DOMAIN_CONTROLLER_INFO flags attribute

Question

When I use the function DsGetDcName I get a pointer to an object which afterwards I convert to the structure "DOMAIN_CONTROLLER_INFO" (using Marshal.PtrToStructure).

When I call to the function DSGetDCName when my DC is RODC I get the following flags value in the DOMAIN_CONTROLLER_INFO : 3758156028.

When I call to the function DSGetDCName when my DC is writable I get the following flags value in the DOMAIN_CONTROLLER_INFO : 3758158717.

Can anyone please explain me what is the difference between the values 3758156028 and 3758158717?

Answer 1

Those flags are defined in the header file DsGetDC.h which can be found in the Windows SDK.

The following values are from the V7.1A SDK:

#define DS_PDC_FLAG            0x00000001    // DC is PDC of Domain
#define DS_GC_FLAG             0x00000004    // DC is a GC of forest
#define DS_LDAP_FLAG           0x00000008    // Server supports an LDAP server
#define DS_DS_FLAG             0x00000010    // DC supports a DS and is a Domain Controller
#define DS_KDC_FLAG            0x00000020    // DC is running KDC service
#define DS_TIMESERV_FLAG       0x00000040    // DC is running time service
#define DS_CLOSEST_FLAG        0x00000080    // DC is in closest site to client
#define DS_WRITABLE_FLAG       0x00000100    // DC has a writable DS
#define DS_GOOD_TIMESERV_FLAG  0x00000200    // DC is running time service (and has clock hardware)
#define DS_NDNC_FLAG           0x00000400    // DomainName is non-domain NC serviced by the LDAP server
#define DS_SELECT_SECRET_DOMAIN_6_FLAG  0x00000800  // DC has some secrets
#define DS_FULL_SECRET_DOMAIN_6_FLAG    0x00001000  // DC has all secrets
#define DS_WS_FLAG             0x00002000    // DC is running web service
#define DS_PING_FLAGS          0x000FFFFF    // Flags returned on ping

#define DS_DNS_CONTROLLER_FLAG 0x20000000    // DomainControllerName is a DNS name
#define DS_DNS_DOMAIN_FLAG     0x40000000    // DomainName is a DNS name
#define DS_DNS_FOREST_FLAG     0x80000000    // DnsForestName is a DNS name

Your number 3758156028 is in hex: E000E8FC
Your number 3758158717 is in hex: E000F37D

The difference is in the flags is indicated in the following table where an x means that the bit is set:

flag                                |  E000E8FC  |  E000F37D  | 
-------------------------------------------------------------------------------------------------------
DS_PDC_FLAG            0x00000001   |            |         x  | // DC is PDC of Domain
DS_GC_FLAG             0x00000004   |         x  |         x  | // DC is a GC of forest
DS_LDAP_FLAG           0x00000008   |         x  |         x  | // Server supports an LDAP server
DS_DS_FLAG             0x00000010   |        x   |        x   | // DC supports a DS and is a Domain Controller
DS_KDC_FLAG            0x00000020   |        x   |        x   | // DC is running KDC service
DS_TIMESERV_FLAG       0x00000040   |        x   |        x   | // DC is running time service
DS_CLOSEST_FLAG        0x00000080   |        x   |            | // DC is in closest site to client
DS_WRITABLE_FLAG       0x00000100   |            |       x    | // DC has a writable DS
DS_GOOD_TIMESERV_FLAG  0x00000200   |            |       x    | // DC is running time service (and has clock hardware)
DS_NDNC_FLAG           0x00000400   |            |            | // DomainName is non-domain NC serviced by the LDAP server
DS_SELECT_SECRET_6     0x00000800   |       x    |            | // DC has some secrets
DS_FULL_SECRET_6       0x00001000   |            |      x     | // DC has all secrets
DS_WS_FLAG             0x00002000   |      x     |      x     | // DC is running web service
??????????             0x00004000   |      x     |      x     | // ?
??????????             0x00008000   |      x     |      x     | // ?
DS_PING_FLAGS          0x000FFFFF   |            |            | // Flags returned on ping

DS_DNS_CONTROLLER_FLAG 0x20000000   |  x         |  x         | // DomainControllerName is a DNS name
DS_DNS_DOMAIN_FLAG     0x40000000   |  x         |  x         | // DomainName is a DNS name
DS_DNS_FOREST_FLAG     0x80000000   |  x         |  x         | // DnsForestName is a DNS name

To test the flag of your Domain is writable you could do:

 const uint DS_WRITABLE_FLAG = 0x00000100;

 uint flag = 3758158717;
 bool isWriteable = ((flag & DS_WRITABLE_FLAG) == DS_WRITABLE_FLAG);

 isWriteable.Dump();

which would output True in LINQPad