[cifs-protocol] nTDSDSA Object and serverreference attribute

Sebastian Canevari Sebastian.Canevari at microsoft.com
Thu Oct 25 10:25:40 MDT 2012 

Hi Matt,

I have tested the population of the serverReference attribute in the NTDSSettings object and I've confirmed that it does not get populated by Windows.
Anyways, I've consulted with the PG and they confirmed my findings and pointed me to [MS-DRSR] 4.1.1.2.3  " CreateNtdsDsa" where the pseudo code states:

...
/* serverReference attribute is not updated here; instead, it is used
	* to find the computer object of the DC so that the replication SPN 
	 * can be added to the DC's computer object. */
	sl := ENTINF_GetValue(e, serverReference, prefixTable)
	ENTINF_SetValue(e, serverReference, null, prefixTable) ... 

In conclusion, the ServerReference attribute for nTDSDSA Object should not be updated at the NTDSSettings level but only at the server object level.

Thanks and regards,

Sebastian


Sebastian Canevari | Escalation Engineer | US-CSS Developer Support Core (DSC) Protocol Team
P +1 469 775 7849 
One Microsoft Way, 98052, Redmond, WA, USA http://support.microsoft.com


-----Original Message-----
From: Sebastian Canevari 
Sent: Monday, October 08, 2012 10:15 AM
To: 'mat at samba.org'
Cc: Interoperability Documentation Help; cifs-protocol at samba.org; pfif at tridgell.net
Subject: RE: nTDSDSA Object and serverreference attribute

Working on this Matthieu, will let you know as soon as I have news.

Thanks!

Sebastian


Sebastian Canevari | Escalation Engineer | US-CSS Developer Support Core (DSC) Protocol Team P +1 469 775 7849 One Microsoft Way, 98052, Redmond, WA, USA http://support.microsoft.com


-----Original Message-----
From: Matthieu Patou [mailto:mat at samba.org] 
Sent: Monday, October 08, 2012 2:08 AM
To: Sebastian Canevari
Cc: Interoperability Documentation Help; cifs-protocol at samba.org; pfif at tridgell.net
Subject: Re: nTDSDSA Object and serverreference attribute

Hello Sebastian,

Any news on this issue ?

On 10/01/2012 10:46 AM, Sebastian Canevari wrote:
> Thanks for your inquiry Matthieu!
>
> I'll be helping you with this request.
>
> Thanks and regards,
>
> Sebastian
>
> Sebastian Canevari | Escalation Engineer | US-CSS Developer Support 
> Core (DSC) Protocol Team
>
> P +1 469 775 7849
> One Microsoft Way, 98052, Redmond, WA, USA 
> http://support.microsoft.com
>
> ________________________________________
> From: Matthieu Patou [mat at samba.org]
> Sent: Monday, October 01, 2012 1:38 AM
> To: Interoperability Documentation Help; cifs-protocol at samba.org; 
> pfif at tridgell.net
> Subject: nTDSDSA Object and serverreference attribute
>
> Dear Dochelp,
>
> Paragraph 6.1.1.2.2.1.2.1.1 nTDSDSA Object of MS-ADTS seems to list 
> all the possible attributes that this kind of object has.
>
> I didn't find the serverReference in this list but after joining and 
> promoting windows 2008r2 to a Samba 4rc1 domain I have the following 
> entry for the nTDSDSA object related to the Windows 2008r2 DC:
>
> objectClass: nTDSDSA
> cn: NTDS Settings
> instanceType: 4
> whenCreated: 20120930062848.0Z
> hasMasterNCs: CN=Configuration,DC=samba,DC=corp
> hasMasterNCs: DC=samba,DC=corp
> hasMasterNCs: CN=Schema,CN=Configuration,DC=samba,DC=corp
> uSNCreated: 3737
> dMDLocation: CN=Schema,CN=Configuration,DC=samba,DC=corp
> invocationId: 6dae53b2-4451-43fa-aead-92beb46962f3
> showInAdvancedViewOnly: TRUE
> name: NTDS Settings
> objectGUID: 60b2cf44-9b15-408d-bdd0-65b9514e7114
> options: 1
> systemFlags: 33554432
> objectCategory: 
> CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=samba,DC=corp
> msDS-Behavior-Version: 4
> msDS-HasDomainNCs: DC=samba,DC=corp
> serverReference: CN=S1-W2K8R2,OU=Domain Controllers,DC=samba,DC=corp
> msDS-hasMasterNCs: CN=Configuration,DC=samba,DC=corp
> msDS-hasMasterNCs: DC=samba,DC=corp
> msDS-hasMasterNCs: CN=Schema,CN=Configuration,DC=samba,DC=corp
> msDS-hasMasterNCs: DC=DomainDnsZones,DC=samba,DC=corp
> msDS-hasMasterNCs: DC=ForestDnsZones,DC=samba,DC=corp
> whenChanged: 20120930064023.0Z
> msDS-HasInstantiatedNCs: B:8:00000005:DC=samba,DC=corp
> msDS-HasInstantiatedNCs:
> B:8:00000005:CN=Schema,CN=Configuration,DC=samba,DC=c
>    orp
> msDS-HasInstantiatedNCs: 
> B:8:00000005:CN=Configuration,DC=samba,DC=corp
> uSNChanged: 3792
> distinguishedName: CN=NTDS
> Settings,CN=S1-W2K8R2,CN=Servers,CN=Default-First-S
>    ite-Name,CN=Sites,CN=Configuration,DC=samba,DC=corp
>
> It appears to have a serverReference attribute, I'm wondering under 
> which circumstances a windows 2008r2 will add this attribute to the 
> nTDSDSA object as I found no indication in the documentation.
>
> Thanks.
>
> Matthieu
>
> --
> Matthieu Patou
> Samba Team
> http://samba.org
>
>
>


--
Matthieu Patou
Samba Team
http://samba.org

More information about the cifs-protocol mailing list