[cifs-protocol] [REG:110091558099846] RE: Incompleteness in MS-SAMR section 220.127.116.11.1 objectClass
hongweis at microsoft.com
Tue Sep 21 16:45:43 MDT 2010
Thanks for raising this issue with us. First, We will add the missing definitions for UF_PARTIAL_SECRETS_ACCOUNT (0x4000000) to 18.104.22.168 MS-SAMR, USER_PARTIAL_SECRETS_ACCOUNT (0x00100000) to 22.214.171.124 MS-SAMR and DOMAIN_GROUP_RID_READONLY_DCS(0x00000209) to 126.96.36.199 MS-SAMR. In 188.8.131.52.1 MS-SAMR, we will add the following entry to the table in item 4 showing that if userAccountContol has bits UF_WORKSTATION_TRUST_ACCOUNT & UF_PARTIAL_SECRETS_ACCOUNT , the primaryGroupId attribute MUST be updated with DOMAIN_GROUP_RID_READONLY_CONTROLLERS.
We are in the process to update the document. The changes will appear in the future release of the document. Please let us know if you have any further question. If not, I will consider this issue resolved.
From: Matthias Dieter Wallnöfer [mailto:mdw at samba.org]
Sent: Wednesday, September 15, 2010 6:09 AM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: Incompleteness in MS-SAMR section 184.108.40.206.1 objectClass
Dear dochelp team,
starting with Windows Server 2008 there has been introduced the
UF_PARTIAL_SECURITY flag As far as we (s4 people) found out this also
impacts the objectclass trigger described in MS-SAMR 220.127.116.11.1. For
example if set on "userAccountControl" it switches the "primaryGroupID"
We would appreciate if the specified section could be enhanced regarding it.
More information about the cifs-protocol