{ "id": "9de77e6e-11e3-43e7-af2f-9f6038367f5d", "created_at": "2026-04-06T00:19:50.820323Z", "updated_at": "2026-04-10T13:13:08.740938Z", "deleted_at": null, "sha1_hash": "7515c827028f5955c226e41610cc2eb052ac7dbb", "title": "DRSUAPI - SambaWiki", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 38348, "plain_text": "DRSUAPI - SambaWiki\r\nArchived: 2026-04-05 19:48:09 UTC\r\nIntroduction\r\nThe IT infrastructure of organizations often needs the existence of more than one Domain Controller (DC) for it's\r\nActive Directory (AD). For keeping an environment with more than one DC consistent, it is necessary to have the\r\nAD objects replicated through those DCs.\r\nMost of the replication related tasks are specified on the Directory Replication Service (DRS) Remote Protocol.\r\nThe Microsoft API which implements such protocol is called DRSUAPI.\r\nBelow we describe some important functions and data structures.\r\nDSBind and DSUnbind Functions\r\nThose functions are necessary to manipulate the context handle, which is necessary to call others functions of the\r\nDRSUAPI. DSBind method creates the context handle, while the DSUnbind destroys an existing context handle.\r\nDSGetNCChanges Function\r\nThe client DC sends a DSGetNCChanges request to the server when the first one wants to get AD objects updates\r\nfrom the second one. The response contains a set of updates that the client has to apply to its NC replica.\r\nIt is possible that the set of updates is too large for only one response message. In those cases, multiple\r\nDSGetNCChanges requests and responses are done. This process is called replication cycle or simply cycle.\r\nDSReplicaSync Function\r\nWhen a DC receives a DSReplicaSync Request, then for each DC that it replicates from (stored in RepsFrom data\r\nstructure) it performs a replication cycle, where it behaves like a client and makes DSGetNCChanges requests to\r\nthat DC. So it gets up-to-date AD objects from each of the DC's which it replicates from. This function\r\nimplements a changes propagation mechanism.\r\nRepsFrom and RepsTo structures\r\nThe RepsFrom and RepsTo structures hold metadata information about the NC replicas that are used during\r\nreplication.\r\nRepsFrom is a multivalued structure that holds information about the NC replicas whose the DC has to get\r\ninformation from, when it is replicating (when attending a DSReplicaSync request).\r\nhttps://wiki.samba.org/index.php/DRSUAPI\r\nPage 1 of 2\n\nThe RepsTo structure stores information about the NC replicas whose the DC replicates to. For each DC which\r\nhas to be informed about changes (using DSReplicaSync request), there is an attribute value of RepsTo.\r\nSee Also\r\nSamba4/ActiveDirectory\r\nSamba4/DRS TODO List\r\nExternal Links\r\nStefan Metzmacher Bachelor Thesis about Active Directory Replication (English translated version)\r\nMS-DRSR: Directory Replication Service (DRS) Remote Protocol Specification at msdn.microsoft.com\r\nDRS Tutorial about DRSUAPI Implementation in Samba and other stuff (Video)\r\nDRS Tutorial about DRSUAPI - Quick guide for the lessons learned during the first tutorial\r\nSource: https://wiki.samba.org/index.php/DRSUAPI\r\nhttps://wiki.samba.org/index.php/DRSUAPI\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "origins": [ "web" ], "references": [ "https://wiki.samba.org/index.php/DRSUAPI" ], "report_names": [ "DRSUAPI" ], "threat_actors": [], "ts_created_at": 1775434790, "ts_updated_at": 1775826788, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/7515c827028f5955c226e41610cc2eb052ac7dbb.pdf", "text": "https://archive.orkl.eu/7515c827028f5955c226e41610cc2eb052ac7dbb.txt", "img": "https://archive.orkl.eu/7515c827028f5955c226e41610cc2eb052ac7dbb.jpg" } }