[cifs-protocol] [EXTERNAL] Re: MS-ADTS: DC handling of modification to msDS-AdditionalDnsHostName [120061624003212]

Fri Jul 10 19:03:01 UTC 2020

Hi Isaac:
No. The shortname is also part of the bug. So e.g. if the domain is wef2.local and name is forwarder the attribute should have the value altfwd.wef2.local after you execute the following command:

Netdom computername forwarder /add:altfwd.wef2.local

Regards,
Obaid Farooqi
Escalatiion Engineer | Microsoft

-----Original Message-----
From: Isaac Boukris <iboukris at gmail.com> 
Sent: Friday, July 10, 2020 4:02 AM
To: Obaid Farooqi <obaidf at microsoft.com>
Cc: Stefan Metzmacher <metze at samba.org>; Andreas Schneider <asn at samba.org>; cifs-protocol at lists.samba.org; support <support at mail.support.microsoft.com>
Subject: Re: [EXTERNAL] Re: MS-ADTS: DC handling of modification to msDS-AdditionalDnsHostName [120061624003212]

Hi Obaid,

Thanks for getting back to me on this;  I presume only the binary suffix is a bug, but adding a shortname implicitly is expected. It would be nice if that could be documented as well.

Regards,
Isaac

On Fri, Jul 10, 2020 at 10:55 AM Obaid Farooqi <obaidf at microsoft.com> wrote:
>
> Hi Isaac:
> This is a known bug and is fixed in the upcoming release of Windows.
> I have filed a bug to document this behavior in MS-ADTS.
>
> Please let me know if it does not answer your question.
>
> Regards,
> Obaid Farooqi
> Escalatiion Engineer | Microsoft
>
> -----Original Message-----
> From: Isaac Boukris <iboukris at gmail.com>
> Sent: Monday, June 22, 2020 1:47 PM
> To: Obaid Farooqi <obaidf at microsoft.com>
> Cc: Stefan Metzmacher <metze at samba.org>; Andreas Schneider 
> <asn at samba.org>; cifs-protocol at lists.samba.org; support 
> <support at mail.support.microsoft.com>
> Subject: [EXTERNAL] Re: MS-ADTS: DC handling of modification to 
> msDS-AdditionalDnsHostName [120061624003212]
>
> Hi Obaid:
>
> The simplest is to add an attribute via ADSI interface, save and refresh.
>
> Or perhaps more appropriate:
> netdom computername cname /add:x.y.z
>
> And then check the values of msDS-AdditionalDnsHostName.
>
> Thanks
>
> On Mon, Jun 22, 2020 at 8:28 PM Obaid Farooqi <obaidf at microsoft.com> wrote:
> >
> > Hi Isaac:
> > Is there an easy wasy to reproduce this? It appears that joing a computer to a domain will trigger this but I am not sure if the creation of a computer object always results in creation of this attribute.
> >
> > Regards,
> > Obaid Farooqi
> > Escalatiion Engineer | Microsoft
> >
> > -----Original Message-----
> > From: Obaid Farooqi
> > Sent: Tuesday, June 16, 2020 11:10 AM
> > To: Isaac Boukris <iboukris at gmail.com>; Stefan Metzmacher 
> > <metze at samba.org>; Andreas Schneider <asn at samba.org>; 
> > cifs-protocol at lists.samba.org
> > Cc: support <support at mail.support.microsoft.com>
> > Subject: RE: MS-ADTS: DC handling of modification to 
> > msDS-AdditionalDnsHostName [120061624003212]
> >
> > Hi Isaac:
> > Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications team will be in touch soon.
> >
> > Regards,
> > Obaid Farooqi
> > Escalatiion Engineer | Microsoft
> >
> > -----Original Message-----
> > From: Isaac Boukris <iboukris at gmail.com>
> > Sent: Tuesday, June 16, 2020 5:45 AM
> > To: Interoperability Documentation Help <dochelp at microsoft.com>; 
> > Stefan Metzmacher <metze at samba.org>; Andreas Schneider 
> > <asn at samba.org>; cifs-protocol at lists.samba.org
> > Subject: [EXTERNAL] MS-ADTS: DC handling of modification to 
> > msDS-AdditionalDnsHostName
> >
> > Hello dochelp,
> >
> > I noticed that each time an msDS-AdditionalDnsHostName attribute is added to a computer object (netdom/adsi/ldapmodify), Windows DC also adds another short entry (up to the first dot if any) with a binary '\0$' suffix.
> > This causes ldap_get_values() to fail parsing it as a string, and
> > ldap_get_values_len() needs to be used instead.
> >
> > Looking in the docs I couldn't find any mention for this handling, and wonder if the '\0$' is in purpose or a bug, and how it should be handled by implementations.
> >
> > Thank you