114103111975376 [MS-ADTS] 3.1.1.5.3.7.3 Undelete Processing Specifics Clarification

Wed Nov 26 20:38:18 MST 2014

hi Sreekanth,

That definetely answers my question.
Thanks a lot

Regards,
Kamen

On Wed, Nov 26, 2014 at 5:15 PM, Sreekanth Nadendla <srenaden at microsoft.com>
wrote:

>  That seems correct per implementation as of now. Which definitively
> answers your question. Let me know if you have concerns.
>
> What I am working on at the moment is on finding additional information so
> that if there is a different way to do this, I want to inform you that.
>
>
>
>
>
> Regards,
>
> Sreekanth Nadendla
>
> Microsoft Windows Open Specifications
>
>
>
> *From:* kamenim at gmail.com [mailto:kamenim at gmail.com] *On Behalf Of *Kamen
> Mazdrashki
> *Sent:* Wednesday, November 26, 2014 10:11 AM
> *To:* Sreekanth Nadendla
> *Cc:* MSSolve Case Email; samba-technical
>
> *Subject:* Re: 114103111975376 [MS-ADTS] 3.1.1.5.3.7.3 Undelete
> Processing Specifics Clarification
>
>
>
> Hi Sreekanth,
>
>
>
> Thank you for you answer.
>
> Just to confirm my understanding: objectCategory attribute value can not
> be changed by originating update.
>
>
>
> Best regards,
>
> Kamen
>
>
>
> On Wed, Nov 26, 2014 at 2:25 PM, Sreekanth Nadendla <
> srenaden at microsoft.com> wrote:
>
>  Hello Kamen,
>
> Thanks for confirming. When I debugged this at my end, I found that only a
> DRA or DSA is allowed to modify the objectCategory of an instance of a base
> schema class. That is why we are seeing error LDAP_UNWILLING_TO_PERFORM. So
> if “By design” there shouldn’t be a mechanism to achieve this then the
> document should be more clear. Otherwise, it should be addressed by a fix
> in the product. Either way MS-ADTS could be more clear. We should have
> final answer from product team soon.
>
>
>
>
>
> Regards,
>
> Sreekanth Nadendla
>
> Microsoft Windows Open Specifications
>
>
>
> *From:* kamenim at gmail.com [mailto:kamenim at gmail.com] *On Behalf Of *Kamen
> Mazdrashki
> *Sent:* Wednesday, November 26, 2014 12:37 AM
> *To:* Sreekanth Nadendla
> *Cc:* MSSolve Case Email
> *Subject:* Re: 114103111975376 [MS-ADTS] 3.1.1.5.3.7.3 Undelete
> Processing Specifics Clarification
>
>
>
> Hi Sreekanth,
>
>
>
> Please find my comments inline
>
>
>
> On Wed, Nov 26, 2014 at 4:18 AM, Sreekanth Nadendla <
> srenaden at microsoft.com> wrote:
>
>  Hello Kamen,
>
>                The MS-ADTS specification already says "when an object is
> deleted and transformed into a tombstone, objectCategory values,
> sAMAccountType values, and any linked attribute values on it are always
> removed."   So this means restoring to previous value is not an option.
>
>
>
> I’ve reproduced the issue in Win2012 R2, reviewed source code and having
> it verified by product team so that they can update the document to be more
> clear. Specifically you were looking to specify a non-default value for
> objectCategory during undelete/reanimation so that the object gets restored
> with a value of your choice in case you do not want the default value that
> it would be assigned otherwise. Correct ?
>
>
>
>  I wanted to clarify following section regarding special modify operation
> to undelete objects (numbering is from me):
>
> "[1] If the user did not specify the value for objectCategory
> <http://msdn.microsoft.com/en-us/library/cc221011.aspx> attribute, and
> [2] the target object did not have this value retained at the time of
> deletion, [3] then the default objectCategory
> <http://msdn.microsoft.com/en-us/library/cc221011.aspx> attribute is
> written, as obtained from the objectClass's
> <http://msdn.microsoft.com/en-us/library/cc221012.aspx>
> defaultObjectCategory
> <http://msdn.microsoft.com/en-us/library/cc219806.aspx> value"
>
>
>
> [2] and [3] are clear to me -> we don't have objectCategory retained so we
> should restore it to default value.
>
> The way I am reading [1] though implies, that modify requet "may" have
> "objectCategory" attribute set.
>
> In which case, restored object should be restored with the specified
> value. Hence, in a way,
>
> while restoring an object, we can set the objectCategory attribute to
> arbitrary value. This is how I read it.
>
> In practice though Windows return UnwillingToPerform.
>
>
>
> So my ultimate question is: I can OR I can not restore objectCategory
> attribute value to a non-default
>
> value sending Undelete object request?
>
>
>
> Best regards,
>
> Kamen Mazdrashki
>
>
>
>
>
> Regards,
>
> Sreekanth Nadendla
>
> Microsoft Windows Open Specifications
>
>
>
> *From:* Sreekanth Nadendla
> *Sent:* Monday, November 3, 2014 4:43 PM
> *To:* 'Kamen Mazdrashki'
> *Cc:* samba-technical; cifs-protocol at samba.org; MSSolve Case Email
> *Subject:* 114103111975376 [MS-ADTS] 3.1.1.5.3.7.3 Undelete Processing
> Specifics Clarification
>
>
>
> Hello Kamen,
>
> I am the engineer who will be working with you on this issue. I am
> currently researching the problem and will provide you with an update soon.
> Thank you for your patience.
>
>
>
>
>
> Regards,
>
> Sreekanth Nadendla
>
> Microsoft Windows Open Specifications
>
>
>
> *From:* kamenim at gmail.com [mailto:kamenim at gmail.com <kamenim at gmail.com>] *On
> Behalf Of *Kamen Mazdrashki
> *Sent:* Thursday, October 30, 2014 11:08 PM
> *To:* Interoperability Documentation Help; cifs-protocol at samba.org
> *Cc:* samba-technical
> *Subject:* [MS-ADTS] 3.1.1.5.3.7.3 Undelete Processing Specifics
> Clarification
>
>
>
> Dear Dochelp team,
>
>
>
> I am currently working on Tombstone reanimation implementation in Samba
>
> and I am having troubles to understand how objectCategory attribute should
>
> be processed.
>
>
>
> According to http://msdn.microsoft.com/en-us/library/cc223470.aspx
>
> objectCategory attribute should be restored to its default value in case
>
> it is *not* specified by the user. I guess this mean it is not specified in
>
> the special ldap modify request.
>
>
>
> I am testing against Windows Server 2008 R2 with Forest Functional level
> "2008 R2"
>
>    1. when objectCategory is not specified, everything is fine
>    2. when objectCategory is specified though, I am always getting
>    LDAP_UNWILLING_TO_PERFORM error. I have tried both to
>    "reaplace" and "add" this attribute - same result. Please see attached
>    ldif
>
>  My question is: how to specify this attribute so I am able to control
> the value?
>
>
>
> Best Regards,
>
> Kamen Mazdrashki
>
>
>
>
>