[prev in list] [next in list] [prev in thread] [next in thread]
List: cifs-protocol
Subject: Re: [cifs-protocol] Status: SRX091216600027 [MS-ADTS] 3.1.1.2.3
From: Bill Wesse <billwe () microsoft ! com>
Date: 2010-03-10 11:03:21
Message-ID: 38B58112393ABF47AA9F6B99206881E1354866A3 () TK5EX14MBXC133 ! redmond ! corp ! microsoft ! com
[Download RAW message or body]
[Attachment #2 (text/plain)]
No problem â glad to have been of help!
Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
Email: billwe@microsoft.com<mailto:billwe@microsoft.com>
Tel: +1(980) 776-8200
Cell: +1(704) 661-5438
Fax: +1(704) 665-9606
From: Kamen Mazdrashki [mailto:kamen.mazdrashki@postpath.com]
Sent: Tuesday, March 09, 2010 11:47 AM
To: Bill Wesse
Cc: pfif@tridgell.net; abartlet@samba.org; cifs-protocol@samba.org
Subject: RE: Status: SRX091216600027 [MS-ADTS] 3.1.1.2.3 msDS-IntId not always \
present
Hi Bill,
Sorry, I thought I've already answered to this e-mail (I am not, as turns out).
Yes, I think this answers my questions.
Thanks!
--
CU,
Kamen Mazdrashki
kamen.mazdrashki@postpath.com
http://repo.or.cz/w/Samba/kamenim.git
-------------------------------------
CISCO SYSTEMS BULGARIA EOOD
http://www.cisco.com/global/BG/
From: Bill Wesse [mailto:billwe@microsoft.com]
Sent: Tuesday, March 09, 2010 6:36 PM
To: Kamen Mazdrashki
Cc: pfif@tridgell.net; abartlet@samba.org; cifs-protocol@samba.org
Subject: RE: Status: SRX091216600027 [MS-ADTS] 3.1.1.2.3 msDS-IntId not always \
present
Good day Kamen â I am resending the below, as I have not heard back from you
From: Bill Wesse
Sent: Friday, February 05, 2010 10:58 AM
To: 'Kamen Mazdrashki'
Cc: pfif@tridgell.net; abartlet@samba.org; cifs-protocol@samba.org
Subject: RE: Status: SRX091216600027 [MS-ADTS] 3.1.1.2.3 msDS-IntId not always \
present
Good morning! Thanks for your patience.
Our documentation developers have responded to the questions you raised. I have \
provided your original questions and the responses below. Please let me know if the \
below answers your questions satisfactorily; if so, I will consider your question \
resolved.
=============================================================================
Question:
According to [MS-ADTS] section 3.1.1.2.3 Attributes \
<http://msdn.microsoft.com/en-us/library/cc223202(PROT.13).aspx>, msDS-IntId is:
"Present on attributeSchema \
<http://msdn.microsoft.com/en-us/library/cc221662(PROT.13).aspx> objects added when \
forest functional level is DS_BEHAVIOR_WIN2003 or greater with \
FLAG_SCHEMA_BASE_OBJECT not present in systemFlags \
<http://msdn.microsoft.com/en-us/library/cc220919(PROT.13).aspx>".
However, when running the test against w2k8 there are lot of attributes that does not \
obey this rule. Please see attached file "w2k8_msDS-IntId.txt".
At first I thought that those attributes have attributeIDs that can be \
encoded/decoded using âdefault prefixMap'. After examining the list though, it \
turns out this is not the case for majority of those attributes. Please see attached \
file "not_in_default_prefixMap.txt" for a list of those attributes.
Perhaps I am misunderstanding the documentation?
I need a âsteady' rule when to create âmsDS-IntId' value for an attribute in the \
schema. Is there any other rule to be applied?
Response:
As stated in '[MS-ADTS] section 3.1.1.2.3 Attributes', the msDS-IntId attribute is \
only present on attributeSchema objects ADDED, if the forest functional level is \
DS_BEHAVIOR_WIN2003 or higher.
There are several attributes in the default AD schema that are created at setup time \
before the AD environment is in an operating state and are not subject to this rule.
However, attributeSchema objects added after the forest functional level is \
DS_BEHAVIOR_WIN2003 or higher will have this attribute present when conditions are \
met (FLAG_SCHEMA_BASE_OBJECT not present in systemFlags). Also note that not all \
classes and attributes included in the base schema are marked with \
FLAG_SCHEMA_BASE_OBJECT.
=============================================================================
Question:
Btw, one interesting observation during my tests â adding âmsDS-IntId' on \
classSchema object passes nicely during object creation. After that, trying to modify \
this attribute value leads to "CONSTRAINT_VIOLATION". And I am wondering â what is \
the meaning of âmsDS-IntId' when used in a classSchema object
Response:
Essentially, 'msDS-IntId', when used on a classSchema object, means that a client \
cannot modify the objectCategory of an instance of a base schema class (the DSA can \
do this on its own behalf only).
