[cifs-protocol] [EXTERNAL] Re: [MS-ADTS] SID as DN alternative for querying groups by member - TrackingID#2209290040008412
Jeff McCashland (He/him)
jeffm at microsoft.com
Wed Oct 5 16:35:57 UTC 2022
I will analyze the traces and let you know what I find.
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
From: Christof Schmitt <cs at samba.org>
Sent: Wednesday, October 5, 2022 9:25 AM
To: Jeff McCashland (He/him) <jeffm at microsoft.com>
Cc: Andrew Bartlett <abartlet at samba.org>; cifs-protocol at lists.samba.org; Microsoft Support <supportmail at microsoft.com>
Subject: Re: [EXTERNAL] Re: [cifs-protocol] [MS-ADTS] SID as DN alternative for querying groups by member - TrackingID#2209290040008412
On Tue, Oct 04, 2022 at 09:38:39PM +0000, Jeff McCashland (He/him) wrote:
> Hi Christof,
> Try these 2 steps instead of the previous step 1:
> 1. From an elevated command prompt, run "tasklist /FI "IMAGENAME eq lsass.exe" and note the PID number
> 2. Run the command (using the PID from step 1): "C:\TTD\TTTracer.exe -attach [PID]"
> Best regards,
> Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft
> Protocol Open Specifications Team
that worked, thank you. Please see the zip file uploaded to the workspace. It shows the three LDAP queries run from the Windows client, the network packet capture and the lsa trace.
Please let me know if anything else would be required.
More information about the cifs-protocol