r20039: things which need to be done for unbecoming a dc

metze
(This used to be commit 73f7e2d5b3b3ae767644b96ff9783642aac153d0)

1 files changed, 121 insertions, 1 deletions

diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c
index fa92f2e8443..1102d8c55be 100644
--- a/source4/torture/rpc/testjoin.c
+++ b/source4/torture/rpc/testjoin.c
@@ -1010,7 +1010,7 @@ struct test_join_ads_dc *torture_join_domain_ads_dc(const char *machine_name,
 	 */
 
 	/*
-	 * LDAP unbind in the 1st LDAP connection
+	 * LDAP unbind on the 1st LDAP connection
 	 */
 
 	/*
@@ -1062,6 +1062,126 @@ struct test_join_ads_dc *torture_join_domain_ads_dc(const char *machine_name,
 		
 void torture_leave_domain_ads_dc(struct test_join_ads_dc *join)
 {
+/* W2K3: */
+	/*
+	 * lookup DC:
+	 * - using nbt name<1C> request and a samlogon mailslot request
+	 * or
+	 * - using a DNS SRV _ldap._tcp.dc._msdcs. request and a CLDAP netlogon request
+	 */
+	/*
+	 * Open 1st LDAP connection to the DC using admin credentials
+	 */
+
+	/*
+	 * LDAP search 1st LDAP connection:
+	 *
+	 * Request:
+	 *	basedn:	""
+	 *	scope:	base
+	 *	filter:	(objectClass=*)
+	 *	attrs:	defaultNamingContext
+	 *		configurationNamingContext
+	 * Result:
+	 *      ""
+	 *		defaultNamingContext:	<domain_partition>
+	 *		configurationNamingContext:CN=Configuration,<domain_partition>
+	 */
+
+	/*
+	 * LDAP search 1st LDAP connection:
+	 * 
+	 * Request:
+	 *	basedn:	<domain_partition>
+	 *	scope:	sub
+	 *	filter:	(&(|(objectClass=user)(objectClass=computer))(sAMAccountName=<new_dc_account_name>))
+	 *	attrs:	distinguishedName
+	 *		userAccountControl
+	 * Result:
+	 *      CN=<new_dc_netbios_name>,CN=Domain Controllers,<domain_partition>
+	 *		distinguishedName:	CN=<new_dc_netbios_name>,CN=Domain Controllers,<domain_partition>
+	 *		userAccoountControl:	532480 <0x82000>
+	 */
+
+	/*
+	 * LDAP search 1st LDAP connection:
+	 * 
+	 * Request:
+	 *	basedn:	CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+	 *	scope:	base
+	 *	filter:	(objectClass=*)
+	 *	attrs:	userAccountControl
+	 * Result:
+	 *      CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+	 *		userAccoountControl:	532480 <0x82000>
+	 */
+
+	/*
+	 * LDAP modify 1st LDAP connection:
+	 * 
+	 * Request (replace):
+	 *	CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+	 *	userAccoountControl:	4096 <0x1000>
+	 * Result:
+	 *	<success>
+	 */
+
+	/*
+	 * LDAP search 1st LDAP connection:
+	 * 
+	 * Request:
+	 *	basedn:	<WKGUID=aa312825768811d1aded00c04fd8d5cd,<domain_partition>>
+	 *	scope:	base
+	 *	filter:	(objectClass=*)
+	 *	attrs:	1.1
+	 * Result:
+	 *	CN=Computers,<domain_partition>
+	 */
+
+	/*
+	 * LDAP search 1st LDAP connection:
+	 * 
+	 * Request:
+	 *	basedn:	CN=Computers,<domain_partition>
+	 *	scope:	base
+	 *	filter:	(objectClass=*)
+	 *	attrs:	distinguishedName
+	 * Result:
+	 *	CN=Computers,<domain_partition>
+	 *		distinguishedName:	CN=Computers,<domain_partition>
+	 */
+
+	/*
+	 * LDAP modifyRDN 1st LDAP connection:
+	 * 
+	 * Request:
+	 *      entry:		CN=<new_dc_netbios_name>,CN=Domain Controllers,<domain_partition>
+	 *	newrdn:		CN=<new_dc_netbios_name>
+	 *	deleteoldrdn:	TRUE
+	 *	newparent:	CN=Computers,<domain_partition>
+	 * Result:
+	 *	<success>
+	 */
+
+	/*
+	 * LDAP unbind on the 1st LDAP connection
+	 */
+
+	/*
+	 * Open 1st DRSUAPI connection to the DC using admin credentials
+	 * DsBind with DRSUAPI_DS_BIND_GUID ("e24d201a-4fd6-11d1-a3da-0000f875ae0d")
+	 */
+
+	/*
+	 * DsRemoveDsServer to remove the 
+	 * CN=<machine_name>,CN=Servers,CN=<site_name>,CN=Configuration,<domain_partition>
+	 * and CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=<site_name>,CN=Configuration,<domain_partition>
+	 * on the 1st DRSUAPI connection
+	 */
+
+	/*
+	 * DsUnbind on the 1st DRSUAPI connection
+	 */
 
 	if (join->join) {
 		torture_leave_domain(join->join);