[cifs-protocol] [EXTERNAL] Local Administrator Password Solution (new and legacy) - TrackingID#2305110040008264
Jeff McCashland (He/him)
jeffm at microsoft.com
Fri May 19 17:07:47 UTC 2023
Hi Andrew,
Hopefully you were able to get your questions answered with the information from [MS-ADA2].
If not, please send us email at our DocHelp alias and we're happy to help.
Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
From: Jeff McCashland (He/him) <jeffm at microsoft.com>
Sent: Friday, May 12, 2023 4:06 PM
To: Andrew Bartlett <abartlet at samba.org>
Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org>; Microsoft Support <supportmail at microsoft.com>
Subject: Re: [EXTERNAL] Local Administrator Password Solution (new and legacy) - TrackingID#2305110040008264
Hi Andrew,
[MS-ADA2] has just been republished with updates related to the new Windows LAPS. Please review the new information and see if it answers some of your questions.
[MS-ADA2]: Active Directory Schema Attributes M | Microsoft Learn<https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-ada2/e20ebc4e-5285-40ba-b3bd-ffcb81c2783e>
[https://learn.microsoft.com/en-us/media/logos/logo-ms-social.png]<https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-ada2/e20ebc4e-5285-40ba-b3bd-ffcb81c2783e>
[MS-ADA2]: Active Directory Schema Attributes M<https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-ada2/e20ebc4e-5285-40ba-b3bd-ffcb81c2783e>
Specifies the Active Directory Schema Attributes M, which contains a partial list of the objects that exist in the Active Directory schema
learn.microsoft.com
Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
________________________________
From: Jeff McCashland (He/him) <jeffm at microsoft.com<mailto:jeffm at microsoft.com>>
Sent: Thursday, May 11, 2023 9:58 AM
To: Andrew Bartlett <abartlet at samba.org<mailto:abartlet at samba.org>>
Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org>>; Microsoft Support <supportmail at microsoft.com<mailto:supportmail at microsoft.com>>
Subject: Re: [EXTERNAL] Local Administrator Password Solution (new and legacy) - TrackingID#2305110040008264
[DocHelp to BCC, support on CC, SR ID on Subject]
Hi Andrew,
Thank you for your questions. We have created SR 2305110040008264 to track this issue. One of our engineers will respond soon.
Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
________________________________
From: Andrew Bartlett <abartlet at samba.org<mailto:abartlet at samba.org>>
Sent: Wednesday, May 10, 2023 10:41 PM
To: Interoperability Documentation Help <dochelp at microsoft.com<mailto:dochelp at microsoft.com>>
Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org>>
Subject: [EXTERNAL] Local Administrator Password Solution (new and legacy)
Kia Ora DocHelp,
(again) Per my phone call with Obaid and Tom last week.
We were talking about LAPS, the Local Administrator Password Solution.
I have two questions, firstly on getting the schema for LAPS and LAPS
legacy:
Is the schema added by Update-LapsADSchema published anywhere, ideally
under same licence as
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fwindowsserverdocs&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=HGoaYn6NbEC2pO4Gxnr%2BiqDHRkkPCA9CJmMf8AA8B20%3D&reserved=0<https://github.com/MicrosoftDocs/windowsserverdocs> ?
Likewise, it would be helpful to still support legacy LAPS in Samba.
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D46899&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EUtO8w8QJcuCu1JfGAotqz4nh938ppmvl1laVpbMm1k%3D&reserved=0<https://www.microsoft.com/en-us/download/details.aspx?id=46899>
This link below shows the schema in another user's repo (not Samba).
Would it be possible to get or be pointed at a public and licensed copy
of this schema so Samba can support this 'out of the box'?
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Foz9un%2FLAPS-for-SAMBA%2Fblob%2Fmaster%2Fscripts%2Flaps-install&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=jqSSZnYv1uTR3yIoHCKOS%2Bwej%2BL3qwdl6VQNdIeyqzk%3D&reserved=0<https://github.com/oz9un/LAPS-for-SAMBA/blob/master/scripts/laps-install>
Secondly, there are requirements on Windows 2016 for new LAPS:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Flaps%2Flaps-scenarios-windows-server-active-directory&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=N%2FAdAeYW9T%2B%2B75B49fPzYiysF6%2BfpqPPdavNGLh5UmI%3D&reserved=0<https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-scenarios-windows-server-active-directory> mentions requirements on Windows server 2016.
Can you clarify which protocol behaviours are needed for this, so I can
investigate this, as nothing like this is mentioned at
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fwhats-new-active-directory-domain-services%3Fsource%3Drecommendations&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CKB7xpad%2Bwdo7pPRrXXO4U4mmSH0V46rXOdt2jPfaLE%3D&reserved=0<https://learn.microsoft.com/en-us/windows-server/identity/whats-new-active-directory-domain-services?source=recommendations>
and
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fad-ds%2Factive-directory-functional-levels&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=67N14qhDnsZ%2Bpqpdfw6xLhZcClRuQQ30jugrOqHBu9Y%3D&reserved=0<https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels>
(I realise Windows is a big product and these are not meant to be
comprehensive).
Thanks,
Andrew Bartlett
--
Andrew Bartlett (he/him) https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org%2F~abartlet%2F&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=rFnj3sbTrOyDXT8BfIQvO2G4NofKhVdpffCcSRTu2ko%3D&reserved=0<https://samba.org/~abartlet/>
Samba Team Member (since 2001) https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org%2F&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mV1VWoFE8gaWWaxxBQ4BtPZYK1RG9nmn8n6bdDFxfxw%3D&reserved=0<https://samba.org/>
Samba Team Lead https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcatalyst.net.nz%2Fservices%2Fsamba&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=1KrCqm6WBJ1t4gkRYYsrLo3dMclLskCdz6mTAdXfUwk%3D&reserved=0<https://catalyst.net.nz/services/samba>
Catalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcatalyst.net.nz%2Fservices%2Fsamba&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=1KrCqm6WBJ1t4gkRYYsrLo3dMclLskCdz6mTAdXfUwk%3D&reserved=0<https://catalyst.net.nz/services/samba>
Catalyst IT - Expert Open Source Solutions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20230519/f9b08865/attachment.htm>
More information about the cifs-protocol
mailing list