=============================================================================
Reference:
[MS-ADTS] section 3.1.1.2.3 Attributes
http://msdn.microsoft.com/en-us/library/cc223202(PROT.13).aspx
msDS-IntId
Not specified on Add (if specified in the Add request, the DC returns LDAP error \
unwillingToPerform); the value (a 32-bit unsigned integer in the subrange \
[0x80000000..0xBFFFFFFF]) is generated by the DC. Present on attributeSchema objects \
added when forest functional level is DS_BEHAVIOR_WIN2003 or greater with \
FLAG_SCHEMA_BASE_OBJECT not present in systemFlags (below). The value of msDS-IntId \
is the ATTRTYP of this attributeSchema object. Unique among all values of this \
attribute on objects in the schema NC, regardless of forest functional level. \
System-only.
Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
Email: billwe@microsoft.com<mailto:billwe@microsoft.com>
Tel: +1(980) 776-8200
Cell: +1(704) 661-5438
Fax: +1(704) 665-9606
From: Kamen Mazdrashki [mailto:kamen.mazdrashki@postpath.com]
Sent: Thursday, January 14, 2010 9:49 AM
To: Bill Wesse
Cc: pfif@tridgell.net; abartlet@samba.org; cifs-protocol@samba.org
Subject: RE: Status: SRX091216600027 [MS-ADTS] 3.1.1.2.3 msDS-IntId not always \
present
Thanks for the update.
CU,
Kamen Mazdrashki
kamen.mazdrashki@postpath.com
http://repo.or.cz/w/Samba/kamenim.git
-------------------------------------
CISCO SYSTEMS BULGARIA EOOD
http://www.cisco.com/global/BG/
From: Bill Wesse [mailto:billwe@microsoft.com]
Sent: Thursday, January 14, 2010 4:24 PM
To: Kamen Mazdrashki
Cc: pfif@tridgell.net; abartlet@samba.org; cifs-protocol@samba.org
Subject: Status: SRX091216600027 [MS-ADTS] 3.1.1.2.3 msDS-IntId not always present
Good morning once again Kamen! Here is what's up with the TDIâ¦
Your comment:
Btw, one interesting observation during my tests â adding âmsDS-IntId' on \
classSchema object passes nicely during object creation. After that, trying to modify \
this attribute value leads to "CONSTRAINT_VIOLATION". And I am wondering â what is \
the meaning of âmsDS-IntId' when used in a classSchema object
Response:
Essentially, this means that a client cannot modify the objectCategory of an instance \
of a base schema class (the DSA can do this on its own behalf only).
On another note:
[MS-ADTS] 3.1.1.2.3 Attributes \
(http://msdn.microsoft.com/en-us/library/cc223202(PROT.13).aspx) says the DC returns \
LDAP error unwillingToPerform on any attempt to specify msDS-IntId on an Add \
operation.
I have alerted those concerned with the TDI to this; the response to your main \
question (â¦a âsteady' rule when to create âmsDS-IntId' value for an attribute \
in the schema) is still pending.
Thanks for your patience.
Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
Email: billwe@microsoft.com<mailto:billwe@microsoft.com>
Tel: +1(980) 776-8200
Cell: +1(704) 661-5438
Fax: +1(704) 665-9606
From: Bill Wesse
Sent: Thursday, December 31, 2009 8:41 AM
To: 'Kamen Mazdrashki'
Cc: 'pfif@tridgell.net'; 'abartlet@samba.org'; 'cifs-protocol@samba.org'
Subject: RE: Status: SRX091216600027 [MS-ADTS] 3.1.1.2.3 msDS-IntId not always \
present
Good morning Kamen â I neglected to advise you I filed a Technical Documentation \
Issue (TDI) concerning the msDS-IntId attribute. This is still under investigation by \
our document developers, and I will advise you as soon as some results are \
forthcoming.
Thanks for your patience!
Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL: +1(980) 776-8200
CELL: +1(704) 661-5438
FAX: +1(704) 665-9606
From: Bill Wesse
Sent: Wednesday, December 16, 2009 9:52 AM
To: 'Kamen Mazdrashki'
Cc: pfif@tridgell.net; abartlet@samba.org; cifs-protocol@samba.org
Subject: RE: Status: SRX091216600027 [MS-ADTS] 3.1.1.2.3 msDS-IntId not always \
present (SRX091020600112 [MS-DRSR] section 5.12.2 - prefixMap implementation)
Thanks for the update Kamen â I have created the following case to track our work. \
Unless you think otherwise, I will archive the old case (SRX091020600112 [MS-DRSR] \
section 5.12.2 - prefixMap implementation)).
SRX091216600027 [MS-ADTS] 3.1.1.2.3 msDS-IntId not always present
I expect to be able to begin work later today â or by tomorrow morning at the \
latest.
Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL: +1(980) 776-8200
CELL: +1(704) 661-5438
FAX: +1(704) 665-9606
From: Kamen Mazdrashki [mailto:kamen.mazdrashki@postpath.com]
Sent: Tuesday, December 15, 2009 9:08 PM
To: Bill Wesse
Cc: pfif@tridgell.net; abartlet@samba.org; cifs-protocol@samba.org
Subject: RE: Status: SRX091020600112 [MS-DRSR] section 5.12.2 - prefixMap \
implementation
Hi Bill,
Finally I have a "msDS-IntId" attribute.
You can find the test in "source4/lib/ldb/tests/python/ldap_schema.py" python script.
You can execute the script from âsource4' directory as follows:
lib/ldb/tests/python/ldap_schema.py -UAdministrator%password w2k8
This test is only in my branch thus you can download it from (sorry for the \
inconvenience): http://repo.or.cz/w/Samba/kamenim.git/snapshot/1de38d8251c6df7fb23d68033f57c1f8f53bcded.tar.gz
According to MS-ADTS \
http://msdn.microsoft.com/en-us/library/cc223202%28PROT.13%29.aspx, msDS-IntId is \
"Present on attributeSchema<http://msdn.microsoft.com/en-us/library/cc221662%28PROT.13%29.aspx> \
objects added when forest functional level is DS_BEHAVIOR_WIN2003 or greater with \
FLAG_SCHEMA_BASE_OBJECT not present in \
systemFlags<http://msdn.microsoft.com/en-us/library/cc220919%28PROT.13%29.aspx>". \
However, when running the test against w2k8 there are lot of attributes that does not \
obey this rule. Please see attached file "w2k8_msDS-IntId.txt".
At first I thought that those attributes has attributeIDs that can be encoded/decoded \
using âdefault prefixMap'. After examining the list though, it turns out this is \
not the case for majority of those attributes. Please see attached file \
"not_in_default_prefixMap.txt" for a list of those attributes.
Perhaps I am misunderstanding the documentation?
I need a âsteady' rule when to create âmsDS-IntId' value for an attribute in the \
schema. Is there any other rule to be applied?
I need to note here that those attributes comes from w2k8 default provisioning.
Any newly added attributes strictly obey the abovementioned rule (I found no way
to add an attribute with FLAG_SCHEMA_BASE_OBJECT flag set though).
CU,
Kamen Mazdrashki
kamen.mazdrashki@postpath.com
http://repo.or.cz/w/Samba/kamenim.git
-------------------------------------
CISCO SYSTEMS BULGARIA EOOD
http://www.cisco.com/global/BG/
From: Bill Wesse [mailto:billwe@microsoft.com]
Sent: Tuesday, December 01, 2009 3:58 PM
To: Kamen Mazdrashki
Cc: pfif@tridgell.net; cifs-protocol@samba.org
Subject: RE: Status: SRX091020600112 [MS-DRSR] section 5.12.2 - prefixMap \
implementation
Thank you â I am quite unhappy with myself for not seeing this also.
I will certainly keep the issue open!
Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL: +1(980) 776-8200
CELL: +1(704) 661-5438
FAX: +1(704) 665-9606
From: Kamen Mazdrashki [mailto:kamen.mazdrashki@postpath.com]
Sent: Monday, November 30, 2009 4:13 PM
To: Bill Wesse
Cc: pfif@tridgell.net; cifs-protocol@samba.org
Subject: RE: Status: SRX091020600112 [MS-DRSR] section 5.12.2 - prefixMap \
implementation
Hi Bill,
Good news â Metze resolved the issue with "not recognized ATTIDs".
It was in front of me all the time I can't believe I've missed that (as it turns out, \
reading mattersâº): \
http://msdn.microsoft.com/en-us/library/cc223224%28PROT.13%29.aspx
Could you please leave the issue open for as long as I make a test to verify, that \
rules for msDS-IntId described on the following page holds true?
http://msdn.microsoft.com/en-us/library/cc223202%28PROT.13%29.aspx
I just need to be sure, that if FLAG_SCHEMA_BASE_OBJECT is not set, then Windows uses \
msDS-IntId.
