2 files changed, 14 insertions, 12 deletions

diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c
index 0c4abebf83..9d9f45e8bb 100644
--- a/source4/cldap_server/netlogon.c
+++ b/source4/cldap_server/netlogon.c
@@ -226,11 +226,6 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 		DS_SERVER_DS | DS_SERVER_TIMESERV |
 		DS_SERVER_GOOD_TIMESERV;
 
-#if 0
-	/* w2k8-r2 as a DC does not claim these */
-	server_type |= DS_DNS_CONTROLLER | DS_DNS_DOMAIN;
-#endif
-
 	if (samdb_is_pdc(sam_ctx)) {
 		server_type |= DS_SERVER_PDC;
 	}
@@ -255,13 +250,6 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 		server_type |= DS_SERVER_WRITABLE;
 	}
 
-#if 0
-	/* w2k8-r2 as a sole DC does not claim this */
-	if (ldb_dn_compare(ldb_get_root_basedn(sam_ctx), ldb_get_default_basedn(sam_ctx)) == 0) {
-		server_type |= DS_DNS_FOREST_ROOT;
-	}
-#endif
-
 	pdc_name         = talloc_asprintf(mem_ctx, "\\\\%s",
 					   lpcfg_netbios_name(lp_ctx));
 	NT_STATUS_HAVE_NO_MEMORY(pdc_name);
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 814b9699ed..125fb3859e 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1791,9 +1791,23 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call,
 		return ntstatus_to_werror(status);
 	}
 
+	/*
+	 * According to MS-NRPC 2.2.1.2.1 we should set the "DS_DNS_FOREST_ROOT"
+	 * (O) flag when the returned forest name is in DNS format. This is here
+	 * always the case (see below).
+	 */
+	response.data.nt5_ex.server_type |= DS_DNS_FOREST_ROOT;
+
 	if (r->in.flags & DS_RETURN_DNS_NAME) {
 		dc_name = response.data.nt5_ex.pdc_dns_name;
 		domain_name = response.data.nt5_ex.dns_domain;
+		/*
+		 * According to MS-NRPC 2.2.1.2.1 we should set the
+		 * "DS_DNS_CONTROLLER" (M) and "DS_DNS_DOMAIN" (N) flags when
+		 * the returned information is in DNS form.
+		 */
+		response.data.nt5_ex.server_type |=
+			DS_DNS_CONTROLLER | DS_DNS_DOMAIN;
 	} else if (r->in.flags & DS_RETURN_FLAT_NAME) {
 		dc_name = response.data.nt5_ex.pdc_name;
 		domain_name = response.data.nt5_ex.domain_name;