<html><head>
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
@font-face
{font-family:"Segoe UI Light";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.xcontentpasted0
{mso-style-name:x_contentpasted0;}
p.xmsonormal, li.xmsonormal, div.xmsonormal
{mso-style-name:x_msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.xapple-converted-space
{mso-style-name:x_apple-converted-space;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-US" link="blue" vlink="purple"><div>Thanks, that is useful. I wasn't expecting 'administrator added' schema items to be declared there, this is useful to know. </div><div><br></div><div>On Fri, 2023-05-19 at 17:07 +0000, Jeff McCashland (He/him) via cifs-protocol wrote:</div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div class="WordSection1"><p class="MsoNormal">Hi Andrew,<o:p></o:p></p><p class="MsoNormal"><o:p> </o:p></p><p class="MsoNormal">Hopefully you were able to get your questions answered with the information from [MS-ADA2].<o:p></o:p></p><p class="MsoNormal"><o:p> </o:p></p><p class="MsoNormal">If not, please send us email at our DocHelp alias and we’re happy to help.<o:p></o:p></p><p class="MsoNormal"><o:p> </o:p></p><div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:blue">Best regards,</span><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:navy"><br><i>Jeff M</i></span></b><b><i><sup><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#002060">c</span></sup></i></b><b><i><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:navy">Cashland (He/him) </span></i></b><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:navy">| Senior Escalation Engineer<i> | Microsoft</i></span></b><b><span style="font-family:"Arial",sans-serif;color:navy"> </span></b><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:navy">Protocol Open Specifications Team</span></b><o:p></o:p></p><p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:blue">Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)</span><o:p></o:p></p><p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:blue">Local country phone number found here: </span><span style="color:#2F5496"><a href="http://support.microsoft.com/globalenglish"><span style="font-size:8.0pt;font-family:"Arial",sans-serif">http://support.microsoft.com/globalenglish</span></a></span><span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:blue"> | Extension 1138300</span><o:p></o:p></p></div><p class="MsoNormal"><o:p> </o:p></p><div><div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b>From:</b> Jeff McCashland (He/him) <jeffm@microsoft.com> <br><b>Sent:</b> Friday, May 12, 2023 4:06 PM<br><b>To:</b> Andrew Bartlett <abartlet@samba.org><br><b>Cc:</b> cifs-protocol mailing list <cifs-protocol@lists.samba.org>; Microsoft Support <supportmail@microsoft.com><br><b>Subject:</b> Re: [EXTERNAL] Local Administrator Password Solution (new and legacy) - TrackingID#2305110040008264<o:p></o:p></p></div></div><p class="MsoNormal"><o:p> </o:p></p><div><p class="MsoNormal"><span style="color:black">Hi Andrew,</span><o:p></o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal"><span style="color:black">[MS-ADA2] has just been republished with updates related to the new Windows LAPS. Please review the new information and see if it answers some of your questions. </span><o:p></o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal"><span style="color:black"><a href="https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-ada2/e20ebc4e-5285-40ba-b3bd-ffcb81c2783e">[MS-ADA2]: Active Directory Schema Attributes M | Microsoft Learn</a></span><o:p></o:p></p></div><div><div style="margin-top:12.0pt;margin-bottom:12.0pt;min-width: 424px" id="LPBorder_GTaHR0cHM6Ly9sZWFybi5taWNyb3NvZnQuY29tL2VuLXVzL29wZW5zcGVjcy93aW5kb3dzX3Byb3RvY29scy9tcy1hZGEyL2UyMGViYzRlLTUyODUtNDBiYS1iM2JkLWZmY2I4MWMyNzgzZQ.."><table class="MsoNormalTable" border="1" cellspacing="4" cellpadding="0" width="100%" style="width:100.0%;border:solid #C8C8C8 1.0pt"><tbody><tr><td valign="top" style="border:none;padding:9.0pt 27.0pt 9.0pt 9.0pt"><div style="margin-right:9.0pt;overflow:hidden" id="LPImageContainer959984"><p class="MsoNormal"><a href="https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-ada2/e20ebc4e-5285-40ba-b3bd-ffcb81c2783e" target="_blank"><span style="text-decoration:none"><img border="0" width="160" height="160" style="width:1.6666in;height:1.6666in" id="LPThumbnailImageId959984" src="https://learn.microsoft.com/en-us/media/logos/logo-ms-social.png"></span></a><o:p></o:p></p></div></td><td width="100%" valign="top" style="width:100.0%;border:none;padding:9.0pt 27.0pt 9.0pt 9.0pt"><div style="margin-right:6.0pt;margin-bottom:9.0pt" id="LPTitle959984"><p class="MsoNormal"><span style="font-size:16.0pt;font-family:"Segoe UI Light",sans-serif"><a href="https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-ada2/e20ebc4e-5285-40ba-b3bd-ffcb81c2783e" target="_blank"><span