BR,
Kamen Mazdrashki
kamen.mazdrashki@postpath.com
http://repo.or.cz/w/Samba/kamenim.git
-------------------------------------
CISCO SYSTEMS BULGARIA EOOD
http://www.cisco.com/global/BG/
[Attachment #3 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:x="urn:schemas-microsoft-com:office:excel" \
xmlns:p="urn:schemas-microsoft-com:office:powerpoint" \
xmlns:a="urn:schemas-microsoft-com:office:access" \
xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" \
xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" \
xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" \
xmlns:b="urn:schemas-microsoft-com:office:publisher" \
xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" \
xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" \
xmlns:odc="urn:schemas-microsoft-com:office:odc" \
xmlns:oa="urn:schemas-microsoft-com:office:activation" \
xmlns:html="http://www.w3.org/TR/REC-html40" \
xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" \
xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" \
xmlns:Repl="http://schemas.microsoft.com/repl/" \
xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" \
xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" \
xmlns:ppda="http://www.passport.com/NameSpace.xsd" \
xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" \
xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" \
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" \
xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" \
xmlns:udc="http://schemas.microsoft.com/data/udc" \
xmlns:xsd="http://www.w3.org/2001/XMLSchema" \
xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" \
xmlns:ec="http://www.w3.org/2001/04/xmlenc#" \
xmlns:sp="http://schemas.microsoft.com/sharepoint/" \
xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" \
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" \
xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" \
xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" \
xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" \
xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" \
xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" \
xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" \
xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" \
xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" \
xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" \
xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" \
xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" \
xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" \
xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" \
xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" \
xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:Consolas;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle25
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle26
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle27
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle28
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle29
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle30
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle31
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle32
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle33
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.htmlval1
{mso-style-name:html_val1;
color:blue;}
span.EmailStyle35
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle36
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle37
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle38
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle39
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle40
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle41
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle42
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle43
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle44
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle45
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle46
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle47
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle48
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle49
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle50
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle51
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle52
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle53
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle54
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle55
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle56
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle57
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle58
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle59
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 92.4pt 1.0in 92.4pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='color:#1F497D'>No problem – glad to have been
of help!<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Regards,</span></b><span style='color:navy'><br>
</span><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Bill Wesse</span></b><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL
TEAM</span><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>8055 Microsoft Way</span><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Charlotte, NC 28273</span><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'>Email: <a href="mailto:billwe@microsoft.com"><span
style='color:blue'>billwe@microsoft.com</span></a></span><span
style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Tel:</span><span \
style='font-size:10.0pt;font-family:"Arial","sans-serif"; color:#1F497D'> \
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif"; \
color:black'>+1(980) 776-8200<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Cell:</span><span \
style='font-size:10.0pt;font-family:"Arial","sans-serif"; color:#1F497D'> \
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif"; \
color:black'>+1(704) 661-5438</span><span style='font-family:"Arial","sans-serif"; \
color:navy'><br> </span><span \
style='font-size:10.0pt;font-family:"Arial","sans-serif"; \
color:black'>Fax:</span><span \
style='font-size:10.0pt;font-family:"Arial","sans-serif"; color:#1F497D'> \
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif"; \
color:black'>+1(704) 665-9606<o:p></o:p></span></p>
</div>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Kamen Mazdrashki \
[mailto:kamen.mazdrashki@postpath.com] <br> <b>Sent:</b> Tuesday, March 09, 2010 \
11:47 AM<br> <b>To:</b> Bill Wesse<br>
<b>Cc:</b> pfif@tridgell.net; abartlet@samba.org; cifs-protocol@samba.org<br>
<b>Subject:</b> RE: Status: SRX091216600027 [MS-ADTS] 3.1.1.2.3 msDS-IntId not
always present<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='color:#1F497D'>Hi Bill,<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Sorry, I thought I’ve already
answered to this e-mail (I am not, as turns out).<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Yes, I think this answers my
questions.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Thanks!<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><span \
style='font-family:"Arial","sans-serif";color:black'>-- <br> CU,<br>
Kamen Mazdrashki<br>
kamen.mazdrashki@postpath.com<br>
http://repo.or.cz/w/Samba/kamenim.git<br>
-------------------------------------<br>
CISCO SYSTEMS BULGARIA EOOD<br>
http://www.cisco.com/global/BG/</span><span \
style='color:#1F497D'><o:p></o:p></span></p>
</div>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Bill Wesse \
[mailto:billwe@microsoft.com] <br> <b>Sent:</b> Tuesday, March 09, 2010 6:36 PM<br>
<b>To:</b> Kamen Mazdrashki<br>
<b>Cc:</b> pfif@tridgell.net; abartlet@samba.org; cifs-protocol@samba.org<br>
<b>Subject:</b> RE: Status: SRX091216600027 [MS-ADTS] 3.1.1.2.3 msDS-IntId not
always present<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='color:#1F497D'>Good day Kamen – I am resending
the below, as I have not heard back from you<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Bill Wesse <br> \
<b>Sent:</b> Friday, February 05, 2010 10:58 AM<br> <b>To:</b> 'Kamen Mazdrashki'<br>
<b>Cc:</b> pfif@tridgell.net; abartlet@samba.org; cifs-protocol@samba.org<br>
<b>Subject:</b> RE: Status: SRX091216600027 [MS-ADTS] 3.1.1.2.3 msDS-IntId not
always present<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Good morning! Thanks for your patience.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Our documentation developers have responded to the questions
you raised. I have provided your original questions and the responses below.
