[cifs-protocol] DPAPI interaction with Active Directory

[Matthieu Patou]

Hello,

In this page http://msdn.microsoft.com/en-us/library/ms995355.aspx it is 
stated:

"When a computer is a member of a domain, DPAPI has a backup mechanism 
to allow unprotection of the data. When a MasterKey is generated, DPAPI 
talks to a Domain Controller. Domain Controllers have a domain-wide 
public/private key pair, associated solely with DPAPI. The local DPAPI 
client gets the Domain Controller public key from a Domain Controller 
via a mutually authenticated and privacy protected RPC call. The client 
encrypts the MasterKey with the Domain Controller public key. It then 
stores this backup MasterKey along with the MasterKey protected by the 
user's password.

While unprotecting data, if DPAPI cannot use the MasterKey protected by 
the user's password, it sends the backup MasterKey to a Domain 
Controller via a mutually authenticated and privacy protected RPC call. 
The Domain Controller then decrypts the MasterKey with its private key 
and sends it back to the client via the same protected RPC call. This 
protected RPC call is used to ensure that no one listening on the 
network can get the MasterKey."

My question is: is there any kind of more technical documentation about 
this explaining the dialogs between a workstation and a DC when 
masterkey is generated and when the backup is sent to the server ?

Regards.

Matthieu Patou.