Although we do not currently support this in the server, this will cause
data loss against a Windows DC unless we set this flag as per the docs.
This flag is required for the RODC.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Jun 15 05:31:59 CEST 2017 on sn-devel-144
drsuapi.DRSUAPI_DRS_PER_SYNC |
drsuapi.DRSUAPI_DRS_ADD_REF |
drsuapi.DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING |
- drsuapi.DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP |
drsuapi.DRSUAPI_DRS_NONGC_RO_REP)
if t_repsFrom.replica_flags != replica_flags:
t_repsFrom.replica_flags = replica_flags
DRSUAPI_DRS_PER_SYNC |
DRSUAPI_DRS_ADD_REF |
DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING |
- DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP |
DRSUAPI_DRS_NONGC_RO_REP;
}
return DRSUAPI_DRS_INIT_SYNC |
} else {
replica_flags |= DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING;
}
+
+ /*
+ * As per MS-DRSR:
+ *
+ * 4.1.10.4
+ * Client Behavior When Sending the IDL_DRSGetNCChanges Request
+ *
+ * 4.1.10.4.1
+ * ReplicateNCRequestMsg
+ */
+ replica_flags |= DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP;
+ } else {
+ replica_flags |= DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP;
}
+
if (state->op->extended_op != DRSUAPI_EXOP_NONE) {
/*
* If it's an exop never set the ADD_REF even if it's in