locked
[MS-ADTS] What error should be thrown on deleting protected objects? RRS feed

  • Question

  • Section 3.1.1.5.5.3 of MS-ADTS specifies what objects are Protected Objects.

    And section 3.1.1.5.5.1.1 specifies "A protected object may not be deleted and transformed into a tombstone (see Protected Objects (section 3.1.1.5.5.3))."

    Can you clarify on what error should be sent if the object being deleted is protected object? 

     

    Thanks

    Rajesh

    Monday, May 30, 2011 11:21 AM

Answers

  • Rajesh,

     

    At [MS-ADTS] 3.1.1.5.5.5 “Constraints”, we added deletion constraints for nTDSDSA objects,  crossRef objects, and protected objects.  The following new three bullet points address your question:

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

        3.1.1.5.5.5   Constraints

        For originating updates, the following constraints are enforced for the delete operation.

        - […existing bullet points…]

        - If the object is the DC's nTDSDSA object or any of its ancestors, unwillingToPerform / ERROR_DS_CANT_DELETE_DSA_OBJ is returned.

        - If the object is a crossRef object corresponding to the DC's config, schema, or default domain NCs, unwillingToPerform / ERROR_DS_CANT_DEL_MASTER_CROSSREF is returned.

        - If the object is protected (see section 3.1.1.5.5.3, Protected Objects) and does not fall into the two categories above, unwillingToPerform / ERROR_DS_CANT_DELETE is returned.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    The update will appear in a future refresh of the document.


    Bryan S. Burgin Senior Escalation Engineer Microsoft Protocol Open Specifications Team
    Wednesday, June 15, 2011 6:57 PM

All replies

  • Hi Rajesh,

     

    Thank you for your question.  A member of the Protocols team will research this for you and respond soon.

     

     


    Bryan S. Burgin Senior Escalation Engineer Microsoft Protocol Open Specifications Team
    Monday, May 30, 2011 8:15 PM
  • Hi, Rajesh,

     

         We are still working on documenting the complete list of the errors returned when deleting various kinds of protected objects.   We will post the information when we are done.

    Thanks!

     

     

     


    Hongwei Sun -MSFT
    Thursday, June 9, 2011 1:49 AM
  • Rajesh,

     

    At [MS-ADTS] 3.1.1.5.5.5 “Constraints”, we added deletion constraints for nTDSDSA objects,  crossRef objects, and protected objects.  The following new three bullet points address your question:

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

        3.1.1.5.5.5   Constraints

        For originating updates, the following constraints are enforced for the delete operation.

        - […existing bullet points…]

        - If the object is the DC's nTDSDSA object or any of its ancestors, unwillingToPerform / ERROR_DS_CANT_DELETE_DSA_OBJ is returned.

        - If the object is a crossRef object corresponding to the DC's config, schema, or default domain NCs, unwillingToPerform / ERROR_DS_CANT_DEL_MASTER_CROSSREF is returned.

        - If the object is protected (see section 3.1.1.5.5.3, Protected Objects) and does not fall into the two categories above, unwillingToPerform / ERROR_DS_CANT_DELETE is returned.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    The update will appear in a future refresh of the document.


    Bryan S. Burgin Senior Escalation Engineer Microsoft Protocol Open Specifications Team
    Wednesday, June 15, 2011 6:57 PM