[cifs-protocol] [REG:118111319335501] Linked attributes in AD claims objects sent as plain DNs

[Edgar Olougouna]

[case number in subject, cc casemail, bcc dochelp] 
Hello Aaron and Garming, 
Thank you for this question. We have created the protocol support case number 118111319335501 for this inquiry. One of our engineers will investigate and follow-up soon.

Regards,
Edgar

-----Original Message-----
From: Aaron Haslett <aaronhaslett at catalyst.net.nz> 
Sent: Monday, November 12, 2018 9:28 PM
To: Interoperability Documentation Help <dochelp at microsoft.com>
Cc: cifs-protocol at lists.samba.org
Subject: Linked attributes in AD claims objects sent as plain DNs

Hi,

In Windows 2012R2 active directory, objects related to claims in the configuration partition such as:

CN=Global Resource Property List,CN=Resource Property Lists,CN=Claims Configuration,CN=Services,CN=Configuration,DC=X

When sent over DRS replication, attributes such as "msDS-MembersOfResourcePropertyList" which are defined as linked attributes in the schema (linkID non-zero), should be returned in the "rgValues" field in the DRS_MSG_GETCHGREPLY_V6 defined in MS-DRSR:4.1.10.2.12, but are instead returned as normal object attributes in field "pObjects".

Samba relies on receiving linked attributes in the specified format, and our code's assumptions are broken by current Windows behaviour. We want to know:

1. Are these objects a special case during provision of a domain controller? Do further modifications change the format Windows returns, and are these changes persistent?

2. Are these objects a special case generally, throughout Active Directory functionality, and therefore need special handling?

3. If these require special handling, is the required behaviour documented somewhere? The behaviour has some similarity to Windows 2000-level linked attributes, but these objects were introduced in
2012R2 specifically.

Thanks,

Aaron H and Garming S