Please let me know if the below answers your questions satisfactorily; if so, I
will consider your question resolved.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>=============================================================================<o:p></o:p></p>
<p class=MsoNormal>Question:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>According to [MS-ADTS] section 3.1.1.2.3 Attributes <<a
href="http://msdn.microsoft.com/en-us/library/cc223202(PROT.13).aspx">http://msdn.microsoft.com/en-us/library/cc223202(PROT.13).aspx</a>>,
<o:p></o:p></p>
<p class=MsoNormal>msDS-IntId is:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>“Present on attributeSchema <<a
href="http://msdn.microsoft.com/en-us/library/cc221662(PROT.13).aspx">http://msdn.microsoft.com/en-us/library/cc221662(PROT.13).aspx</a>>
objects added when forest functional level is DS_BEHAVIOR_WIN2003 or greater
with FLAG_SCHEMA_BASE_OBJECT not present in systemFlags <<a
href="http://msdn.microsoft.com/en-us/library/cc220919(PROT.13).aspx">http://msdn.microsoft.com/en-us/library/cc220919(PROT.13).aspx</a>>”.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>However, when running the test against w2k8 there are lot of
attributes that does not obey this rule.<o:p></o:p></p>
<p class=MsoNormal>Please see attached file “w2k8_msDS-IntId.txt”.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>At first I thought that those attributes have attributeIDs
that can be encoded/decoded using ‘default prefixMap’.<o:p></o:p></p>
<p class=MsoNormal>After examining the list though, it turns out this is not
the case for majority of those attributes.<o:p></o:p></p>
<p class=MsoNormal>Please see attached file “not_in_default_prefixMap.txt” for
a list of those attributes.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Perhaps I am misunderstanding the documentation?<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>I need a ‘steady’ rule when to create ‘msDS-IntId’ value for
an attribute in the schema.<o:p></o:p></p>
<p class=MsoNormal>Is there any other rule to be applied?<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Response:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>As stated in '[MS-ADTS] section 3.1.1.2.3 Attributes', the
msDS-IntId attribute is only present on attributeSchema objects ADDED, if the
forest functional level is DS_BEHAVIOR_WIN2003 or higher.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>There are several attributes in the default AD schema that
are created at setup time before the AD environment is in an operating state
and are not subject to this rule.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>However, attributeSchema objects added after the forest
functional level is DS_BEHAVIOR_WIN2003 or higher will have this attribute
present when conditions are met (FLAG_SCHEMA_BASE_OBJECT not present in
systemFlags). Also note that not all classes and attributes included in the
base schema are marked with FLAG_SCHEMA_BASE_OBJECT.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>=============================================================================<o:p></o:p></p>
<p class=MsoNormal>Question:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Btw, one interesting observation during my tests – adding
‘msDS-IntId’ on classSchema object passes nicely during object creation. After
that, trying to modify this attribute value leads to “CONSTRAINT_VIOLATION”.
And I am wondering – what is the meaning of ‘msDS-IntId’ when used in a
classSchema object<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Response:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Essentially, 'msDS-IntId’, when used on a classSchema
object, means that a client cannot modify the objectCategory of an instance of
a base schema class (the DSA can do this on its own behalf only).<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>=============================================================================<o:p></o:p></p>
<p class=MsoNormal>Reference:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>[MS-ADTS] section 3.1.1.2.3 Attributes<o:p></o:p></p>
<p class=MsoNormal><a
href="http://msdn.microsoft.com/en-us/library/cc223202(PROT.13).aspx">http://msdn.microsoft.com/en-us/library/cc223202(PROT.13).aspx</a><o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>msDS-IntId<o:p></o:p></p>
<p class=MsoNormal>Not specified on Add (if specified in the Add request, the
DC returns LDAP error unwillingToPerform); the value (a 32-bit unsigned integer
in the subrange [0x80000000..0xBFFFFFFF]) is generated by the DC. Present on
attributeSchema objects added when forest functional level is
DS_BEHAVIOR_WIN2003 or greater with FLAG_SCHEMA_BASE_OBJECT not present in
systemFlags (below). The value of msDS-IntId is the ATTRTYP of this
attributeSchema object. Unique among all values of this attribute on objects in
the schema NC, regardless of forest functional level. System-only.<o:p></o:p></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Regards,</span></b><span style='color:navy'><br>
</span><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Bill Wesse</span></b><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL
TEAM</span><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>8055 Microsoft Way</span><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Charlotte, NC 28273</span><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'>Email: <a \
href="mailto:billwe@microsoft.com">billwe@microsoft.com</a></span><span \
style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Tel:</span><span \
style='font-size:10.0pt;font-family:"Arial","sans-serif"; color:#1F497D'> \
