how to reproduce * join a member SRVFILE server to SRVDC * restrict SRVFILE network access to SRVRODC * wbinfo -c * check password changed on the SRVDC, replpropertymedata version has not been incremented
We need to proxy the netr_ServerPasswordSet2 change as PasswordUpdateForward Request Message (MS-SAMS 2.2.4) via NetrLogonSendToSam to an RWDC and directly replicate the change back via DRSUAPI_EXOP_REPL_SECRET before netr_ServerPasswordSet2 returns. This is what Windows does, but it seems to ignore a possible NT_STATUS_INVALID_PARAMETER from NetrLogonSendToSam and returns netr_ServerPasswordSet2() with NT_STATUS_OK.