[cifs-protocol] [EXTERNAL] [MS-ADTS] msDS-KeyCredentialLink Validated Write - TrackingID#2506180040000979
Tom Jebo
tomjebo at microsoft.com
Wed Jun 18 04:50:20 UTC 2025
[dochelp to bcc]
[support mail to cc]
Hi Jennifer,
Thanks for your request regarding [MS-ADTS] 3.1.1.5.3.1.1.6 msDS-KeyCredentialLink. One of the Open Specifications team members will respond to assist you. In the meantime, we've created case 2506180040000979 to track this request. Please leave the case number in the subject when communicating with our team about this request.
Best regards,
Tom Jebo
Microsoft Open Specifications Support
-----Original Message-----
From: Jennifer Sutton <jsutton at samba.org>
Sent: Tuesday, June 17, 2025 9:26 PM
To: cifs-protocol at lists.samba.org; Interoperability Documentation Help <dochelp at microsoft.com>
Subject: [EXTERNAL] [MS-ADTS] msDS-KeyCredentialLink Validated Write
Hi dochelp,
I'm looking at the list of constraints for performing a validated write of msDS-KeyCredentialLink ([MS-ADTS] 3.1.1.5.3.1.1.6, 'msDS-KeyCredentialLink').
In my testing, I've found that Windows Server 2025 allows the validated write even if the KEYCREDENTIALLINK_BLOB value does not meet the constraints (specifically the restrictions on KeyUsage, KeySource, CustomKeyInformation, and KeyApproximateLastLogonTimeStamp). Can you confirm whether the specifications [0] match the behaviour of Windows, or if there's something I've missed?
Cheers,
Jennifer (she/her)
[0]
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/f70afbcc-780e-4d91-850c-cfadce5bb15c
More information about the cifs-protocol
mailing list