[cifs-protocol] [EXTERNAL] Local Administrator Password Solution (new and legacy) - TrackingID#2305110040008264
Andrew Bartlett
abartlet at samba.org
Wed May 24 21:45:01 UTC 2023
Thanks. That is useful.
Are you still looking into the new 2016 requirements part of the
question?
Thanks,
Andrew Bartlett
On Fri, 2023-05-12 at 23:05 +0000, Jeff McCashland (He/him) via cifs-
protocol wrote:
> Hi Andrew,
>
>
>
>
>
> [MS-ADA2] has just been republished with updates related to the new
> Windows LAPS. Please review the new information and see if
> it answers some of your questions.
>
>
>
>
>
> [MS-ADA2]:
> Active Directory Schema Attributes M | Microsoft Learn
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [MS-ADA2]: Active Directory Schema Attributes M
>
> Specifies the Active Directory Schema Attributes M, which contains a
> partial list of the objects that exist in the Active Directory schema
>
> learn.microsoft.com
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Best regards,
>
> Jeff McCashland (He/him) |
> Senior Escalation Engineer | Microsoft Protocol
> Open Specifications Team
>
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-
> 08:00) Pacific Time (US and Canada)
>
> Local country phone number found here:
> http://support.microsoft.com/globalenglish |
> Extension 1138300
>
>
>
>
>
>
>
>
>
>
> From: Jeff McCashland (He/him) <jeffm at microsoft.com>
>
> Sent: Thursday, May 11, 2023 9:58 AM
>
> To: Andrew Bartlett <abartlet at samba.org>
>
> Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org>;
> Microsoft Support <supportmail at microsoft.com>
>
> Subject: Re: [EXTERNAL] Local Administrator Password Solution (new
> and legacy) - TrackingID#2305110040008264
>
>
>
>
> <!--
> p
> {margin-top:0;
> margin-bottom:0}
> -->
>
>
> [DocHelp to BCC, support on CC, SR ID on Subject]
>
>
>
>
>
> Hi Andrew,
>
>
>
>
>
> Thank you for your questions. We have created SR 2305110040008264 to
> track this issue. One of our engineers
> will respond soon.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Best regards,
>
> Jeff McCashland (He/him) |
> Senior Escalation Engineer | Microsoft Protocol
> Open Specifications Team
>
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-
> 08:00) Pacific Time (US and Canada)
>
> Local country phone number found here:
> http://support.microsoft.com/globalenglish |
> Extension 1138300
>
>
>
>
>
>
>
>
>
>
> From: Andrew Bartlett <abartlet at samba.org>
>
> Sent: Wednesday, May 10, 2023 10:41 PM
>
> To: Interoperability Documentation Help <dochelp at microsoft.com>
>
> Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org>
>
> Subject: [EXTERNAL] Local Administrator Password Solution (new and
> legacy)
>
>
>
>
> Kia Ora DocHelp,
>
>
>
> (again) Per my phone call with Obaid and Tom last week.
>
>
>
> We were talking about LAPS, the Local Administrator Password
> Solution.
>
>
>
> I have two questions, firstly on getting the schema for LAPS and LAPS
>
> legacy:
>
>
>
> Is the schema added by Update-LapsADSchema published anywhere,
> ideally
>
> under same licence as
>
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fwindowsserverdocs&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=HGoaYn6NbEC2pO4Gxnr%2BiqDHRkkPCA9CJmMf8AA8B20%3D&reserved=0
> ?
>
>
>
> Likewise, it would be helpful to still support legacy LAPS in Samba.
>
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D46899&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EUtO8w8QJcuCu1JfGAotqz4nh938ppmvl1laVpbMm1k%3D&reserved=0
>
>
>
> This link below shows the schema in another user's repo (not Samba).
>
>
>
> Would it be possible to get or be pointed at a public and licensed
> copy
>
> of this schema so Samba can support this 'out of the box'?
>
>
>
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Foz9un%2FLAPS-for-SAMBA%2Fblob%2Fmaster%2Fscripts%2Flaps-install&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=jqSSZnYv1uTR3yIoHCKOS%2Bwej%2BL3qwdl6VQNdIeyqzk%3D&reserved=0
>
>
>
> Secondly, there are requirements on Windows 2016 for new LAPS:
>
>
>
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Flaps%2Flaps-scenarios-windows-server-active-directory&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=N%2FAdAeYW9T%2B%2B75B49fPzYiysF6%2BfpqPPdavNGLh5UmI%3D&reserved=0
> mentions requirements on Windows server 2016.
>
>
>
>
>
> Can you clarify which protocol behaviours are needed for this, so I
> can
>
> investigate this, as nothing like this is mentioned at
>
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fwhats-new-active-directory-domain-services%3Fsource%3Drecommendations&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CKB7xpad%2Bwdo7pPRrXXO4U4mmSH0V46rXOdt2jPfaLE%3D&reserved=0
>
> and
>
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fad-ds%2Factive-directory-functional-levels&data=05%7C01%7Cjeffm%40microsoft.com%7C884535e06331450deb2b08db51e25f98%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638193805005804214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=67N14qhDnsZ%2Bpqpdfw6xLhZcClRuQQ30jugrOqHBu9Y%3D&reserved=0
>
> (I realise Windows is a big product and these are not meant to be
>
> comprehensive).
>
>
>
>
>
> Thanks,
>
>
>
> Andrew Bartlett
>
>
>
>
>
> _______________________________________________cifs-protocol mailing
> listcifs-protocol at lists.samba.org
> https://lists.samba.org/mailman/listinfo/cifs-protocol
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead https://catalyst.net.nz/services/samba
Catalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20230525/b57d8f83/attachment.htm>
More information about the cifs-protocol
mailing list