[cifs-protocol] [EXTERNAL] Re: [MS-ADTS] SID as DN alternative for querying groups by member - TrackingID#2209290040008412

Christof Schmitt cs at samba.org
Tue Oct 4 21:11:33 UTC 2022

On Fri, Sep 30, 2022 at 10:48:35PM +0000, Jeff McCashland (He/him) wrote:
> Hello Cristof,
> Have you tried issuing the LDAP commands from a Windows client as well as a Samba client? If so, what tool/command line did you use, and what were the results? 
> I would like to collect an LSASS TTT trace with a concurrent network capture of the scenario where no results are returned. 
> The LSASS traces can be quite large, but are highly compressible, so please add them to a .zip archive before uploading (file transfer workspace credentials are below). Please log into the workspace and find PartnerTTDRecorder_x86_x64.zip available for download. The x64 tool can be staged onto the Windows server in any location (instructions below assume C:\TTD). 
> To collect the needed traces:
> 	1. From a PowerShell prompt, execute: 
> 		C:\TTD\tttracer.exe -Attach ([int](Get-Process -NAME lsass | Format-Wide -Property ID).formatEntryInfo.formatPropertyField.propertyValue)
> 	2. Wait for a little window to pop up in top left corner of your screen, titled "lsass01.run"

When trying to run these traces on the DC, this window does
not appear. The Powershell window just shows:

PS C:\Users\Administrator> tttrace.exe -Attach 572
Microsoft (R) TTTrace 1.01.03
Release: 10.0.17763.1
Copyright (C) Microsoft Corporation. All rights reserved.

Is there anything that can be done?



More information about the cifs-protocol mailing list