[cifs-protocol] What elements of the DIT are required for AD to operate?

Andrew Bartlett abartlet at samba.org
Fri Jan 22 17:15:22 MST 2010


On Thu, 2010-01-21 at 23:20 +0000, Hongwei Sun wrote:
> Andrew,
> 
>    I attached the file with the list  initially required DIT elements
> for Windows 2008R2 function level.   All the required DIT elements
> should be all documented in section 7 of MS-ADTS.  Therefore , we
> manually reviewed the LDIF dump of a DC and compared with MS-ADTS to
> decide which elements should be kept.   Please review it and give us
> feedback.  

Thanks!  We look forward to testing this out.  

What I'm wondering is how did you verify that an element was not
required - just that it isn't mentioned in the doc, or did you delete it
from a running windows DC and try repetitive DCpromo (or something
else)?

Do you have a list of the DN values that may be found in the normal
provision of a Windows DC that are not required (ie, those you removed)?
If you have this, it would help our validation by being able to look at
this from both directions.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20100123/314e6b74/attachment.pgp>


More information about the cifs-protocol mailing list