[cifs-protocol] [REG:114120512128317] MS-ADTS 4.1.8.3 missing RevMembGetGroupsForUser as a transitive operation

Obaid Farooqi obaidf at microsoft.com
Tue Dec 9 16:27:30 MST 2014 

Hi Andrew:
It is not MS-DRSR but MS-ADTS that needs fixing.
In case of a domain that is not in mixed mode (nTMixedDomain= 0) the following line

DRS_MSG_REVMEMB_REQ_V1.OperationType=RevMembGetGroupsForUser

Should be
DRS_MSG_REVMEMB_REQ_V1.OperationType= RevMembGetAccountGroups

I'll file a bug against MS-ADTS.


Please let me know if it does not answer your question.

Regards,
Obaid Farooqi
Escalation Engineer | Microsoft

Exceeding your expectations is my highest priority.  If you would like to provide feedback on your case you may contact my manager at nkang at Microsoft dot com

-----Original Message-----
From: "Obaid Farooqi" <obaidf at microsoft.com> 
Sent: Friday, December 5, 2014 11:43 AM
To: "Andrew Bartlett" <abartlet at samba.org>
Cc: "cifs-protocol at samba.org" <cifs-protocol at samba.org>; "MSSolve Case Email" <casemail at microsoft.com>
Subject: [REG:114120512128317] MS-ADTS 4.1.8.3 missing RevMembGetGroupsForUser as a transitive operation

Hi Andrew: 
I'll help you with this issue and will be in touch as soon as I have an answer. 

Regards,
Obaid Farooqi
Escalation Engineer | Microsoft 

Exceeding your expectations is my highest priority.  If you would like to provide feedback on your case you may contact my manager at nkang at Microsoft dot com

-----Original Message-----
From: Bryan Burgin
Sent: Friday, December 5, 2014 1:04 AM
To: Andrew Bartlett; Obaid Farooqi
Cc: cifs-protocol at samba.org; MSSolve Case Email
Subject: [REG:114120512128317] MS-ADTS 4.1.8.3 missing RevMembGetGroupsForUser as a transitive operation 

[dochelp to bcc]
[+casemail] 

Hi Andrew, 

Thank you for your question.  We created SR 114120512128317 to track this issue.  Obaid will work with you on this and will contact you soon.

Bryan 

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Thursday, December 4, 2014 4:53 PM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: MS-ADTS 4.1.8.3 missing RevMembGetGroupsForUser as a transitive operation 

4.1.8.3 Server Behavior of the IDL_DRSGetMemberships Method 

The pseudo-code has this hunk in it: 

/* Calculate all other cases (where op ≠ GroupMembersInTransitive).*/ transitive := op in {RevMembGetAccountGroups, RevMembGetResourceGroups, RevMembGetUniversalGroups}

However, it does not list RevMembGetGroupsForUser referenced in MS-ADTS
3.1.1.4.5.19 tokenGroups, tokenGroupsNoGCAcceptable, which is clearly a transitive operation, as it says: 

These two computed attributes return the set of SIDs from a transitive group membership expansion operation on a given object.

Can you confirm the docs are incorrect, and that RevMembGetGroupsForUser should be in that list? 

Thanks, 

--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba

More information about the cifs-protocol mailing list