style="text-decoration:none">[MS-ADA2]: Active Directory Schema Attributes M</span></a><o:p></o:p></span></p></div><div style="margin-right:6.0pt;margin-bottom:9.0pt;max-height: 100px;overflow:hidden" id="LPDescription959984"><p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#666666">Specifies the Active Directory Schema Attributes M, which contains a partial list of the objects that exist in the Active Directory schema<o:p></o:p></span></p></div><div id="LPMetadata959984"><p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#A6A6A6">learn.microsoft.com<o:p></o:p></span></p></div></td></tr></tbody></table></div></div><p class="MsoNormal"><o:p> </o:p></p><div><div><p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p></div><div id="Signature"><div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:blue">Best regards,</span><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:navy"><br><i>Jeff M</i></span></b><b><i><sup><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#002060">c</span></sup></i></b><b><i><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:navy">Cashland (He/him)<span class="apple-converted-space"> </span></span></i></b><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:navy">| Senior Escalation Engineer<span class="apple-converted-space"><i> </i></span><i>| Microsoft</i></span></b><span class="apple-converted-space"><b><span style="font-family:"Arial",sans-serif;color:navy"> </span></b></span><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:navy">Protocol Open Specifications Team</span></b><o:p></o:p></p><p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:blue">Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)</span><o:p></o:p></p><p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:blue">Local country phone number found here:<span class="apple-converted-space"> </span></span><span style="color:#2F5496"><a href="http://support.microsoft.com/globalenglish"><span style="font-size:8.0pt;font-family:"Arial",sans-serif">http://support.microsoft.com/globalenglish</span></a></span><span class="apple-converted-space"><span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:blue"> </span></span><span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:blue">| Extension 1138300</span><o:p></o:p></p><p class="MsoNormal"> <o:p></o:p></p></div></div></div><div class="MsoNormal" align="center" style="text-align:center"><hr size="2" width="98%" align="center"></div><div id="divRplyFwdMsg"><p class="MsoNormal"><b><span style="color:black">From:</span></b><span style="color:black"> Jeff McCashland (He/him) <<a href="mailto:jeffm@microsoft.com">jeffm@microsoft.com</a>><br><b>Sent:</b> Thursday, May 11, 2023 9:58 AM<br><b>To:</b> Andrew Bartlett <<a href="mailto:abartlet@samba.org">abartlet@samba.org</a>><br><b>Cc:</b> cifs-protocol mailing list <<a href="mailto:cifs-protocol@lists.samba.org">cifs-protocol@lists.samba.org</a>>; Microsoft Support <<a href="mailto:supportmail@microsoft.com">supportmail@microsoft.com</a>><br><b>Subject:</b> Re: [EXTERNAL] Local Administrator Password Solution (new and legacy) - TrackingID#2305110040008264</span><o:p></o:p></p><div><p class="MsoNormal"> <o:p></o:p></p></div></div><div><div><p class="MsoNormal"><span style="color:black">[DocHelp to BCC, support on CC, SR ID on Subject]</span><o:p></o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal"><span style="color:black">Hi Andrew,</span><o:p></o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal"><span class="xcontentpasted0"><span style="color:black">Thank you for your questions. We have created SR 2305110040008264 to track this issue. One of our engineers will respond soon. </span></span><o:p></o:p></p></div><div><div><p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p></div><div id="x_Signature"><div><div><p class="xmsonormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:blue">Best regards,</span><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:navy"><br><i>Jeff M</i></span></b><b><i><sup><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#002060">c</span></sup></i></b><b><i><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:navy">Cashland (He/him)<span class="xapple-converted-space"> </span></span></i></b><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:navy">| Senior Escalation Engineer<span class="xapple-converted-space"><i> </i></span><i>| Microsoft</i></span></b><span class="xapple-converted-space"><b><span style="font-family:"Arial",sans-serif;color:navy"> </span></b></span><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:navy">Protocol Open Specifications Team</span></b><o:p></o:p></p><p class="xmsonormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:blue">Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)</span><o:p></o:p></p><p