w2k8r2 is setting this bit as a RODC. Instead of refusing the
replication, we now remove the bit from req8, which means other places
in the code that check this bit can stay the same
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
samdb_domain_sid(b_state->sam_ctx));
if (security_level == SECURITY_RO_DOMAIN_CONTROLLER &&
(req8->replica_flags & DRSUAPI_DRS_WRIT_REP)) {
- DEBUG(0,(__location__ ": Attempt to do writeable replication by RODC %s\n",
+ DEBUG(3,(__location__ ": Removing WRIT_REP flag for replication by RODC %s\n",
dom_sid_string(mem_ctx,
dce_call->conn->auth_state.session_info->security_token->user_sid)));
- return WERR_DS_DRA_INVALID_PARAMETER;
+ req8->replica_flags &= ~DRSUAPI_DRS_WRIT_REP;
}