3.2.2.4.3 Updating a Profile Entry

Parameters:

  • Profile Entry [in]: An rpcProfile class in Active Directory to be modified or deleted.

  • Action [in]: Indicates if the Profile Entry is to be modified or deleted.

  • Status [out]: Indicates to the caller if the Profile Entry update was successful or if it failed with a specific status code.

Profile entries MUST be represented by using the rpcProfile class in Active Directory. If profile entry is set to NULL or not provided, the server MUST fail the method and return RPC_S_ENTRY_NOT_FOUND. When a profile entry is modified by adding or removing a profile element, the following actions MUST be taken:

The server MUST locate a writable domain controller for the domain in which the RPC locator server is joined by invoking the DsrGetDcNameEx2 method on the local Netlogon server [MS-NRPC] and specifying the following parameters:

  • ComputerName = NULL

  • AccountName = NULL

  • AllowableAccountControlBits = 0

  • DomainName = NULL

  • DomainGuid = NULL

  • SiteName = NULL

  • Flags = (DS_WRITABLE_FLAG | DS_DS_FLAG) ([MS-ADTS] (section 6.3.1.2)).

Upon success, the server uses the domain controller specified in the DomainControllerName field of the returned DomainControllerInfo parameter for the subsequent operations. If the DsrGetDcNameEx2 method fails, the server MUST fail this method and return the status code to the caller.

The server uses a default timeout value for LDAP operations and no retries are required.

  1. The server locator MUST form the entry FQDN, as specified in section 3.1.1.1, and issue an LDAP query (see LDAP Operation Details, section 2.2.6) to retrieve the corresponding Active Directory object. ([MS-ADTS] section 3.1.1.4).

  2. The server locator MUST create or modify the Active Directory object as follows:

    1. If an Active Directory object exists with the entry FQDN, the server locator MUST verify that the Active Directory object represents a profile entry by verifying that the Active Directory object is of class rpcProfile.

    2. If the Active Directory object exists with the entry FQDN and is of class rpcServer, and if its description matches the string Created Entry, the object MUST be treated as an empty name service entry, as specified in section 3.2.2.4.4. The Active Directory object MUST match both criteria. The server locator MUST delete the Active Directory object and re-create an Active Directory object of class rpcProfile in its place. The server locator MUST change the description of the Active Directory object to something other than Created Entry.

    3. If no Active Directory object exists for the entry FQDN, the server locator MUST create a new object of class rpcProfile to represent the Profile Entry.

    4. If an Active Directory object exists for the entry FQDN, but does not have class rpcProfile, the server locator MUST return RPC_S_EBTRY_TYPE_MISMATCH.

  3. The server locator MUST compare information in this RPC name service modification with the data already in Active Directory. If there are any differences, the server locator MUST modify the new or preexisting profile entry as follows:

    1. The server locator MUST generate the RDN attribute of the rpcProfileElement, as specified in section 2.2.5.7.

    2. The rpcNsProfileEntry attribute MUST be initialized as a Reference Attribute referring to the name service entry referred to by this profile element, as a modified LDAP URL string referring to the name service entry's actual location in Active Directory.

    3. The rpcNsInterfaceId, rpcNsPriority, and rpcNsAnnotation attributes MUST be replaced with the interface identifier, and Priority and Annotation properties of the profile entry, respectively.

  4. The server locator MUST create or modify the corresponding child Active Directory object of type rpcProfileElement 2.2.5.7 to represent a profile element.

  5. If the Action parameter indicates that the profile entry is to be deleted, the server locator MUST delete the Active Directory object retrieved in step 1 earlier in this section ([MS-ADTS] section 3.1.1.5.5, Delete Operation). If the Profile Entry is not found, the server MUST return error RPC_S_ENTRY_NOT_FOUND.

Any errors encountered while processing this event MUST be returned to the caller. If updating the profile entry is successful, the server returns a successful status code RPC_S_OK.