3.2.4.5 Forwarding a Password-Change Request

A request to change the state of a password for a directory entry is forwarded from an RODC to a writable NC replica. This behavior is triggered only at an RODC, and only by receipt of a SamrOemChangePasswordUser2 or a SamrUnicodeChangePasswordUser2 message, as specified in [MS-SAMR] sections 3.1.5.10.2 and 3.1.5.10.3. If the forwarding operation returns an error, the operation fails and the error MUST be propagated back to the client that originated the password change request.<7>

Upon receiving one of the password-change messages, the RODC MUST process the data from the message subject to all of the following constraints:

1. The RODC MUST locate a writable domain controller for the same domain.<8>

2. The RODC MUST open an RPC binding handle to the domain controller located above in the context of the requestor. The binding handle is specified in [MS-RPCE] section 2.

3. The RODC MUST send the same RPC message that it received to the domain controller, using the binding handle opened above and the same input parameters. For example, if the RODC received a SamrUnicodeChangePasswordUser2 message, the RODC sends a SamrUnicodeChangePasswordUser2 message with identical parameters except that the binding handle is the handle opened above. Details about the message parameters of SamrOemChangePasswordUser2 and SamrUnicodeChangePasswordUser2 are specified in [MS-SAMR] sections 3.1.5.10.2 and 3.1.5.10.3.

4. The RODC MUST initialize any output parameters with values returned from the target domain controller.

5. The RODC SHOULD return to the requestor the error status returned from the target domain controller.<9>