[cifs-protocol] [REG:110091558099846] RE: Incompleteness in MS-SAMR section 3.1.1.8.1 objectClass
Hongwei Sun
hongweis at microsoft.com
Tue Sep 21 16:45:43 MDT 2010
Matthias,
Thanks for raising this issue with us. First, We will add the missing definitions for UF_PARTIAL_SECRETS_ACCOUNT (0x4000000) to 2.2.1.13 MS-SAMR, USER_PARTIAL_SECRETS_ACCOUNT (0x00100000) to 2.2.1.12 MS-SAMR and DOMAIN_GROUP_RID_READONLY_DCS(0x00000209) to 2.2.1.14 MS-SAMR. In 3.1.1.8.1 MS-SAMR, we will add the following entry to the table in item 4 showing that if userAccountContol has bits UF_WORKSTATION_TRUST_ACCOUNT & UF_PARTIAL_SECRETS_ACCOUNT , the primaryGroupId attribute MUST be updated with DOMAIN_GROUP_RID_READONLY_CONTROLLERS.
We are in the process to update the document. The changes will appear in the future release of the document. Please let us know if you have any further question. If not, I will consider this issue resolved.
Thanks!
Hongwei
-----Original Message-----
From: Matthias Dieter Wallnöfer [mailto:mdw at samba.org]
Sent: Wednesday, September 15, 2010 6:09 AM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: Incompleteness in MS-SAMR section 3.1.1.8.1 objectClass
Dear dochelp team,
starting with Windows Server 2008 there has been introduced the
UF_PARTIAL_SECURITY flag As far as we (s4 people) found out this also
impacts the objectclass trigger described in MS-SAMR 3.1.1.8.1. For
example if set on "userAccountControl" it switches the "primaryGroupID"
to DOMAIN_GROUP_RID_READONLY_DCS.
We would appreciate if the specified section could be enhanced regarding it.
Thanks,
Matthias Wallnöfer
More information about the cifs-protocol
mailing list