[cifs-protocol] [REG:110091558099846] RE: Incompleteness in MS-SAMR section objectClass

Hongwei Sun hongweis at microsoft.com
Tue Sep 21 16:45:43 MDT 2010


  Thanks for raising this issue with us.  First, We will add the missing definitions for UF_PARTIAL_SECRETS_ACCOUNT (0x4000000) to MS-SAMR, USER_PARTIAL_SECRETS_ACCOUNT (0x00100000) to MS-SAMR and DOMAIN_GROUP_RID_READONLY_DCS(0x00000209) to MS-SAMR.   In MS-SAMR, we will add the following entry to the table in item 4 showing that if userAccountContol has bits UF_WORKSTATION_TRUST_ACCOUNT  & UF_PARTIAL_SECRETS_ACCOUNT , the primaryGroupId attribute MUST be updated with DOMAIN_GROUP_RID_READONLY_CONTROLLERS.

  We are in the process to update the document. The changes will appear in the future release of the document.  Please let us know if you have any further question.  If not, I will consider this issue resolved.



-----Original Message-----
From: Matthias Dieter Wallnöfer [mailto:mdw at samba.org] 
Sent: Wednesday, September 15, 2010 6:09 AM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: Incompleteness in MS-SAMR section objectClass

Dear dochelp team,

starting with Windows Server 2008 there has been introduced the 
UF_PARTIAL_SECURITY flag As far as we (s4 people) found out this also 
impacts the objectclass trigger described in MS-SAMR For 
example if set on "userAccountControl" it switches the "primaryGroupID" 

We would appreciate if the specified section could be enhanced regarding it.

Matthias Wallnöfer

More information about the cifs-protocol mailing list