[cifs-protocol] [REG:114112412079949] Is MS-ADTS DL_DRSGetMemberships correct for workstation trust accounts?
vilmosf at microsoft.com
Sun Nov 23 22:27:31 MST 2014
[dochelp to Bcc, SR # to Subject]
Thank you for your question. I created the case SR 114112412079949 to track this issue with the Protocol Documentation support team. An engineer from our team will contact you soon via e-mail to begin working with you.
Vilmos Foltenyi - MSFT
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Sunday, November 23, 2014 20:32
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: Is MS-ADTS DL_DRSGetMemberships correct for workstation trust accounts?
In MS-ADTS 126.96.36.199 Server Behavior of the IDL_DRSGetMemberships Method
It has this in the psudocode:
if((u!userAccountControl & ADS_UF_WORKSTATION_TRUST_ACCOUNT =
(u!userAccountControl & ADS_UF_PARTIAL_SECRETS_ACCOUNT =
wSet := wSet + GetDSNameOfEnterpriseRODCsGroup() endif
I'm curious about the 'or' in the middle of the if statement. Shoudn't it be an 'and', because you only want to put the object in the EnterpriseRODCs Group if it is both a workstation trust account, and a partial secrets account (otherwise, all workstations would be in it).
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the cifs-protocol