[cifs-protocol] [REG:114112412079949] Is MS-ADTS DL_DRSGetMemberships correct for workstation trust accounts?
obaidf at microsoft.com
Tue Nov 25 22:10:56 MST 2014
I'll help you with this issue and would be in touch as soon as I have an answer.
Escalation Engineer | Microsoft
Exceeding your expectations is my highest priority. If you would like to provide feedback on your case you may contact my manager at nkang at Microsoft dot com
From: "Vilmos Foltenyi" <vilmosf at microsoft.com>
Sent: Sunday, November 23, 2014 11:28 PM
To: "Andrew Bartlett" <abartlet at samba.org>
Cc: "cifs-protocol at samba.org" <cifs-protocol at samba.org>; "MSSolve Case Email" <casemail at microsoft.com>
Subject: [REG:114112412079949] Is MS-ADTS DL_DRSGetMemberships correct for workstation trust accounts?
[dochelp to Bcc, SR # to Subject]
Thank you for your question. I created the case SR 114112412079949 to track this issue with the Protocol Documentation support team. An engineer from our team will contact you soon via e-mail to begin working with you.
Vilmos Foltenyi - MSFT
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Sunday, November 23, 2014 20:32
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: Is MS-ADTS DL_DRSGetMemberships correct for workstation trust accounts?
In MS-ADTS 188.8.131.52 Server Behavior of the IDL_DRSGetMemberships Method
It has this in the psudocode:
if((u!userAccountControl & ADS_UF_WORKSTATION_TRUST_ACCOUNT =
(u!userAccountControl & ADS_UF_PARTIAL_SECRETS_ACCOUNT =
wSet := wSet + GetDSNameOfEnterpriseRODCsGroup() endif
I'm curious about the 'or' in the middle of the if statement. Shoudn't it be an 'and', because you only want to put the object in the EnterpriseRODCs Group if it is both a workstation trust account, and a partial secrets account (otherwise, all workstations would be in it).
Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the cifs-protocol