[cifs-protocol] MS-LSAD 3.1.4.7.10-12 CreateTrustedDomain* question
Mark Miller (MBD)
markmi at microsoft.com
Sat Nov 13 09:01:04 MST 2010
Hi Matthias,
Thank you for your question. A colleague will contact you to investigate this issue.
Regards,
Mark Miller
Escalation Engineer
US-CSS DSC PROTOCOL TEAM
-----Original Message-----
From: Matthias Dieter Wallnöfer [mailto:mdw at samba.org]
Sent: Saturday, November 13, 2010 9:47 AM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: MS-LSAD 3.1.4.7.10-12 CreateTrustedDomain* question
Hi dochelp people,
the calls "CreateTrustedDomain*" allow to create trusted domain objects.
Now the question is: what AD security user is used to create them? It is
"SYSTEM"?
Since otherwise we run into the following constraint (taken from MS-ADTS
3.1.1.5.2.2):
> The structural objectClass is not a Local Security Authority
> (LSA)-specific object class (section
> 3.1.1.5.2.3). If it is, Add returns unwillingToPerform /
> ERROR_DS_CANT_ADD_SYSTEM_ONLY.
Thanks,
Matthias Wallnöfer
More information about the cifs-protocol
mailing list