[PATCH] s4-drs: Set default RODC filtered attribute set

Fernando J V da Silva fernandojvsilva at yahoo.com.br
Wed Feb 24 07:53:44 MST 2010 

Hi!

I see on W2K8 that the schema attributes related to the set of RODC
filtered ones are created by default either on RODCs or not. The
searchflags also seems to be the same for those schema attributes in
both.

But somehow, on W2K8, the schema attributes, whose I set the
searchflags manually on the schema definition file, don't have the
correct searchflags to be RODC filtered attributes, even when MS
documentation says that they are RODC filtered
(http://technet.microsoft.com/en-us/library/cc753223(WS.10).aspx).

As the schema attributes mentioned above doesn't have the correct
flags even on W2K8 to be part of RODC filtered set, should we set it
even this way?

As the other RODC filtered schema attributes already have their
correct searchflags defined on our schema definition file, and as it
is expected that we get the correct attributes from another DC when we
are joining, I suppose we don't have to set the searchflags for these
RODC filtered attributes during joining as RODC, do we?

Cheers,


-- 
Fernando J V da Silva
M Sc Computer Science Student
Institute of Computing, State University of Campinas
+55 15 8801-2165



2010/2/19 Matthias Dieter Wallnöfer <mdw at samba.org>:
> Hi Fernando,
>
> Fernando J V da Silva wrote:
>>
>> Hi!
>>
>> This small patch sets the correct bits on searchflags to make some
>> attributes part of the RODC filtered attribute set (I do it on
>> MS-AD_Schema_2K8_R2_Attributes.txt and
>> MS-AD_Schema_2K8_R2_Classes.txt, so it is set during provision.
>> Please, let me know if any of you think it isn't nice ...). This patch
>> is also available at my repository in repo.or.cz, at rodc branch.
>>
>
> just a small comment of mine: When you patch the "2K8_R2" schema then you
> should patch the "2K8" schema as well which we also provide in the
> "ad-schema" subdirectory. RODCs exist since Windows 2008 and therefore all
> changes regarding them have to be patched on both schemas (just to be
> consistent).
> Regarding the change: I hope tridge or someone more familiar with this topic
> comments.
>
> Matthias
>

More information about the samba-technical mailing list