[cifs-protocol] LDAP_SERVER_SD_FLAGS_OID control and search request

Sebastian Canevari Sebastian.Canevari at microsoft.com
Fri Dec 18 12:55:28 MST 2009

Hi Matthieu,

I'll be helping you with this issue.

Thanks and regards,

Sebastian Canevari
Senior Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM
7100 N Hwy 161, Irving, TX - 75039
"Las Colinas - LC2"
Tel: +1 469 775 7849
e-mail: sebastc at microsoft.com

-----Original Message-----
From: Matthieu Patou [mailto:mat+Informatique.Samba at matws.net] 
Sent: Friday, December 18, 2009 10:36 AM
To: cifs-protocol at samba.org; Interoperability Documentation Help; pfif at tridgell.net
Subject: LDAP_SERVER_SD_FLAGS_OID control and search request


While testing ADUC I found that this tool is using the control LDAP_SERVER_SD_FLAGS_OID when requesting object with no attributes (ie. 
CN=Users,DC=home,DC=matws,DC=net) and expect to receive the nTSecurityDescriptor.
Of course if you do not provide this control the nTSecurityDescriptor is not returned.

I tested this behavior with w2k3r2 and it is how this server behave.

Can you confirm that it's the expected behavior for this control and if possible can you document it if it's not already done.



More information about the cifs-protocol mailing list