[cifs-protocol] [EXTERNAL] Local Administrator Password Solution (new and legacy) - TrackingID#2305110040008264

Andrew Bartlett abartlet at samba.org
Wed May 24 21:45:01 UTC 2023 

Thanks.  That is useful.
Are you still looking into the new 2016 requirements part of the
question?
Thanks,
Andrew Bartlett
On Fri, 2023-05-12 at 23:05 +0000, Jeff McCashland (He/him) via cifs-
protocol wrote:
> Hi Andrew,
> 
> 
> 
> 
> 
> [MS-ADA2] has just been republished with updates related to the new
> Windows LAPS. Please review the new information and see if
>  it answers some of your questions. 
> 
> 
> 
> 
> 
> [MS-ADA2]:
>  Active Directory Schema Attributes M | Microsoft Learn
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> [MS-ADA2]: Active Directory Schema Attributes M
> 
> Specifies the Active Directory Schema Attributes M, which contains a
> partial list of the objects that exist in the Active Directory schema
> 
> learn.microsoft.com
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Best regards,
> 
> Jeff McCashland (He/him) |
>  Senior Escalation Engineer | Microsoft Protocol
>  Open Specifications Team
> 
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-
> 08:00) Pacific Time (US and Canada)
> 
> Local country phone number found here: 
> http://support.microsoft.com/globalenglish |
>  Extension 1138300
> 
>  
> 
> 
> 
> 
> 
> 
> 
> 
> From: Jeff McCashland (He/him) <jeffm at microsoft.com>
> 
> Sent: Thursday, May 11, 2023 9:58 AM
> 
> To: Andrew Bartlett <abartlet at samba.org>
> 
> Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org>;
> Microsoft Support <supportmail at microsoft.com>
> 
> Subject: Re: [EXTERNAL] Local Administrator Password Solution (new
> and legacy) - TrackingID#2305110040008264
>  
> 
> 
> 
> <!--
> p
> 	{margin-top:0;
> 	margin-bottom:0}
> -->
> 
> 
> [DocHelp to BCC, support on CC, SR ID on Subject]
> 
> 
> 
> 
> 
> Hi Andrew,
> 
> 
> 
> 
> 
> Thank you for your questions. We have created SR 2305110040008264 to
> track this issue. One of our engineers
>  will respond soon. 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Best regards,
> 
> Jeff McCashland (He/him) |
>  Senior Escalation Engineer | Microsoft Protocol
>  Open Specifications Team
> 
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-
> 08:00) Pacific Time (US and Canada)
> 
> Local country phone number found here: 
> http://support.microsoft.com/globalenglish |
>  Extension 1138300
> 
>  
> 
> 
> 
> 
> 
> 
> 
> 
> From: Andrew Bartlett <abartlet at samba.org>
> 
> Sent: Wednesday, May 10, 2023 10:41 PM
> 
> To: Interoperability Documentation Help <dochelp at microsoft.com>
> 
> Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org>
> 
> Subject: [EXTERNAL] Local Administrator Password Solution (new and
> legacy)
>  
> 
> 
> 
> Kia Ora DocHelp,
> 
> 
> 
> (again) Per my phone call with Obaid and Tom last week.
> 
> 
> 
> We were talking about LAPS, the Local Administrator Password
> Solution.
> 
> 
> 
> I have two questions, firstly on getting the schema for LAPS and LAPS
> 
> legacy:
> 
> 
> 
> Is the schema added by Update-LapsADSchema published anywhere,
> ideally
> 
> under same licence as 
> 
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fwindowsserverdocs&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=HGoaYn6NbEC2pO4Gxnr%2BiqDHRkkPCA9CJmMf8AA8B20%3D&reserved=0
>  ?
> 
> 
> 
> Likewise, it would be helpful to still support legacy LAPS in Samba.
> 
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D46899&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EUtO8w8QJcuCu1JfGAotqz4nh938ppmvl1laVpbMm1k%3D&reserved=0
> 
> 
> 
> This link below shows the schema in another user's repo (not Samba).
> 
> 
> 
> Would it be possible to get or be pointed at a public and licensed
> copy
> 
> of this schema so Samba can support this 'out of the box'?
> 
> 
> 
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Foz9un%2FLAPS-for-SAMBA%2Fblob%2Fmaster%2Fscripts%2Flaps-install&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=jqSSZnYv1uTR3yIoHCKOS%2Bwej%2BL3qwdl6VQNdIeyqzk%3D&reserved=0
> 
> 
> 
> Secondly, there are requirements on Windows 2016 for new LAPS:
> 
> 
> 
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Flaps%2Flaps-scenarios-windows-server-active-directory&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=N%2FAdAeYW9T%2B%2B75B49fPzYiysF6%2BfpqPPdavNGLh5UmI%3D&reserved=0
>  mentions requirements on Windows server 2016.
> 
>  
> 
> 
> 
> Can you clarify which protocol behaviours are needed for this, so I
> can
> 
> investigate this, as nothing like this is mentioned at 
> 
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fwhats-new-active-directory-domain-services%3Fsource%3Drecommendations&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CKB7xpad%2Bwdo7pPRrXXO4U4mmSH0V46rXOdt2jPfaLE%3D&reserved=0
> 
>  and 
> 
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fad-ds%2Factive-directory-functional-levels&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=67N14qhDnsZ%2Bpqpdfw6xLhZcClRuQQ30jugrOqHBu9Y%3D&reserved=0
> 
>  (I realise Windows is a big product and these are not meant to be
> 
> comprehensive). 
> 
> 
> 
> 
> 
> Thanks,
> 
> 
> 
> Andrew Bartlett
> 
> 
> 
> 
> 
> _______________________________________________cifs-protocol mailing 
> listcifs-protocol at lists.samba.org
> https://lists.samba.org/mailman/listinfo/cifs-protocol
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead                https://catalyst.net.nz/services/samba
Catalyst.Net Ltd


Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company

Samba Development and Support: https://catalyst.net.nz/services/samba

Catalyst IT - Expert Open Source Solutions



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20230525/b57d8f83/attachment.htm>

More information about the cifs-protocol mailing list