modification of userAccountControl according to MS-SAMR 3.1.1.8.1.

Anatoliy Atanasov anatoliy.atanasov at postpath.com
Wed Jan 12 14:42:38 MST 2011


Hi Matthias,

Kamen and I stumbled upon a code that modifies the userAccountControl attribute of a user object, when it shouldn't.
We noticed that when you add a user with userAccountControl 66080 it ends up with 66082, which means that the account is disabled.

The code modifies the userAccountControl of a user that is being added to the database and the documentation regarding the change of that attribute states:
"If the value of the userAccountControl attribute _in_the_database_ contains a bit that is specified in the following table, the userAccountControl attribute MUST be updated with the corresponding bit(s) using a bitwise OR."

The add operation is still an originating update, but in this case the attribute isn't in the database and shouldn't be modified.

Do you agree to change it?

Regards, Anatoliy


More information about the samba-technical mailing list