[cifs-protocol] limits on rDN size in AD ?

Hongwei Sun hongweis at microsoft.com
Wed Nov 11 21:55:35 MST 2009


  The RDN of Deleted Objects container is a little different from the normal RDN.   The following information in MS-ADTS describes the composition of RDN for objects in Deleted Object container:

  "The RDN of the object is changed to a "delete-mangled RDN"-an RDN that is guaranteed to be unique within the Deleted Objects container. If O is the object that is deleted, the delete-mangled RDN is the concatenation of O!name, the character with value 0x0A, the string "DEL:", and the dashed string representation ([RFC4122] section 3) of O!objectGUID."

   It looks like to me that for the Delete Objects container,  the size constraint should be dependent on the combination of the each sub component.   Since I am out of office,  I will ask one of my team member to investigate and confirm the behavior.

Thanks !


-----Original Message-----
From: tridge at samba.org [mailto:tridge at samba.org] 
Sent: Monday, November 09, 2009 6:58 PM
To: Hongwei Sun
Cc: cifs-protocol at samba.org; hyc at highlandsun.com
Subject: RE: limits on rDN size in AD ?

Hi Hongwei,

We're back to the old question of rDN size limits again!

I just got a DRS replication reply from w2k8-r2 with a CN that has a
length larger than 64. So I suspect that things are a bit more complex
than what we'd discussed before.

The object was:

  CN=89532b80-09fe-445e-afef-965c0d7f7d15\0ADEL:462902b4-1824-4f02-8956-9f934f64fa01,CN=Deleted Objects,CN=Configuration,DC=vsofs8,DC=com

which gives a length of 80.

Are we perhaps supposed to interpret the \0 as a termination character
for the purposes of this length constraint? (note that this is a \
followed by a 0, not a nul byte).

Or perhaps deleted objects are special in their constraints in some

Cheers, Tridge

More information about the cifs-protocol mailing list