[cifs-protocol] [EXTERNAL] Re: [MS-ADTS] SID as DN alternative for querying groups by member - TrackingID#2209290040008412

Jeff McCashland (He/him) jeffm at microsoft.com
Thu Oct 6 17:48:34 UTC 2022 

Hi Christof,

I have a quick question for you. Do you get the same results when you use the hexadecimal representation of the SID, instead of the string representation? 

Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team 
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300

-----Original Message-----
From: Jeff McCashland (He/him) 
Sent: Wednesday, October 5, 2022 9:36 AM
To: Christof Schmitt <cs at samba.org>
Cc: Andrew Bartlett <abartlet at samba.org>; cifs-protocol at lists.samba.org; Microsoft Support <supportmail at microsoft.com>
Subject: RE: [EXTERNAL] Re: [cifs-protocol] [MS-ADTS] SID as DN alternative for querying groups by member - TrackingID#2209290040008412

Hi Christof,

I will analyze the traces and let you know what I find. 

Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada) Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300

-----Original Message-----
From: Christof Schmitt <cs at samba.org>
Sent: Wednesday, October 5, 2022 9:25 AM
To: Jeff McCashland (He/him) <jeffm at microsoft.com>
Cc: Andrew Bartlett <abartlet at samba.org>; cifs-protocol at lists.samba.org; Microsoft Support <supportmail at microsoft.com>
Subject: Re: [EXTERNAL] Re: [cifs-protocol] [MS-ADTS] SID as DN alternative for querying groups by member - TrackingID#2209290040008412

On Tue, Oct 04, 2022 at 09:38:39PM +0000, Jeff McCashland (He/him) wrote:
> Hi Christof,
> 
> Try these 2 steps instead of the previous step 1: 
> 
> 	1. From an elevated command prompt, run "tasklist /FI "IMAGENAME eq lsass.exe" and note the PID number
> 	2. Run the command (using the PID from step 1): "C:\TTD\TTTracer.exe -attach [PID]"
> 
> Best regards,
> Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft 
> Protocol Open Specifications Team

Hi Jeff,

that worked, thank you. Please see the zip file uploaded to the workspace. It shows the three LDAP queries run from the Windows client, the network packet capture and the lsa trace.

Please let me know if anything else would be required.

Thank you,

Christof

More information about the cifs-protocol mailing list