</span><span style='font-size: \
10.0pt;font-family:"Arial","sans-serif";color:black'>+1(980) \
776-8200<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Cell:</span><span \
style='font-size:10.0pt;font-family:"Arial","sans-serif"; color:#1F497D'> \
</span><span style='font-size:10.0pt; \
font-family:"Arial","sans-serif";color:black'>+1(704) 661-5438</span><span \
style='font-family:"Arial","sans-serif";color:navy'><br> </span><span \
style='font-size:10.0pt;font-family:"Arial","sans-serif"; \
color:black'>Fax:</span><span \
style='font-size:10.0pt;font-family:"Arial","sans-serif"; color:#1F497D'> \
</span><span style='font-size:10.0pt; \
font-family:"Arial","sans-serif";color:black'>+1(704) 665-9606<o:p></o:p></span></p>
</div>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Kamen Mazdrashki \
[mailto:kamen.mazdrashki@postpath.com] <br> <b>Sent:</b> Thursday, January 14, 2010 \
9:49 AM<br> <b>To:</b> Bill Wesse<br>
<b>Cc:</b> pfif@tridgell.net; abartlet@samba.org; cifs-protocol@samba.org<br>
<b>Subject:</b> RE: Status: SRX091216600027 [MS-ADTS] 3.1.1.2.3 msDS-IntId not
always present<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='color:#1F497D'>Thanks for the \
update.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><span style='color:#1F497D'>CU,<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Kamen Mazdrashki<o:p></o:p></span></p>
<p class=MsoNormal><span \
style='color:#1F497D'>kamen.mazdrashki@postpath.com<o:p></o:p></span></p>
<p class=MsoNormal><span \
style='color:#1F497D'>http://repo.or.cz/w/Samba/kamenim.git<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Consolas;
color:#1F497D'>-------------------------------------</span><span
style='color:#1F497D'><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>CISCO SYSTEMS BULGARIA \
EOOD</span><span style='font-family:Consolas;color:#1F497D'><o:p></o:p></span></p>
<p class=MsoNormal><span \
style='color:#1F497D'>http://www.cisco.com/global/BG/<o:p></o:p></span></p>
</div>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Bill Wesse \
[mailto:billwe@microsoft.com] <br> <b>Sent:</b> Thursday, January 14, 2010 4:24 \
PM<br> <b>To:</b> Kamen Mazdrashki<br>
<b>Cc:</b> pfif@tridgell.net; abartlet@samba.org; cifs-protocol@samba.org<br>
<b>Subject:</b> Status: SRX091216600027 [MS-ADTS] 3.1.1.2.3 msDS-IntId not
always present<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='color:#1F497D'>Good morning once again Kamen!
Here is what’s up with the TDI…<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Your comment:<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Btw, one interesting observation
during my tests – adding ‘msDS-IntId’ on classSchema object passes nicely during
object creation. After that, trying to modify this attribute value leads to
“CONSTRAINT_VIOLATION”. And I am wondering – what is the meaning of
‘msDS-IntId’ when used in a classSchema object<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Response:<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Essentially, this means that a
client cannot modify the objectCategory of an instance of a base schema class
(the DSA can do this on its own behalf only).<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>On another note:<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>[MS-ADTS] 3.1.1.2.3 Attributes (<a
href="http://msdn.microsoft.com/en-us/library/cc223202(PROT.13).aspx">http://msdn.microsoft.com/en-us/library/cc223202(PROT.13).aspx</a>)
says the DC returns LDAP error unwillingToPerform on any attempt to specify
msDS-IntId on an Add operation.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>I have alerted those concerned
with the TDI to this; the response to your main question (…a ‘steady’ rule when
to create ‘msDS-IntId’ value for an attribute in the schema) is still \
pending.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Thanks for your \
patience.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Regards,</span></b><span style='color:navy'><br>
</span><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Bill Wesse</span></b><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL
TEAM</span><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>8055 Microsoft Way</span><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Charlotte, NC 28273</span><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'>Email: <a \
href="mailto:billwe@microsoft.com">billwe@microsoft.com</a></span><span \
style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Tel:</span><span \
style='font-size:10.0pt;font-family:"Arial","sans-serif"; color:#1F497D'> \
</span><span style='font-size: \
10.0pt;font-family:"Arial","sans-serif";color:black'>+1(980) \
776-8200<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Cell:</span><span \
style='font-size:10.0pt;font-family:"Arial","sans-serif"; color:#1F497D'> \
</span><span style='font-size:10.0pt; \
font-family:"Arial","sans-serif";color:black'>+1(704) 661-5438</span><span \
style='font-family:"Arial","sans-serif";color:navy'><br> </span><span \
style='font-size:10.0pt;font-family:"Arial","sans-serif"; \
color:black'>Fax:</span><span \
style='font-size:10.0pt;font-family:"Arial","sans-serif"; color:#1F497D'> \
</span><span style='font-size:10.0pt; \
font-family:"Arial","sans-serif";color:black'>+1(704) 665-9606<o:p></o:p></span></p>
</div>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Bill Wesse <br> \
<b>Sent:</b> Thursday, December 31, 2009 8:41 AM<br> <b>To:</b> 'Kamen \
Mazdrashki'<br> <b>Cc:</b> 'pfif@tridgell.net'; 'abartlet@samba.org'; \
