4.10.1. Active Directory domain controllers RPC services

4.10.1. Active Directory domain controllers RPC services
Prev	4.10. Windows services MSRPC interfaces	Next

The following RPC interfaces are supported on a Windows 2000 domain controller to handle backup and restore of Active Directory:

Active Directory backup interface: ecec0d70-a603-11d0-96b1-00a0c91ece30 v1.0
Active Directory restore interface: 16e0cf3a-a604-11d0-96b1-00a0c91ece30 v1.0

Table 4.27. JetBack operations

Interface	Operation number	Operation name
ecec0d70-a603-11d0-96b1-00a0c91ece30 v1.0: JetBack
	0x00	HrRBackupPrepare
	0x01	HrRBackupEnd
	0x02	HrRBackupGetAttachmentInformation
	0x03	HrRBackupOpenFile
	0x04	HrRBackupRead
	0x05	HrRBackupClose
	0x06	HrRBackupGetBackupLogs
	0x07	HrRBackupTruncateLogs
	0x08	HrRBackupPing

Table 4.28. JetRest operations

Interface	Operation number	Operation name
16e0cf3a-a604-11d0-96b1-00a0c91ece30 v1.0: JetRest
	0x00	HrRIsNTDSOnline
	0x01	HrRRestorePrepare
	0x02	HrRRestoreRegister
	0x03	HrRRestoreRegisterComplete
	0x04	HrRRestoreGetDatabaseLocations
	0x05	HrRRestoreEnd
	0x06	HrRRestoreSetCurrentLogNumber
	0x07	HrRRestoreCheckLogsForBackup

By default, these RPC services are registered in the endpoint mapper database on a dynamic TCP port. However, it is possible to set a registry value to configure these services to listen on a fixed port [87]. Once this value is configured, the portmapper service will always return this fixed port when asked for one of these interfaces.

Windows Server 2003 and later versions support the dsrole interface, available on the following endpoint:

dsrole LPC port

Y:\>ifids -p ncalrpc -e dsrole serveur
Interfaces: 18

[...]

  1cbcad78-df0b-4934-b558-87839ea501c9 v0.0

[...]

Table 4.29. dsrole operations

Interface	Operation number	Operation name
1cbcad78-df0b-4934-b558-87839ea501c9 v0.0: dsrole
Windows Server 2003 and >	0x00	DsRolerDnsNameToFlatName
-	0x01	DsRolerDcAsDc
-	0x02	DsRolerDcAsReplica
-	0x03	DsRolerDemoteDc
-	0x04	DsRolerGetDcOperationProgress
-	0x05	DsRolerGetDcOperationResults
-	0x06	DsRolerCancel
-	0x07	DsRolerIfmHandleFree
-	0x08	DsRolerServerSaveStateForUpgrade
-	0x09	DsRolerUpgradeDownlevelServer
-	0x0a	DsRolerAbortDownlevelServerUpgrade
-	0x0b	DsRolerGetDatabaseFacts

There is another interface in the ntdsa.dll DLL, which contains only two operations:

Table 4.30. dsaop operations

Interface	Operation number	Operation name
7c44d7d4-31d5-424c-bd5e-2b3e1f323d22 v1.0: dsaop
	0x00	DSAPrepareScript
	0x01	DSAExecuteScript