About Security Descriptor
Matthieu Patou
mat at samba.org
Fri Jun 17 12:46:28 MDT 2011
Hello Nadya,
Following our discussion on SD, I wanted to do one more test, I created
an OU called test in a w2k3r2 DC with a w2k3 forest level.
I created a user inside this OU.
Then I changed the inheritance of this OU, so that it didn't inherit SD
from parent (DC=w2k3r2, DC=home, DC=matws, DC=net).
You can see that both the OU and the user have the SD modified.
I then removed the ACE related Enterprise admin, and one more time both
entries were modified, that's quite logical in fact, but what is
interesting is that the USN of the user hasn't change. In a way that's
logical because the its SD has changed just because the parent SD has
changed.
I just wanted to attract your attention on this point.
Matthieu.
--
Matthieu Patou
Samba Team http://samba.org
Private repo http://git.samba.org/?p=mat/samba.git;a=summary
More information about the samba-technical
mailing list