'cifs-protocol@samba.org'<br> <b>Subject:</b> RE: Status: SRX091216600027 [MS-ADTS] \
3.1.1.2.3 msDS-IntId not always present<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='color:#1F497D'>Good morning Kamen – I neglected
to advise you I filed a Technical Documentation Issue (TDI) concerning the
msDS-IntId attribute. This is still under investigation by our document
developers, and I will advise you as soon as some results are \
forthcoming.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Thanks for your \
patience!<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Regards,</span></b><span style='color:navy'><br>
</span><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Bill Wesse</span></b><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL
TEAM</span><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>8055 Microsoft Way</span><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Charlotte, NC 28273</span><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Courier New";color:black'>TEL:
+1(980) 776-8200<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New";
color:black'>CELL: +1(704) 661-5438</span><span style='font-family:"Courier \
New"; color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Courier \
New";color:black'>FAX: +1(704) 665-9606<o:p></o:p></span></p>
</div>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Bill Wesse <br> \
<b>Sent:</b> Wednesday, December 16, 2009 9:52 AM<br> <b>To:</b> 'Kamen \
Mazdrashki'<br> <b>Cc:</b> pfif@tridgell.net; abartlet@samba.org; \
cifs-protocol@samba.org<br> <b>Subject:</b> RE: Status: SRX091216600027 [MS-ADTS] \
3.1.1.2.3 msDS-IntId not always present (SRX091020600112 [MS-DRSR] section 5.12.2 - \
prefixMap implementation)<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='color:#1F497D'>Thanks for the update Kamen – I
have created the following case to track our work. Unless you think otherwise,
I will archive the old case (SRX091020600112 [MS-DRSR] section 5.12.2 -
prefixMap implementation)).<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>SRX091216600027 [MS-ADTS]
3.1.1.2.3 msDS-IntId not always present<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>I expect to be able to begin work
later today – or by tomorrow morning at the latest.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Regards,</span></b><span style='color:navy'><br>
</span><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Bill Wesse</span></b><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL
TEAM</span><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>8055 Microsoft Way</span><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Charlotte, NC 28273</span><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Courier New";color:black'>TEL:
+1(980) 776-8200<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New";
color:black'>CELL: +1(704) 661-5438</span><span style='font-family:"Courier \
New"; color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Courier \
New";color:black'>FAX: +1(704) 665-9606<o:p></o:p></span></p>
</div>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Kamen Mazdrashki \
[mailto:kamen.mazdrashki@postpath.com] <br> <b>Sent:</b> Tuesday, December 15, 2009 \
9:08 PM<br> <b>To:</b> Bill Wesse<br>
<b>Cc:</b> pfif@tridgell.net; abartlet@samba.org; cifs-protocol@samba.org<br>
<b>Subject:</b> RE: Status: SRX091020600112 [MS-DRSR] section 5.12.2 - prefixMap
implementation<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='color:#1F497D'>Hi Bill,<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Finally I have a “msDS-IntId”
attribute.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>You can find the test in
“source4/lib/ldb/tests/python/ldap_schema.py” python script.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>You can execute the script from
‘source4’ directory as follows:<o:p></o:p></span></p>
<p class=MsoNormal><i><span style='color:#1F497D'>lib/ldb/tests/python/ldap_schema.py
-UAdministrator%password w2k8<o:p></o:p></span></i></p>
<p class=MsoNormal><span style='color:#1F497D'>This test is only in my branch
thus you can download it from (sorry for the inconvenience):<o:p></o:p></span></p>
<p class=MsoNormal><i><span style='color:#1F497D'><a
href="http://repo.or.cz/w/Samba/kamenim.git/snapshot/1de38d8251c6df7fb23d68033f57c1f8f \
53bcded.tar.gz">http://repo.or.cz/w/Samba/kamenim.git/snapshot/1de38d8251c6df7fb23d68033f57c1f8f53bcded.tar.gz</a><o:p></o:p></span></i></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>According to MS-ADTS <a
href="http://msdn.microsoft.com/en-us/library/cc223202%28PROT.13%29.aspx">http://msdn.microsoft.com/en-us/library/cc223202%28PROT.13%29.aspx</a>,
<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>msDS-IntId is “<i>Present on <a
href="http://msdn.microsoft.com/en-us/library/cc221662%28PROT.13%29.aspx">attributeSchema</a>
objects added when forest functional level is DS_BEHAVIOR_WIN2003 or greater
with FLAG_SCHEMA_BASE_OBJECT not present in <a
href="http://msdn.microsoft.com/en-us/library/cc220919%28PROT.13%29.aspx">systemFlags</a></i>”.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>However, when running the test
against w2k8 there are lot of attributes that does not obey this \
rule.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Please see attached file
“w2k8_msDS-IntId.txt”.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>At first I thought that those
attributes has attributeIDs that can be encoded/decoded using ‘default
prefixMap’.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>After examining the list though,
it turns out this is not the case for majority of those \
