[cifs-protocol] Is MS-ADTS DL_DRSGetMemberships correct for workstation trust accounts?
abartlet at samba.org
Sun Nov 23 21:32:13 MST 2014
In MS-ADTS 22.214.171.124 Server Behavior of the IDL_DRSGetMemberships Method
It has this in the psudocode:
if((u!userAccountControl & ADS_UF_WORKSTATION_TRUST_ACCOUNT =
(u!userAccountControl & ADS_UF_PARTIAL_SECRETS_ACCOUNT =
wSet := wSet + GetDSNameOfEnterpriseRODCsGroup()
I'm curious about the 'or' in the middle of the if statement. Shoudn't
it be an 'and', because you only want to put the object in the
EnterpriseRODCs Group if it is both a workstation trust account, and a
partial secrets account (otherwise, all workstations would be in it).
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the cifs-protocol