[cifs-protocol] [REG:119102421000015] MS-ADTS dirsync and extended-dn interactions

Jeff McCashland jeffm at microsoft.com
Thu Oct 24 00:12:36 UTC 2019

[DocHelp to BCC, support on CC, SR ID on Subject]

Hi Andrew,

Thank you for your Active Directory question. We have created SR 119102421000015 to track this issue. One of our engineers will respond soon to assist. 

Best regards,
Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team 
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
We value your feedback.  My manager is Jeremy Chapman (jeremyc), +1 (469) 775-2475

-----Original Message-----
From: Andrew Bartlett <abartlet at samba.org> 
Sent: Wednesday, October 23, 2019 3:27 PM
To: cifs-protocol at lists.samba.org
Cc: Interoperability Documentation Help <dochelp at microsoft.com>; bjacke at samba.org; Stefan Metzmacher <metze at samba.org>
Subject: MS-ADTS dirsync and extended-dn interactions


Per a call with Edgar and Brian today.

While looking at a Samba fix for our Samba AD DC being contacted by Microsoft Azure, I notied that the interaction that is fixed by this Samba bug isn't clearly documented:


That is, while MS-ATDS specified both of these controls and while LDAP_SERVER_DIRSYNC_OID implies LDAP_SERVER_EXTENDED_DN_OID (not that I coudl find that documented in a brief serch), the inteaction is not ccalled out.

That is, as I understand it from the patch, during dirsync if LDAP_SERVER_EXTENDED_DN_OID is specified explicitly, then the returned data format (0 - the default, or 1) comes from that control.

It would be good if this was made clearer.


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team         https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org&data=02%7C01%7Cjeffm%40microsoft.com%7C5d6695a6f66942728df308d758082ed9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C637074664487507641&sdata=K6%2FRcPF2hG1HyBBO4U%2BzDzxpGEHOcfoXqGhBmUT4bhA%3D&reserved=0
Samba Development and Support, Catalyst IT   

More information about the cifs-protocol mailing list