class="xmsonormal"><span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:blue">Local country phone number found here:<span class="xapple-converted-space"> </span></span><span style="color:#2F5496"><a href="http://support.microsoft.com/globalenglish"><span style="font-size:8.0pt;font-family:"Arial",sans-serif">http://support.microsoft.com/globalenglish</span></a></span><span class="xapple-converted-space"><span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:blue"> </span></span><span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:blue">| Extension 1138300</span><o:p></o:p></p><p class="xmsonormal"> <o:p></o:p></p></div></div></div></div><div class="MsoNormal" align="center" style="text-align:center"><hr size="2" width="98%" align="center"></div><div id="x_divRplyFwdMsg"><p class="MsoNormal"><b><span style="color:black">From:</span></b><span style="color:black"> Andrew Bartlett <<a href="mailto:abartlet@samba.org">abartlet@samba.org</a>><br><b>Sent:</b> Wednesday, May 10, 2023 10:41 PM<br><b>To:</b> Interoperability Documentation Help <<a href="mailto:dochelp@microsoft.com">dochelp@microsoft.com</a>><br><b>Cc:</b> cifs-protocol mailing list <<a href="mailto:cifs-protocol@lists.samba.org">cifs-protocol@lists.samba.org</a>><br><b>Subject:</b> [EXTERNAL] Local Administrator Password Solution (new and legacy)</span><o:p></o:p></p><div><p class="MsoNormal"> <o:p></o:p></p></div></div><div><div><p class="MsoNormal" style="margin-bottom:12.0pt">Kia Ora DocHelp,<br><br>(again) Per my phone call with Obaid and Tom last week.<br><br>We were talking about LAPS, the Local Administrator Password Solution.<br><br>I have two questions, firstly on getting the schema for LAPS and LAPS<br>legacy:<br><br>Is the schema added by Update-LapsADSchema published anywhere, ideally<br>under same licence as <br><a href="https://github.com/MicrosoftDocs/windowsserverdocs">https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fwindowsserverdocs&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=HGoaYn6NbEC2pO4Gxnr%2BiqDHRkkPCA9CJmMf8AA8B20%3D&reserved=0</a> ?<br><br>Likewise, it would be helpful to still support legacy LAPS in Samba.<br><a href="https://www.microsoft.com/en-us/download/details.aspx?id=46899">https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D46899&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EUtO8w8QJcuCu1JfGAotqz4nh938ppmvl1laVpbMm1k%3D&reserved=0</a><br><br>This link below shows the schema in another user's repo (not Samba).<br><br>Would it be possible to get or be pointed at a public and licensed copy<br>of this schema so Samba can support this 'out of the box'?<br><br><a href="https://github.com/oz9un/LAPS-for-SAMBA/blob/master/scripts/laps-install">https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Foz9un%2FLAPS-for-SAMBA%2Fblob%2Fmaster%2Fscripts%2Flaps-install&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=jqSSZnYv1uTR3yIoHCKOS%2Bwej%2BL3qwdl6VQNdIeyqzk%3D&reserved=0</a><br><br>Secondly, there are requirements on Windows 2016 for new LAPS:<br><br><a href="https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-scenarios-windows-server-active-directory">https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Flaps%2Flaps-scenarios-windows-server-active-directory&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=N%2FAdAeYW9T%2B%2B75B49fPzYiysF6%2BfpqPPdavNGLh5UmI%3D&reserved=0</a> mentions requirements on Windows server 2016.<br> <br><br>Can you clarify which protocol behaviours are needed for this, so I can<br>investigate this, as nothing like this is mentioned at <br><a href="https://learn.microsoft.com/en-us/windows-server/identity/whats-new-active-directory-domain-services?source=recommendations">https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fwhats-new-active-directory-domain-services%3Fsource%3Drecommendations&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CKB7xpad%2Bwdo7pPRrXXO4U4mmSH0V46rXOdt2jPfaLE%3D&reserved=0</a><br> and <br><a href="https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels">https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fad-ds%2Factive-directory-functional-levels&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=67N14qhDnsZ%2Bpqpdfw6xLhZcClRuQQ30jugrOqHBu9Y%3D&reserved=0</a><br> (I realise Windows is a big product and these are not meant to be<br>comprehensive). <br><br><br>Thanks,<br><br>Andrew Bartlett<br><br><br></p><pre>_______________________________________________
cifs-protocol mailing list
<a href="mailto:cifs-protocol@lists.samba.org">cifs-protocol@lists.samba.org</a>
<a href="https://lists.samba.org/mailman/listinfo/cifs-protocol">https://lists.samba.org/mailman/listinfo/cifs-protocol</a>
</pre></div></div></div></div></blockquote><div><br></div><div><span><pre>-- <br></pre><pre>Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
</pre></span></div></body></html>