliasMembership.

  • If this is a first call in a synchronization loop, pass SyncContext as 0x00000000. Otherwise, pass SyncContext as the SyncContext value returned by the previous call in a synchronization loop, either continued as normal or terminated.

  • Pass the preferred maximum length of data to be referenced in the DeltaArray parameter as the PreferredMaximumLength parameter.

On receiving the STATUS_MORE_ENTRIES status code, the client SHOULD<120> continue calling this routine in a loop until all missing database entries are received. On receiving the STATUS_SUCCESS status code, the client MUST terminate the loop. The client MAY terminate the loop early on without receiving all entries. For example, if the client chooses to do so on a system shutdown notification. In that case, if the client intends to restart the synchronization loop at a later point, the client MUST maintain the state for setting the RestartState parameter to restart the loop as previously described.

On receiving STATUS_ACCESS_DENIED, the client SHOULD<121> re-establish the secure channel with the domain controller.