<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] is a poorly worded and poorly documented concept used in [Microsoft Active Directory].[{$pagename}] is also referred by [Microsoft] to as: 
* [NETLOGON_SAM_LOGON_RESPONSE_EX] 
* [NTDSSettings].

[{$pagename}] is the [Search Response] ([NETLOGON_SAM_LOGON_RESPONSE_EX]) from a [Search Request] known as a [LDAP ping] typically performed by the [Netlogon service] is a [Pseudo Attribute] that returns a [Data Structure] as the second extended version of the [server]'s response to an [LDAP ping]

[{$pagename}] is not defined in the [LDAP Schema|LDAP Schema].

This 
* Opcode (2 bytes): Operation code (see section 6.3.1.3). Sbz (2 bytes): This MUST be set to 0.
* [DS_FLAG] (4 bytes): [DS_FLAG] Options where [bits] are presented in [Big-Endian] byte order. 
* DomainGuid (16 bytes): The value of the NC's GUID attribute specified as a GUID structure, which is defined in [MS-DTYP] section 2.3.4.
* DnsForestName (variable): [UTF-8] encoded value of the DNS name of the forest, compressed as specified in [RFC 1035] section 4.1.4. To get the decompressed string, see section 6.3.7.
* DnsDomainName (variable): UTF-8 encoded value of the DNS name of the NC, compressed as specified in [RFC 1035] section 4.1.4. To get the decompressed string, see section 6.3.7.
* DnsHostName (variable): UTF-8 encoded value of the DNS name of the server, compressed as specified in [RFC 1035] section 4.1.4. To get the decompressed string, see section 6.3.7.
* [NetbiosDomainName|NetBIOS domain name] (variable): UTF-8 encoded value of the [NetBIOS] name of the [NamingContext], compressed as specified in [RFC 1035] section 4.1.4. To get the decompressed string, see section 6.3.7.
* NetbiosComputerName (variable): UTF-8 encoded value of the [NetBIOS] name of the [server], compressed as specified in [RFC 1035] section 4.1.4. To get the decompressed string, see section 6.3.7.
* UserName (variable): [UTF-8] encoded value of the user specified in the [client]'s [request], compressed as specified in [RFC 1035] section 4.1.4. To get the decompressed string, see section 6.3.7.
* [DcSiteName] (variable): UTF-8 encoded value of the [Active Directory Site] name of the server, compressed as specified in [RFC 1035] section 4.1.4. To get the decompressed string, see section 6.3.7.
* [ClientSiteName] (variable): UTF-8 encoded value of the [Active Directory Site] name of the client, compressed as specified in [RFC 1035] section 4.1.4. To get the decompressed string, see section 6.3.7.
* DcSockAddrSize (1 byte): A [CHAR] that contains the size of the server's [IP Address]. This field is included only if the client specifies [NETLOGON_NT_VERSION_5EX_WITH_IP] in the request.
* DcSockAddr (16 bytes): The [Domain Controller] [IPv4] address, structured. This field is included only if the client specifies [NETLOGON_NT_VERSION_5EX_WITH_IP] in the request.
** sin_family - The socket family, represented in [Little-Endian] byte order. The value [SHOULD] always be AF_INET (that is, 2).
** sin_port - The [socket] [port], represented in [Little-Endian] byte order. The value [SHOULD] always be zero.
** sin_addr - The [socket] [IP Address], represented in [Big-Endian] byte order. The value is an [IPv4] [IP Address]. If the [Domain Controller] does not have an [IPv4] address, this value [SHOULD] be [127.0.0.1].
** sin_zero - Reserved. [MUST] be set to zero when sending and ignored on receipt.
* [NextClosestSiteName] (variable): This field is included only if the client specifies [NETLOGON_NT_VERSION_WITH_CLOSEST_SITE] in the request, and if the responding DC has DC [Domain functional levels] DS_BEHAVIOR_WIN2008 or greater. When included, NextClosestSiteName contains the name of the site that is closest by cost to [ClientSiteName] without being equal to it. The [Active Directory Site] name is UTF-8 encoded, compressed as specified in [RFC 1035] section 4.1.4. To get the decompressed string, see section 6.3.7.
* NtVersion (4 bytes): NETLOGON_NT_VERSION_1 | NETLOGON_NT_VERSION_5EX.
* LmNtToken (2 bytes): This [MUST] be set to 0xFFFF.
* Lm20Token (2 bytes): This [MUST] be set to 0xFFFF.

Note All multibyte quantities are represented in [Little-Endian] byte order.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [https://msdn.microsoft.com/en-us/library/cc717362.aspx|https://msdn.microsoft.com/en-us/library/cc717362.aspx/|target='_blank'] - based on information obtained 2016-05-19- 
* [#2] - [6.3.1.9 NETLOGON_SAM_LOGON_RESPONSE_EX|https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/8401a33f-34a8-40ca-bf03-c3484b66265f?redirectedfrom=MSDN|target='_blank'] - based on information obtained 2020-02-02 
* [#2] - [6.3.1.2 DS_FLAG Options Bits|https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/f55d3f53-351d-4407-940e-f53eb6154af0|target='_blank'] - based on information obtained 2020-02-02 </pre>