this windows command: dnscmd dcname /config /OpenAclOnProxyUpdates 1 triggers setting the OpenACLOnProxyUpdates flag, this is not implemented in Samba though, the value is fixed to "0" currently: [2022/05/10 09:33:25.513818, 0, pid=2752430, effective(0, 0), real(0, 0)] ../../source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1230(dnsserver_operate_server) dnsserver: server operation 'ResetDwordProperty' not implemented DnssrvOperation2: struct DnssrvOperation2 in: struct DnssrvOperation2 dwClientVersion : DNS_CLIENT_VERSION_LONGHORN (458752) dwSettingFlags : 0x00000000 (0) pwszServerName : * pwszServerName : 'dc3' pszZone : NULL dwContext : 0x00000000 (0) pszOperation : * pszOperation : 'ResetDwordProperty' dwTypeId : DNSSRV_TYPEID_NAME_AND_PARAM (15) pData : union DNSSRV_RPC_UNION(case 15) NameAndParam : * NameAndParam: struct DNS_RPC_NAME_AND_PARAM dwParam : 0x00000001 (1) pszNodeName : * pszNodeName : 'OpenACLOnProxyUpdates' [2022/05/10 09:33:25.514925, 1, pid=2752430, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:484(ndr_print_function_debug) DnssrvOperation2: struct DnssrvOperation2 out: struct DnssrvOperation2 result : WERR_CALL_NOT_IMPLEMENTED The flag is documented here: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dnsp/8903e50a-9183-4a7d-9640-53f6f5a91481#Appendix_A_Target_188 https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/dd334715(v=ws.10)