[cifs-protocol] [EXTERNAL] Local Administrator Password Solution (new and legacy) - TrackingID#2305110040008264

Andrew Bartlett abartlet at samba.org
Mon May 22 21:08:25 UTC 2023 

Thanks, that is useful.  I wasn't expecting 'administrator added'
schema items to be declared there, this is useful to know. 

On Fri, 2023-05-19 at 17:07 +0000, Jeff McCashland (He/him) via cifs-
protocol wrote:
> Hi Andrew,
>  
> Hopefully you were able to get your questions answered with the
> information from [MS-ADA2].
>  
> If not, please send us email at our DocHelp alias and we’re happy to
> help.
>  
> Best regards,
> Jeff McCashland (He/him) | Senior Escalation Engineer |
> Microsoft Protocol Open Specifications Team
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-
> 08:00) Pacific Time (US and Canada)
> Local country phone number found
> here: http://support.microsoft.com/globalenglish | Extension 1138300
>  
> From: Jeff McCashland (He/him) <jeffm at microsoft.com> 
> Sent: Friday, May 12, 2023 4:06 PM
> To: Andrew Bartlett <abartlet at samba.org>
> Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org>;
> Microsoft Support <supportmail at microsoft.com>
> Subject: Re: [EXTERNAL] Local Administrator Password Solution (new
> and legacy) - TrackingID#2305110040008264
>  
> Hi Andrew,
>  
> [MS-ADA2] has just been republished with updates related to the new
> Windows LAPS. Please review the new information and see if it answers
> some of your questions. 
>  
> [MS-ADA2]: Active Directory Schema Attributes M | Microsoft Learn
> 
> [MS-ADA2]: Active Directory Schema Attributes M
> Specifies the Active Directory Schema Attributes M, which contains a
> partial list of the objects that exist in the Active Directory schema
> learn.microsoft.com
> 
>  
>  
> Best regards,
> Jeff McCashland (He/him) | Senior Escalation Engineer |
> Microsoft Protocol Open Specifications Team
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-
> 08:00) Pacific Time (US and Canada)
> Local country phone number found
> here: http://support.microsoft.com/globalenglish | Extension 1138300
>  
>                                   
> From: Jeff McCashland (He/him) <jeffm at microsoft.com>
> Sent: Thursday, May 11, 2023 9:58 AM
> To: Andrew Bartlett <abartlet at samba.org>
> Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org>;
> Microsoft Support <supportmail at microsoft.com>
> Subject: Re: [EXTERNAL] Local Administrator Password Solution (new
> and legacy) - TrackingID#2305110040008264
>  
> [DocHelp to BCC, support on CC, SR ID on Subject]
>  
> Hi Andrew,
>  
> Thank you for your questions. We have created SR 2305110040008264 to
> track this issue. One of our engineers will respond soon. 
>  
> Best regards,
> Jeff McCashland (He/him) | Senior Escalation Engineer |
> Microsoft Protocol Open Specifications Team
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-
> 08:00) Pacific Time (US and Canada)
> Local country phone number found
> here: http://support.microsoft.com/globalenglish | Extension 1138300
>  
>                                   
> From: Andrew Bartlett <abartlet at samba.org>
> Sent: Wednesday, May 10, 2023 10:41 PM
> To: Interoperability Documentation Help <dochelp at microsoft.com>
> Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org>
> Subject: [EXTERNAL] Local Administrator Password Solution (new and
> legacy)
>  
> Kia Ora DocHelp,
> 
> (again) Per my phone call with Obaid and Tom last week.
> 
> We were talking about LAPS, the Local Administrator Password
> Solution.
> 
> I have two questions, firstly on getting the schema for LAPS and LAPS
> legacy:
> 
> Is the schema added by Update-LapsADSchema published anywhere,
> ideally
> under same licence as 
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fwindowsserverdocs&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=HGoaYn6NbEC2pO4Gxnr%2BiqDHRkkPCA9CJmMf8AA8B20%3D&reserved=0
> ?
> 
> Likewise, it would be helpful to still support legacy LAPS in Samba.
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D46899&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EUtO8w8QJcuCu1JfGAotqz4nh938ppmvl1laVpbMm1k%3D&reserved=0
> 
> This link below shows the schema in another user's repo (not Samba).
> 
> Would it be possible to get or be pointed at a public and licensed
> copy
> of this schema so Samba can support this 'out of the box'?
> 
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Foz9un%2FLAPS-for-SAMBA%2Fblob%2Fmaster%2Fscripts%2Flaps-install&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=jqSSZnYv1uTR3yIoHCKOS%2Bwej%2BL3qwdl6VQNdIeyqzk%3D&reserved=0
> 
> Secondly, there are requirements on Windows 2016 for new LAPS:
> 
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Flaps%2Flaps-scenarios-windows-server-active-directory&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=N%2FAdAeYW9T%2B%2B75B49fPzYiysF6%2BfpqPPdavNGLh5UmI%3D&reserved=0
> mentions requirements on Windows server 2016.
>  
> 
> Can you clarify which protocol behaviours are needed for this, so I
> can
> investigate this, as nothing like this is mentioned at 
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fwhats-new-active-directory-domain-services%3Fsource%3Drecommendations&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CKB7xpad%2Bwdo7pPRrXXO4U4mmSH0V46rXOdt2jPfaLE%3D&reserved=0
>  and 
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fad-ds%2Factive-directory-functional-levels&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=67N14qhDnsZ%2Bpqpdfw6xLhZcClRuQQ30jugrOqHBu9Y%3D&reserved=0
>  (I realise Windows is a big product and these are not meant to be
> comprehensive). 
> 
> 
> Thanks,
> 
> Andrew Bartlett
> 
> 
> _______________________________________________
> cifs-protocol mailing list
> cifs-protocol at lists.samba.org
> https://lists.samba.org/mailman/listinfo/cifs-protocol

-- 
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20230523/8091be36/attachment.htm>

More information about the cifs-protocol mailing list