repl: Set GET_ALL_GROUP_MEMBERSHIP flag in the drepl server
[nivanova/samba-autobuild/.git] / source4 / dsdb / repl / drepl_out_helpers.c
index d526f4558a522c92ef7e96ae920f0597ed6f46c5..079edc8ba46bb1dea83483011926d336d47901e1 100644 (file)
@@ -518,7 +518,21 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req)
                } else {
                        replica_flags |= DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING;
                }
+
+               /*
+                * As per MS-DRSR:
+                *
+                * 4.1.10.4
+                * Client Behavior When Sending the IDL_DRSGetNCChanges Request
+                *
+                * 4.1.10.4.1
+                * ReplicateNCRequestMsg
+                */
+               replica_flags |= DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP;
+       } else {
+               replica_flags |= DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP;
        }
+
        if (state->op->extended_op != DRSUAPI_EXOP_NONE) {
                /*
                 * If it's an exop never set the ADD_REF even if it's in