[cifs-protocol] Re: Inconsistencies in ad-schema docs and text files

Sreepathi Pai sree314 at gmail.com
Wed Jan 21 20:58:18 GMT 2009

On Wed, Jan 21, 2009 at 10:06 PM, Richard Guthrie
<rguthrie at microsoft.com> wrote:
> Andrew/Sreepathi:
> Attached is an updated schema file for Windows 2008, Windows 2003, Windows 2003 R2 and Windows 2000.  This should resolve all the issues you have sent us previously.

I've run a quick check of the 2008 schema files (only -- not looked at
the others) against the schema.ldif found here (which was generated
directly from a server):
and indeed many of the inconsistencies seem to have been corrected.
Thank you! I am currently unable to verify consistency of these files
with the documentation however -- I'll try to look at this later.

The biggest issue I encountered seem to be that the following
attributes are present in the documentation, but absent in the 2008
file I checked:

DSA-Signature (ADA1:2.209), Has-Master-NCs, Home-Drive, Has-Partial-Replica-NCs,
Last-Logon-Timestamp, Local-Policy-Flags, ms-DS-Mastered-By

There are a number of other issues, but since they seem agree with the
documentation and only conflict with the generated schema file, I'll
leave to it Andrew to decide if they're indeed issues that may have to
be addressed:

The possibleInferiors attribute has disappeared.
Many systemFlags: 0 values have disappeared.
The Root-Trust attribute is present in the generated schema, but
absent in both the docs as well as the MS schema files.
Many bit flags are different, but changes seem to be okay (new flags
added, etc.)
One possible concern, however, is:

-Schema-Flags-Ex.systemOnly: FALSE
+Schema-Flags-Ex.systemOnly: TRUE

(- == schema.ldif, + == ms_schema_2k8.ldif), this is consistent with
the docs though.

Also, I seem to detect changes in some DefaultSecurityDescriptor
values too (e.g., DomainDNS), but am currently unable to verify
against the documentation -- I'll do this later.

The differences file is 114K compressed(!) -- mostly due to additions
I think, so I'm not attaching it. Please let me know if you need to
look at it so I can send it to you.

Sreepathi Pai

More information about the cifs-protocol mailing list