[cifs-protocol] [REG:118100419160002] joining readonly domain controller not documented in MS-WKST

Edgar Olougouna edgaro at microsoft.com
Fri Oct 19 21:48:26 UTC 2018 

Alexander,
Please find attached provisional draft changes (in red highlights in the attached pdf)related to [MS-WKST] 3.2.4.13 NETSETUP_JOIN_READONLY option in NetrJoinDomain2.

This will be polished and published in a future release.

Thanks,
Edgar

-----Original Message-----
From: Edgar Olougouna 
Sent: Thursday, October 4, 2018 11:06 AM
To: Alexander Bokovoy <ab at samba.org>
Cc: cifs-protocol at lists.samba.org; MSSolve Case Email <casemail at microsoft.com>
Subject: RE: [REG:118100419160002] joining readonly domain controller not documented in MS-WKST

Alexander,
Glad hear from you. I will review this and follow-up.

Thanks,
Edgar

-----Original Message-----
From: Jeff McCashland 
Sent: Thursday, October 4, 2018 10:11 AM
To: Alexander Bokovoy <ab at samba.org>
Cc: cifs-protocol at lists.samba.org; MSSolve Case Email <casemail at microsoft.com>
Subject: RE: [REG:118100419160002] joining readonly domain controller not documented in MS-WKST

DocHelp on BCC this time...

-----Original Message-----
From: Jeff McCashland
Sent: Thursday, October 4, 2018 8:09 AM
To: Alexander Bokovoy <ab at samba.org>; Interoperability Documentation Help <dochelp at microsoft.com>
Cc: cifs-protocol at lists.samba.org; MSSolve Case Email <casemail at microsoft.com>
Subject: [REG:118100419160002] joining readonly domain controller not documented in MS-WKST

[DocHelp to BCC, casemail on CC, SR ID on Subject]

Hello Alexander,

Thank you for your question. We have created SR 118100419160002 to track this issue. One of our engineers will respond soon to assist you.

Best regards,
Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada) Local country phone number found here: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=02%7C01%7Cedgaro%40microsoft.com%7Cf2455c5250a0406119bd08d62a0b9e53%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636742626731005888&sdata=NhIfy30%2F%2FkXkWL8jEGUV3GfsJ9wMMumoAXusrw6xzgg%3D&reserved=0 | Extension 1138300 We value your feedback.  My manager is Rama Ganesan (ramagane), +1 (425) 703-8712

-----Original Message-----
From: Alexander Bokovoy <ab at samba.org>
Sent: Thursday, October 4, 2018 6:31 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>
Cc: cifs-protocol at lists.samba.org
Subject: joining readonly domain controller not documented in MS-WKST

Hi,

(re-sending, I sent it originally to casemail rather than dochelp)

reading through MS-WKST, I cannot find a reference to NETSETUP_JOIN_READONLY (0x00000800) flag as mentioned by
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fdesktop%2Fapi%2Flmjoin%2Fnf-lmjoin-netjoindomain&data=02%7C01%7Cedgaro%40microsoft.com%7Cf2455c5250a0406119bd08d62a0b9e53%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636742626731005888&sdata=mk3FrwwLRSQVACmG54eJpnMXKIoexggV8WMTL%2FBZ8P8%3D&reserved=0

---------------------------------------------------------------
NETSETUP_JOIN_READONLY
0x00000800

Join the target machine specified in lpServer parameter using a pre-created account without requiring a writable domain controller.

This option provides the ability to join a machine to domain if an account has already been provisioned and replicated to a read-only domain controller. The target read-only domain controller is specified as part of the lpDomain parameter, after the domain name delimited by a ‘\’ character. This provisioning must include the machine secret. The machine account must be added via group membership into the allowed list for password replication policy, and the account password must be replicated to the read-only domain controller prior to the join operation. For more information, see the information on Password Replication Policy Administration.

Starting with Windows 7, an alternate mechanism is to use the offline domain join mechanism. For more information, see the NetProvisionComputerAccount and NetRequestOfflineDomainJoin functions.

Note  This flag is supported on Windows Vista and later.
--------------------------------------------------------------------------

Could you please clarify MS-WKST to mention how operations should be performed to join read-only DCs?


--
/ Alexander Bokovoy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SR 118100419160002 NETSETUP_JOIN_READONLY Draft.pdf
Type: application/pdf
Size: 323143 bytes
Desc: SR 118100419160002 NETSETUP_JOIN_READONLY Draft.pdf
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20181019/0f5e9005/SR118100419160002NETSETUP_JOIN_READONLYDraft-0003.pdf>

More information about the cifs-protocol mailing list