4.10.1. Active Directory domain controllers RPC services

The following RPC interfaces are supported on a Windows 2000 domain controller to handle backup and restore of Active Directory:

Active Directory backup interface: ecec0d70-a603-11d0-96b1-00a0c91ece30 v1.0
Active Directory restore interface: 16e0cf3a-a604-11d0-96b1-00a0c91ece30 v1.0

Table 4.27. JetBack operations

InterfaceOperation numberOperation name
ecec0d70-a603-11d0-96b1-00a0c91ece30 v1.0: JetBack  
 0x00HrRBackupPrepare
 0x01HrRBackupEnd
 0x02HrRBackupGetAttachmentInformation
 0x03HrRBackupOpenFile
 0x04HrRBackupRead
 0x05HrRBackupClose
 0x06HrRBackupGetBackupLogs
 0x07HrRBackupTruncateLogs
 0x08HrRBackupPing

Table 4.28. JetRest operations

InterfaceOperation numberOperation name
16e0cf3a-a604-11d0-96b1-00a0c91ece30 v1.0: JetRest  
 0x00HrRIsNTDSOnline
 0x01HrRRestorePrepare
 0x02HrRRestoreRegister
 0x03HrRRestoreRegisterComplete
 0x04HrRRestoreGetDatabaseLocations
 0x05HrRRestoreEnd
 0x06HrRRestoreSetCurrentLogNumber
 0x07HrRRestoreCheckLogsForBackup

By default, these RPC services are registered in the endpoint mapper database on a dynamic TCP port. However, it is possible to set a registry value to configure these services to listen on a fixed port [87]. Once this value is configured, the portmapper service will always return this fixed port when asked for one of these interfaces.

Windows Server 2003 and later versions support the dsrole interface, available on the following endpoint:

Y:\>ifids -p ncalrpc -e dsrole serveur
Interfaces: 18

[...]

  1cbcad78-df0b-4934-b558-87839ea501c9 v0.0

[...]

Table 4.29. dsrole operations

InterfaceOperation numberOperation name
1cbcad78-df0b-4934-b558-87839ea501c9 v0.0: dsrole  
Windows Server 2003 and >0x00DsRolerDnsNameToFlatName
- 0x01DsRolerDcAsDc
- 0x02DsRolerDcAsReplica
- 0x03DsRolerDemoteDc
- 0x04DsRolerGetDcOperationProgress
- 0x05DsRolerGetDcOperationResults
- 0x06DsRolerCancel
- 0x07DsRolerIfmHandleFree
- 0x08DsRolerServerSaveStateForUpgrade
- 0x09DsRolerUpgradeDownlevelServer
- 0x0aDsRolerAbortDownlevelServerUpgrade
- 0x0bDsRolerGetDatabaseFacts

There is another interface in the ntdsa.dll DLL, which contains only two operations:

Table 4.30. dsaop operations

InterfaceOperation numberOperation name
7c44d7d4-31d5-424c-bd5e-2b3e1f323d22 v1.0: dsaop  
 0x00DSAPrepareScript
 0x01DSAExecuteScript