[cifs-protocol] FW: FW: Inconsistencies in ad-schema docs and text
rguthrie at microsoft.com
Fri Apr 24 16:07:55 GMT 2009
Attached are schema files for Windows 2008 and Windows 2008R2/Windows 7. The Windows 2008 schema should not have any issues based upon initial validation against the Windows 2008 schema. The release notes for the Windows 2008R2/Windows 7 schema are as follows (All issues are under investigation at this time):
1. cn: Computer - Schema pulled from Windows 2008R2 shows two additional attributes for systemMayContain msTSSecondaryDesktopBL, msTSPrimaryDesktopBL. These are not present in the latest documentation for this attribute.
2. cn: Domain-DNS - defaultSecurityDescriptor in does not match the schema pulled from Windows 2008R2 3. cn: inetOrgPerson - defaultSecurityDescriptor does not match the schema pulled from Windows 2008R2 4. cn: Object-Class - searchFlags do not match the schema pulled from Windows 2008R2 5. cn: Sam-Domain - defaultSecurityDescriptor does not match the schema pulled from Windows 2008R2 6. cn: Schema - This attribute may be missing from the schema documentation. It shows up in the Windows 2008R2 schema so it is being investigated.
7. cn: Top - There appears to be a discrepancy with the generated Windows 2008R2 schema and the documented schema for systemMayContain attribute.
Please let us know if you have any feedback.
Support Escalation Engineer
Open Protocols Support Team
Tel: +1 (469) 775-7794
E-mail: rguthrie at microsoft.com
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Friday, March 20, 2009 2:19 AM
To: Richard Guthrie
Cc: Sreepathi Pai; Will Gregg; Nick Meier; Keith Hageman; Darryl Welch
Subject: RE: FW: Inconsistencies in ad-schema docs and text files
On Sat, 2009-03-07 at 06:17 -0800, Richard Guthrie wrote:
> We agree, we will deliver a Windows 7/Windows Server 2008 R2 schema
> along with Windows 2008, as you have requested. Once we have
> validated the schema we will send it to you using the same mechanism
> we have used previously. I cannot commit to an exact date for
> delivery as I am not sure what issues we might encounter in generating
> the new schema, but we will work to get this to you as quickly as
> I also wanted to reinforce Keith's separate mail regarding licensing
> and distribution, and note that it would apply to the updated schema
> as well. If you have any questions/feedback please let us know.
We are still very much waiting for the full corrected schema (it looks like it will miss the next alpha as well, at this rate).
I've been working on validation tools (and using the ones that Sreepathi has written), and the schema as provided seems pretty close, bearing in mind it seems to contain a mix of windows 2008 classes and 2008R2 attributes.
For reference, the tests I'm running are using the git tree at:
setup/ad-schema/MS-AD_Schema_2K8Classes.txt > /tmp/ms-schema.ldif
python scripting/bin/fullschema ldap://win2008-1.2008.naomi.abartlet.net
-Uadministrator%PASSWORD > /tmp/2008-schema.ldif
(This extracts the schema directly from windows over LDAP - and actually provides the file we are asking for here, but without the WSPP licence)
To compare the results (as for some reason, the AD schema provided is not sorted, despite being so in the original PDF) Sreepathi wrote
I run it like:
HIDE_SAMBA_ONLY=1 sh normldif.sh 2008-schema.ldif ms-schema.ldif
(NOTE: it deletes tmp1 and tmp2 in the current working directory)
I'll separately address the question of how to generate some of the additional attributes hidden by the 'HIDE_SAMBA_ONLY' flag.
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 318248 bytes
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20090424/463c9d93/Schemas-0001.bin
More information about the cifs-protocol