attributes.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Please see attached file
“not_in_default_prefixMap.txt” for a list of those attributes.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Perhaps I am misunderstanding
the documentation?<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>I need a ‘steady’ rule when to
create ‘msDS-IntId’ value for an attribute in the schema.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Is there any other rule to be
applied?<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>I need to note here that those \
attributes comes from w2k8 default provisioning.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Any newly added attributes
strictly obey the abovementioned rule (I found no way<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>to add an attribute with \
<i>FLAG_SCHEMA_BASE_OBJECT</i> flag set though).<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><span style='color:#1F497D'>CU,<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Kamen Mazdrashki<o:p></o:p></span></p>
<p class=MsoNormal><span \
style='color:#1F497D'>kamen.mazdrashki@postpath.com<o:p></o:p></span></p>
<p class=MsoNormal><span \
style='color:#1F497D'>http://repo.or.cz/w/Samba/kamenim.git<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Consolas;
color:#1F497D'>-------------------------------------</span><span
style='color:#1F497D'><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>CISCO SYSTEMS BULGARIA \
EOOD</span><span style='font-family:Consolas;color:#1F497D'><o:p></o:p></span></p>
<p class=MsoNormal><span \
style='color:#1F497D'>http://www.cisco.com/global/BG/<o:p></o:p></span></p>
</div>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Bill Wesse \
[mailto:billwe@microsoft.com] <br> <b>Sent:</b> Tuesday, December 01, 2009 3:58 \
PM<br> <b>To:</b> Kamen Mazdrashki<br>
<b>Cc:</b> pfif@tridgell.net; cifs-protocol@samba.org<br>
<b>Subject:</b> RE: Status: SRX091020600112 [MS-DRSR] section 5.12.2 -
prefixMap implementation<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='color:#1F497D'>Thank you – I am quite unhappy
with myself for not seeing this also.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>I will certainly keep the issue
open!<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Regards,</span></b><span style='color:navy'><br>
</span><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Bill Wesse</span></b><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL
TEAM</span><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>8055 Microsoft Way</span><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Charlotte, NC 28273</span><span style='color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Courier New";color:black'>TEL:
+1(980) 776-8200<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New";
color:black'>CELL: +1(704) 661-5438</span><span style='font-family:"Courier \
New"; color:navy'><br>
</span><span style='font-size:10.0pt;font-family:"Courier \
New";color:black'>FAX: +1(704) 665-9606<o:p></o:p></span></p>
</div>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Kamen Mazdrashki \
[mailto:kamen.mazdrashki@postpath.com] <br> <b>Sent:</b> Monday, November 30, 2009 \
4:13 PM<br> <b>To:</b> Bill Wesse<br>
<b>Cc:</b> pfif@tridgell.net; cifs-protocol@samba.org<br>
<b>Subject:</b> RE: Status: SRX091020600112 [MS-DRSR] section 5.12.2 -
prefixMap implementation<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='color:#1F497D'>Hi Bill,<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Good news – Metze resolved the
issue with “not recognized ATTIDs”.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>It was in front of me all the
time I can’t believe I’ve missed that (as it turns out, reading matters</span><span
style='font-family:Wingdings;color:#1F497D'>J</span><span \
style='color:#1F497D'>):<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><a
href="http://msdn.microsoft.com/en-us/library/cc223224%28PROT.13%29.aspx">http://msdn.microsoft.com/en-us/library/cc223224%28PROT.13%29.aspx</a><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Could you please leave the issue
open for as long as I make a test to verify, that rules for \
msDS-IntId<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>described on the following page
holds true?<o:p></o:p></span></p>
<p class=MsoNormal><span \
style='color:#1F497D'>http://msdn.microsoft.com/en-us/library/cc223202%28PROT.13%29.aspx<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>I just need to be sure, that if
FLAG_SCHEMA_BASE_OBJECT is not set, then Windows uses \
msDS-IntId.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><span style='color:#1F497D'>BR,<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Kamen Mazdrashki<o:p></o:p></span></p>
<p class=MsoNormal><span \
style='color:#1F497D'>kamen.mazdrashki@postpath.com<o:p></o:p></span></p>
<p class=MsoNormal><span \
style='color:#1F497D'>http://repo.or.cz/w/Samba/kamenim.git<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Consolas;
color:#1F497D'>-------------------------------------</span><span
style='color:#1F497D'><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>CISCO SYSTEMS BULGARIA \
EOOD</span><span style='font-family:Consolas;color:#1F497D'><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><a
href="http://www.cisco.com/global/BG/">http://www.cisco.com/global/BG/</a><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
_______________________________________________
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
--===============8886915869083725908==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic