[prev in list] [next in list] [prev in thread] [next in thread]
List: cifs-protocol
Subject: Re: [cifs-protocol] [EXTERNAL] [MS-ADTS] Procedure for setting msDS-ManagedPasswordId attribute - Tr
From: "Jeff McCashland \(He/him\) via cifs-protocol" <cifs-protocol () lists ! samba ! org>
Date: 2024-01-22 22:25:41
Message-ID: MN0PR21MB3701B6B02F4C6AE001163B08A3752 () MN0PR21MB3701 ! namprd21 ! prod ! outlook ! com
[Download RAW message or body]
Hi Joseph,
We have updated [MS-ADTS] to address this issue:
3.1.1.4.5.39 msDS-ManagedPassword
Define function GetgMSAPasswordBlob(TO: OBJECT), which returns an \
msDS-ManagedPassword BLOB structure (section 2.2.19) as follows using integer \
arithmetic where divisions are rounded down without a remainder.
5. If TO!msDS-ManagedPasswordId does not exist or CurrentKeyExpirationTime is less \
than the current time, then: 4. Call GetPasswordBasedOnTimestamp() where:
§ Timestamp contains NewKeyStartTime.
§ AccountSID contains the TO!objectSid attribute ([MS-ADA3] section 2.45).
Let NewKeyID be the returned KeyID. Set TO!msDS-ManagedPasswordId to the value of \
NewKeyID. Let NewPassword be the returned password.
I hope that helps!
Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open \
Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific \
Time (US and Canada) Local country phone number found here: \
http://support.microsoft.com/globalenglish | Extension 1138300
-----Original Message-----
From: Joseph Sutton <jsutton@samba.org>
Sent: Wednesday, December 6, 2023 11:29 AM
To: Jeff McCashland (He/him) <jeffm@microsoft.com>
Cc: Microsoft Support <supportmail@microsoft.com>; cifs-protocol@lists.samba.org
Subject: Re: [EXTERNAL] [MS-ADTS] Procedure for setting msDS-ManagedPasswordId \
attribute - TrackingID#2311280040000920
Thank you!
Regards,
Joseph
On 7/12/23 7:26 am, Jeff McCashland (He/him) wrote:
> Hi Joseph,
>
> Thank you for letting us know about this.
>
> I have filed a request to clarify the documentation, and will follow up.
>
> Best regards,
> Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft
> Protocol Open Specifications Team
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone:
> (UTC-08:00) Pacific Time (US and Canada) Local country phone number
> found here:
> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsuppo
> rt.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%
> 7C48d59ce43f074d10f3b008dbf691aec7%7C72f988bf86f141af91ab2d7cd011db47%
> 7C1%7C0%7C638374877824070287%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM
> DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdat
> a=owaTBFS0S6%2B5woHAyo5HKw99CjObu5%2FEYehZNliJgHo%3D&reserved=0 |
> Extension 1138300
>
> -----Original Message-----
> From: Jeff McCashland (He/him)
> Sent: Tuesday, December 5, 2023 3:15 PM
> To: Joseph Sutton <jsutton@samba.org>
> Cc: Microsoft Support <supportmail@microsoft.com>;
> cifs-protocol@lists.samba.org
> Subject: RE: [EXTERNAL] [MS-ADTS] Procedure for setting
> msDS-ManagedPasswordId attribute - TrackingID#2311280040000920
>
> I will see what we can do to make this more clear.
>
> Best regards,
> Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft
> Protocol Open Specifications Team
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone:
> (UTC-08:00) Pacific Time (US and Canada) Local country phone number
> found here:
> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsuppo
> rt.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%
> 7C48d59ce43f074d10f3b008dbf691aec7%7C72f988bf86f141af91ab2d7cd011db47%
> 7C1%7C0%7C638374877824078259%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM
> DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdat
> a=yO6JFtgpq2FML1zgqeDkCDhs%2BFClOfjaCBHMoNf4aoU%3D&reserved=0 |
> Extension 1138300
>
> -----Original Message-----
> From: Joseph Sutton <jsutton@samba.org>
> Sent: Tuesday, December 5, 2023 1:50 PM
> To: Jeff McCashland (He/him) <jeffm@microsoft.com>
> Cc: Microsoft Support <supportmail@microsoft.com>;
> cifs-protocol@lists.samba.org
> Subject: Re: [EXTERNAL] [MS-ADTS] Procedure for setting
> msDS-ManagedPasswordId attribute - TrackingID#2311280040000920
>
> Oh, so when step 5.4 says, "let NewKeyID be the returned KeyID", that NewKeyID \
> value is to become the new value of msDS-ManagedPasswordId? And the implied \
> following step is "set TO!msDS-ManagedPasswordId to the value of NewKeyID"?
> That makes sense, but I admit I would not have realized that from reading the \
> documentation. Perhaps the documentation would be clearer if it stated how the \
> variables NewKeyID and OldKeyID were to be used? It offers hints such as "do not \
> return OldKeyID" (implying that the KeyIDs are to be "returned" in other cases) but \
> nothing more plain than that.
> Regards,
> Joseph
>
> On 6/12/23 8:48 am, Jeff McCashland (He/him) wrote:
> > Hi Joseph,
> >
> > In studying [MS-ADTS], I believe that initialization and updating of \
> > msDS-ManagedPasswordId is already documented in section 3.1.1.4.5.39 \
> > msDS-ManagedPassword, where this algorithm is described:
> > Define function GetgMSAPasswordBlob(TO: OBJECT), which returns an \
> > msDS-ManagedPassword BLOB structure (section 2.2.19) as follows using integer \
> > arithmetic where divisions are rounded down without a remainder.
> > The initialization occurs in step 5 where a new password and key id is created if \
> > msDS-ManagedPasswordId does not previously exist (or if the password interval is \
> > expired): 5. If TO!msDS-ManagedPasswordId does not exist or \
> > CurrentKeyExpirationTime is less than the current time, then:
> > Steps 5.7, 6.5, and 7.5 all describe creating new keys and returning the old \
> > password/key as the Previous values:
> > 5. Call MarshalPassword() where:
> > § Current_Password contains NewPassword.
> > § Previous_Password contains OldPassword.
> >
> > Do you disagree? Is this clear enough?
> >
> > Best regards,
> > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft
> > Protocol Open Specifications Team
> > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone:
> > (UTC-08:00) Pacific Time (US and Canada) Local country phone number
> > found here:
> > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupp
> > o%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C48d59ce43f074d10f3b008dbf
> > 691aec7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6383748778240835
> > 70%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTi
> > I6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=f4giZ%2F8Fj%2BQETCzvup
> > QzOfrV68oaGgcl0WtOqbdaZZs%3D&reserved=0
> > rt.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com
> > %
> > 7Cc2e0a39196fc435b47fa08dbf5dc2c6d%7C72f988bf86f141af91ab2d7cd011db47
> > %
> > 7C1%7C0%7C638374098235487693%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAw
> > M
> > DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sda
> > t
> > a=1PgMDgS60M5ZYmmNr%2FojT69vp%2B05r%2BwMtI7JrLWzvQ8%3D&reserved=0 |
> > Extension 1138300
> >
> > -----Original Message-----
> > From: Jeff McCashland (He/him)
> > Sent: Monday, December 4, 2023 9:52 AM
> > To: Joseph Sutton <jsutton@samba.org>
> > Cc: Microsoft Support <supportmail@microsoft.com>;
> > cifs-protocol@lists.samba.org
> > Subject: RE: [EXTERNAL] [MS-ADTS] Procedure for setting
> > msDS-ManagedPasswordId attribute - TrackingID#2311280040000920
> >
> > Hi Joseph,
> >
> > That is my understanding, yes.
> >
> > Best regards,
> > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft
> > Protocol Open Specifications Team
> > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone:
> > (UTC-08:00) Pacific Time (US and Canada) Local country phone number
> > found here:
> > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupp
> > o%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C48d59ce43f074d10f3b008dbf
> > 691aec7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6383748778240877
> > 48%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTi
> > I6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=x6%2FGVsUHGP6dLNKUQo8s
> > VITg5P3nLbXZbl8Bcoo6Lvw%3D&reserved=0
> > rt.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com
> > %
> > 7Cc2e0a39196fc435b47fa08dbf5dc2c6d%7C72f988bf86f141af91ab2d7cd011db47
> > %
> > 7C1%7C0%7C638374098235495401%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAw
> > M
> > DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sda
> > t
> > a=Lm7nQrfBCq9PIARZ7mbaTsHL4ysuGK53NmHY0%2FzT%2BJI%3D&reserved=0 |
> > Extension 1138300
> >
> > -----Original Message-----
> > From: Joseph Sutton <jsutton@samba.org>
> > Sent: Sunday, December 3, 2023 8:12 PM
> > To: Jeff McCashland (He/him) <jeffm@microsoft.com>
> > Cc: Microsoft Support <supportmail@microsoft.com>;
> > cifs-protocol@lists.samba.org
> > Subject: Re: [EXTERNAL] [MS-ADTS] Procedure for setting
> > msDS-ManagedPasswordId attribute - TrackingID#2311280040000920
> >
> > Thank you. For clarification, does regenerating the passwords here involve \
> > updating the account's msDS-ManagedPasswordId attribute? and \
> > msDS-ManagedPasswordPreviousId, too?
> > Regards,
> > Joseph
> >
> > On 2/12/23 11:40 am, Jeff McCashland (He/him) wrote:
> > > Hi Joseph,
> > >
> > > It appears that when the passwords are accessed, the interval is checked and \
> > > the passwords are then regenerated if they have expired.
> > > Please let me know if this does not answer your question.
> > >
> > > Best regards,
> > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft
> > > Protocol Open Specifications Team
> > > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone:
> > > (UTC-08:00) Pacific Time (US and Canada) Local country phone number
> > > found here:
> > > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsup
> > > p%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C48d59ce43f074d10f3b008db
> > > f691aec7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63837487782409
> > > 1699%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJ
> > > BTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ICsB4o2Zj%2BO0iSTY
> > > EXPlP6Xh2yaKhSLCCxFzuzQ7F9E%3D&reserved=0
> > > o%2F&data=05%7C02%7Cjeffm%40microsoft.com%7Cc2e0a39196fc435b47fa08db
> > > f
> > > 5dc2c6d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638374098235500
> > > 7
> > > 52%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBT
> > > i
> > > I6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=qSgSwtx1EstguEGjfaMcc
> > > V
> > > hmrMkSIZnQTjY7Q%2B70iUE%3D&reserved=0
> > > rt.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.co
> > > m
> > > %
> > > 7C37acc21f856446162c7908dbf47f3e15%7C72f988bf86f141af91ab2d7cd011db4
> > > 7
> > > %
> > > 7C1%7C0%7C638372599591299741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA
> > > w
> > > M
> > > DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sd
> > > a
> > > t
> > > a=5vcRpgLQ5O2lxfVzej2q7BNNmoPyS%2FExhf0Tb83xDn8%3D&reserved=0 |
> > > Extension 1138300
> > >
> > > -----Original Message-----
> > > From: Joseph Sutton <jsutton@samba.org>
> > > Sent: Wednesday, November 29, 2023 1:52 PM
> > > To: Jeff McCashland (He/him) <jeffm@microsoft.com>
> > > Cc: Microsoft Support <supportmail@microsoft.com>;
> > > cifs-protocol@lists.samba.org
> > > Subject: Re: [EXTERNAL] [MS-ADTS] Procedure for setting
> > > msDS-ManagedPasswordId attribute - TrackingID#2311280040000920
> > >
> > > Hi,
> > >
> > > Thank you for those links. So much of the format of these attributes I had \
> > > inferred from reading [MS-GKDI]: what I cannot find in either article are \
> > > details on how the attributes' values are first set and then periodically \
> > > updated.
> > > If I were to create a Group Managed Service Account right now and
> > > examined its msDS-ManagedPasswordId attribute, I might see a key
> > > index of (362, 0, 27). Say the interval after which the managed
> > > password was to be automatically changed was set to one day. If I
> > > were to examine the same attribute tomorrow, I might then see the
> > > key index had changed to (362, 0, 29). Furthermore, I might see that
> > > the msDS-ManagedPasswordPreviousId attribute (which had previously
> > > been
> > > empty) had been assigned the previous day's key index (362, 0, 27).
> > >
> > > Evidently the values of these attributes must periodically be updated by some \
> > > method in order for the managed password protocol to work. My question is: by \
> > > what procedure should this be done?
> > > Regards,
> > > Joseph
> > >
> > > On 30/11/23 7:34 am, Jeff McCashland (He/him) wrote:
> > > > Hi Joseph,
> > > >
> > > > I found a couple of online resources that appear to describe how to
> > > > generate the msDS-ManagedPasswordId attribute:
> > > >
> > > > Introducing the Golden GMSA Attack
> > > >
> > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fs
> > > > e%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C48d59ce43f074d10f3b008d
> > > > bf691aec7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638374877824
> > > > 095581%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi
> > > > LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=WzgfMvw8E955SI
> > > > %2BVxIgh32cic5pYwIQwRjnehcjD0QA%3D&reserved=0
> > > > c%2F&data=05%7C02%7Cjeffm%40microsoft.com%7Cc2e0a39196fc435b47fa08d
> > > > b
> > > > f5dc2c6d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6383740982355
> > > > 0
> > > > 4967%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC
> > > > J
> > > > BTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=WegjiamElO89lqmBe
> > > > 1
> > > > E7xNxtt%2FqeFtd3C8IuodqkUiY%3D&reserved=0
> > > > u%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C37acc21f856446162c7908d
> > > > b
> > > > f
> > > > 47f3e15%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63837259959130
> > > > 7
> > > > 1
> > > > 21%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB
> > > > T
> > > > i
> > > > I6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nRxPdRWhU%2F9ynyy1FS
> > > > Q
> > > > %
> > > > 2FuS19gQnQApcCvl%2FdiTTiTls%3D&reserved=0
> > > > rityboulevard.com%2F2022%2F03%2Fintroducing-the-golden-gmsa-attack%
> > > > 2
> > > > F
> > > > &
> > > > data=05%7C01%7Cjeffm%40microsoft.com%7C8b3892695c1c41c7cf8208dbf125
> > > > 7
> > > > d
> > > > f
> > > > 4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638368915588042290%7
> > > > C
> > > > U
> > > > n
> > > > known%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1
> > > > h
> > > > a
> > > > W
> > > > wiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=LelSmrZuPGbzFBjMPsU87KSIynav
> > > > A
> > > > F
> > > > 7
> > > > ViQQy%2BYpgRjM%3D&reserved=0
> > > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> > > > s%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C48d59ce43f074d10f3b008d
> > > > bf691aec7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638374877824
> > > > 099360%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi
> > > > LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=akjRSNXr%2B037
> > > > uSuXes1YN4t22r3a%2BMMnDpMjipka7qU%3D&reserved=0
> > > > e%2F&data=05%7C02%7Cjeffm%40microsoft.com%7Cc2e0a39196fc435b47fa08d
> > > > b
> > > > f5dc2c6d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6383740982355
> > > > 0
> > > > 9019%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC
> > > > J
> > > > BTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=wmSCPq6TqaQbn%2BM
> > > > u
> > > > i5QXXn7NUMcWuMIJdcvo9BYAxnQ%3D&reserved=0
> > > > c%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C37acc21f856446162c7908d
> > > > b
> > > > f
> > > > 47f3e15%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63837259959131
> > > > 2
> > > > 2
> > > > 46%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB
> > > > T
> > > > i
> > > > I6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9%2BOwMqPOo12Wu2SBVJ
> > > > %
> > > > 2
> > > > BVQQC76SYnzFuIXmBH8QKdDaw%3D&reserved=0
> > > > urityboulevard.com%2F2022%2F03%2Fintroducing-the-golden-gmsa-attack
> > > > %
> > > > 2
> > > > F
> > > > &data=05%7C01%7Cjeffm%40microsoft.com%7C8b3892695c1c41c7cf8208dbf12
> > > > 5
> > > > 7
> > > > d
> > > > f4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638368915588051293%
> > > > 7
> > > > C
> > > > U
> > > > nknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik
> > > > 1
> > > > h
> > > > a
> > > > WwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=pvoqNwoVEgry05Bry2zat0O9bU0
> > > > q
> > > > 1
> > > > D
> > > > XX2gepx9mPq5s%3D&reserved=0>
> > > >
> > > > How to recover from a Golden gMSA attack
> > > >
> > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fl
> > > > e%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C48d59ce43f074d10f3b008d
> > > > bf691aec7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638374877824
> > > > 103137%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi
> > > > LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=VVQBhGmBR6xS%2
> > > > FIZc%2Bs%2F0eWofw7OQ7jgCi1saVFMHRHE%3D&reserved=0
> > > > a%2F&data=05%7C02%7Cjeffm%40microsoft.com%7Cc2e0a39196fc435b47fa08d
> > > > b
> > > > f5dc2c6d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6383740982355
> > > > 1
> > > > 2908%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC
> > > > J
> > > > BTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=6ldubOagJWQqgya9v
> > > > n
> > > > ZlTJScwe3YvbQExddw9td07kw%3D&reserved=0
> > > > r%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C37acc21f856446162c7908d
> > > > b
> > > > f
> > > > 47f3e15%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63837259959131
> > > > 6
> > > > 1
> > > > 71%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB
> > > > T
> > > > i
> > > > I6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=k87u0MoTufLMFECk29jm
> > > > Q
> > > > W
> > > > U9Rd%2FeXZHIJKLBH9T9GTg%3D&reserved=0
> > > > n.microsoft.com%2Fen-us%2Ftroubleshoot%2Fwindows-server%2Fwindows-s
> > > > e
> > > > c
> > > > u
> > > > rity%2Frecover-from-golden-gmsa-attack&data=05%7C01%7Cjeffm%40micro
> > > > s
> > > > o
> > > > f
> > > > t.com%7C8b3892695c1c41c7cf8208dbf1257df4%7C72f988bf86f141af91ab2d7c
> > > > d
> > > > 0
> > > > 1
> > > > 1db47%7C1%7C0%7C638368915588057505%7CUnknown%7CTWFpbGZsb3d8eyJWIjoi
> > > > M
> > > > C
> > > > 4
> > > > wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7
> > > > C
> > > > %
> > > > 7
> > > > C&sdata=EuZEsNrVHjjxjlVUWTu5sVgTT%2B1pxit6PEoLNZ%2FimQ0%3D&reserved
> > > > =
> > > > 0
> > > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> > > > l%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C48d59ce43f074d10f3b008d
> > > > bf691aec7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638374877824
> > > > 106890%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi
> > > > LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=RiNh6t8M%2B6In
> > > > LfBSJMWOm2Gw49g22tl9NYO%2By1r6usc%3D&reserved=0
> > > > e%2F&data=05%7C02%7Cjeffm%40microsoft.com%7Cc2e0a39196fc435b47fa08d
> > > > b
> > > > f5dc2c6d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6383740982355
> > > > 1
> > > > 6743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC
> > > > J
> > > > BTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=OKdF%2F3Y38WibDJc
> > > > s
> > > > 51eo3S4ICLGDO5lIjHec6AIXp9A%3D&reserved=0
> > > > a%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C37acc21f856446162c7908d
> > > > b
> > > > f
> > > > 47f3e15%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63837259959131
> > > > 9
> > > > 9
> > > > 44%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB
> > > > T
> > > > i
> > > > I6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=injsryUSGV4%2FzA%2BP
> > > > H
> > > > 9
> > > > QDr3GW7QDAfbqXxForHbYPmg8%3D&reserved=0
> > > > rn.microsoft.com%2Fen-us%2Ftroubleshoot%2Fwindows-server%2Fwindows-
> > > > s
> > > > e
> > > > c
> > > > urity%2Frecover-from-golden-gmsa-attack&data=05%7C01%7Cjeffm%40micr
> > > > o
> > > > s
> > > > o
> > > > ft.com%7C8b3892695c1c41c7cf8208dbf1257df4%7C72f988bf86f141af91ab2d7
> > > > c
> > > > d
> > > > 0
> > > > 11db47%7C1%7C0%7C638368915588063990%7CUnknown%7CTWFpbGZsb3d8eyJWIjo
> > > > i
> > > > M
> > > > C
> > > > 4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%
> > > > 7
> > > > C
> > > > %
> > > > 7C&sdata=U%2BvJ0ARvX3KPmwFSTKu01Os0ZYDnJTcJHNtZ%2B5Q60Z4%3D&reserve
> > > > d
> > > > =
> > > > 0
> > > > >
> > > >
> > > > Please let me know if these help any.
> > > >
> > > > Best regards,*
> > > > /Jeff M/**/^c /**/Cashland (He/him) /**| Senior Escalation
> > > > Engineer/
> > > > > Microsoft/****Protocol Open Specifications Team*
> > > >
> > > > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone:
> > > > (UTC-08:00) Pacific Time (US and Canada)
> > > >
> > > > Local country phone number found here:
> > > > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsu
> > > > p%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C48d59ce43f074d10f3b008d
> > > > bf691aec7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638374877824
> > > > 110627%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi
> > > > LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5Ty2EOMdZTSjqv
> > > > RYVwLjRVyWrB9zl%2B0hXRrj643utC8%3D&reserved=0
> > > > p%2F&data=05%7C02%7Cjeffm%40microsoft.com%7Cc2e0a39196fc435b47fa08d
> > > > b
> > > > f5dc2c6d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6383740982355
> > > > 2
> > > > 0552%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC
> > > > J
> > > > BTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=VIEtD4nhgfHHxasvq
> > > > X
> > > > KUsgLMvoaX9tA7Mcp2BNePCEk%3D&reserved=0
> > > > o%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C37acc21f856446162c7908d
> > > > b
> > > > f
> > > > 47f3e15%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63837259959132
> > > > 3
> > > > 6
> > > > 78%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB
> > > > T
> > > > i
> > > > I6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=FAn5x%2Bz7nwtW5csx0t
> > > > x
> > > > d
> > > > glqSv2syrVrB9GCNY%2BkB6Dc%3D&reserved=0
> > > > rt.microsoft.com%2Fglobalenglish&data=05%7C01%7Cjeffm%40microsoft.c
> > > > o
> > > > m
> > > > %
> > > > 7C8b3892695c1c41c7cf8208dbf1257df4%7C72f988bf86f141af91ab2d7cd011db
> > > > 4
> > > > 7
> > > > %
> > > > 7C1%7C0%7C638368915588070730%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLj
> > > > A
> > > > w
> > > > M
> > > > DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&s
> > > > d
> > > > a
> > > > t
> > > > a=XJrBgpkrtwDdro9AT80LIeu6BoPipaYnQHhSlVuVD3g%3D&reserved=0
> > > > <https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fs
> > > > u%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C48d59ce43f074d10f3b008d
> > > > bf691aec7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638374877824
> > > > 114364%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi
> > > > LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=8Pe5o0Af%2Fv2J
> > > > fq%2F7bYz8cta3wNU8ShMUhksQact82Vk%3D&reserved=0
> > > > p%2F&data=05%7C02%7Cjeffm%40microsoft.com%7Cc2e0a39196fc435b47fa08d
> > > > b
> > > > f5dc2c6d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6383740982355
> > > > 2
> > > > 4480%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC
> > > > J
> > > > BTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7tJsJHf%2FQPctkUj
> > > > l
> > > > 5FzVOFKK%2FdobVjtb7YRHdJ3mklg%3D&reserved=0
> > > > p%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C37acc21f856446162c7908d
> > > > b
> > > > f
> > > > 47f3e15%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63837259959132
> > > > 7
> > > > 4
> > > > 62%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB
> > > > T
> > > > i
> > > > I6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=83ZmAa2HUHwhl%2F5nSd
> > > > M
> > > > M
> > > > qF7dbiMJjiQGENM6QHgVIlQ%3D&reserved=0
> > > > ort.microsoft.com%2Fglobalenglish&data=05%7C01%7Cjeffm%40microsoft.
> > > > c
> > > > o
> > > > m
> > > > %7C8b3892695c1c41c7cf8208dbf1257df4%7C72f988bf86f141af91ab2d7cd011d
> > > > b
> > > > 4
> > > > 7
> > > > %7C1%7C0%7C638368915588074945%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wL
> > > > j
> > > > A
> > > > w
> > > > MDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&
> > > > s d a
> > > > ta=LWTGmIq753PjwViRiluqkK80fD7FGK%2F017N6uIODCoc%3D&reserved=0>
> > > > > Extension 1138300
> > > >
> > > > *From:*Jeff McCashland (He/him)
> > > > *Sent:* Tuesday, November 28, 2023 8:28 AM
> > > > *To:* Joseph Sutton <jsutton@samba.org>
> > > > *Cc:* Microsoft Support <supportmail@microsoft.com>;
> > > > cifs-protocol@lists.samba.org
> > > > *Subject:* RE: [EXTERNAL] [MS-ADTS] Procedure for setting
> > > > msDS-ManagedPasswordId attribute - TrackingID#2311280040000920
> > > >
> > > > [try again- Kristian to BCC
> > > >
> > > > *From:*Jeff McCashland (He/him)
> > > > *Sent:* Tuesday, November 28, 2023 8:27 AM
> > > > *To:* Kristian Smith <Kristian.Smith@microsoft.com
> > > > <mailto:Kristian.Smith@microsoft.com>>; Joseph Sutton
> > > > <jsutton@samba.org <mailto:jsutton@samba.org>>;
> > > > cifs-protocol@lists.samba.org
> > > > <mailto:cifs-protocol@lists.samba.org>
> > > > *Cc:* Microsoft Support <supportmail@microsoft.com
> > > > <mailto:supportmail@microsoft.com>>
> > > > *Subject:* RE: [EXTERNAL] [MS-ADTS] Procedure for setting
> > > > msDS-ManagedPasswordId attribute - TrackingID#2311280040000920
> > > >
> > > > [Kristian to BCC]
> > > >
> > > > Hi Joseph,
> > > >
> > > > I will look into your question and let you know what I find.
> > > >
> > > > Best regards,*
> > > > /Jeff M/**/^c /**/Cashland (He/him) /**| Senior Escalation
> > > > Engineer/
> > > > > Microsoft/****Protocol Open Specifications Team*
> > > >
> > > > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone:
> > > > (UTC-08:00) Pacific Time (US and Canada)
> > > >
> > > > Local country phone number found here:
> > > > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsu
> > > > p%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C48d59ce43f074d10f3b008d
> > > > bf691aec7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638374877824
> > > > 118004%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi
> > > > LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=8GSSuoHQTiexun
> > > > 5Vvnhgmx8UMnThQw87jGG9ySZC9R8%3D&reserved=0
> > > > p%2F&data=05%7C02%7Cjeffm%40microsoft.com%7Cc2e0a39196fc435b47fa08d
> > > > b
> > > > f5dc2c6d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6383740982355
> > > > 2
> > > > 8300%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC
> > > > J
> > > > BTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2B0O6KBSH4kP4SI6
> > > > V
> > > > o3bN%2F3W478I0mNiwA3O8N8XDvjA%3D&reserved=0
> > > > o%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C37acc21f856446162c7908d
> > > > b
> > > > f
> > > > 47f3e15%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63837259959133
> > > > 1
> > > > 1
> > > > 97%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB
> > > > T
> > > > i
> > > > I6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2BIINIqVtLHi3Boe5B8
> > > > t
> > > > 3
> > > > N0Fd%2FBO8T7pgsq0%2FCaQHrGc%3D&reserved=0
> > > > rt.microsoft.com%2Fglobalenglish&data=05%7C01%7Cjeffm%40microsoft.c
> > > > o
> > > > m
> > > > %
> > > > 7C8b3892695c1c41c7cf8208dbf1257df4%7C72f988bf86f141af91ab2d7cd011db
> > > > 4
> > > > 7
> > > > %
> > > > 7C1%7C0%7C638368915588078943%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLj
> > > > A
> > > > w
> > > > M
> > > > DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&s
> > > > d
> > > > a
> > > > t
> > > > a=tkxE0x8I%2B04b8YNTpQSyEY12gn7j84cNLaeDAc1ocwE%3D&reserved=0
> > > > <https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fs
> > > > u%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C48d59ce43f074d10f3b008d
> > > > bf691aec7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638374877824
> > > > 121700%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi
> > > > LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=bOtPg9wf4FFwXq
> > > > CT3BZMg%2BSQHuSoPB%2FaPGk5UYzvEBg%3D&reserved=0
> > > > p%2F&data=05%7C02%7Cjeffm%40microsoft.com%7Cc2e0a39196fc435b47fa08d
> > > > b
> > > > f5dc2c6d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6383740982355
> > > > 3
> > > > 2057%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC
> > > > J
> > > > BTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=wjwbeNpHHMhBh2fVk
> > > > e
> > > > xRYr69MMh93oDzbbWezihsqoY%3D&reserved=0
> > > > p%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C37acc21f856446162c7908d
> > > > b
> > > > f
> > > > 47f3e15%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63837259959133
> > > > 4
> > > > 9
> > > > 40%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB
> > > > T
> > > > i
> > > > I6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=kkcEkaeOqS3Jq0VOp2QY
> > > > K
> > > > O
> > > > s9v4ITW5FTGyzCy6P6qIw%3D&reserved=0
> > > > ort.microsoft.com%2Fglobalenglish&data=05%7C01%7Cjeffm%40microsoft.
> > > > c
> > > > o
> > > > m
> > > > %7C8b3892695c1c41c7cf8208dbf1257df4%7C72f988bf86f141af91ab2d7cd011d
> > > > b
> > > > 4
> > > > 7
> > > > %7C1%7C0%7C638368915588082884%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wL
> > > > j
> > > > A
> > > > w
> > > > MDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&
> > > > s
> > > > d a
> > > > ta=ZsqOTIBuuVFdcqTuia8meW%2BrE9Fgx4tkLT2G3le%2BUdA%3D&reserved=0> |
> > > > Extension 1138300
> > > >
> > > > *From:*Kristian Smith <Kristian.Smith@microsoft.com
> > > > <mailto:Kristian.Smith@microsoft.com>>
> > > > *Sent:* Monday, November 27, 2023 6:39 PM
> > > > *To:* Joseph Sutton <jsutton@samba.org <mailto:jsutton@samba.org>>;
> > > > cifs-protocol@lists.samba.org
> > > > <mailto:cifs-protocol@lists.samba.org>
> > > > *Cc:* Microsoft Support <supportmail@microsoft.com
> > > > <mailto:supportmail@microsoft.com>>
> > > > *Subject:* Re: [EXTERNAL] [MS-ADTS] Procedure for setting
> > > > msDS-ManagedPasswordId attribute - TrackingID#2311280040000920
> > > >
> > > > [DocHelp to Bcc]
> > > >
> > > > [Case mail to Cc]
> > > >
> > > > Hi Joseph,
> > > >
> > > > Thank you for your request. The case number 2311280040000920 has
> > > > been created for this inquiry. One of our team members will follow
> > > > up with you soon.
> > > >
> > > > *Regards,*
> > > >
> > > > *Kristian Smith*
> > > >
> > > > Support Escalation Engineer | Azure DevOps, Windows Protocols |
> > > > Microsoft® Corporation
> > > >
> > > > *Office phone*: +1 425-421-4442
> > > >
> > > > *Email*: kristian.smith@microsoft.com
> > > > <mailto:kristian.smith@microsoft.com>
> > > >
> > > > *Working hours*: 8:00 am - 5:00 pm PST, Monday - Friday
> > > >
> > > > *Team Manager*: Gary Ranne garyra@microsoft.com
> > > > <mailto:garyra@microsoft.com>
> > > >
> > > > *ServiceHub*:
> > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fs
> > > > e%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C48d59ce43f074d10f3b008d
> > > > bf691aec7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638374877824
> > > > 125400%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi
> > > > LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=d8rT%2BwCXO5gu
> > > > bBFySe0tuby7WpZuahsByvVa23taF5A%3D&reserved=0
> > > > r%2F&data=05%7C02%7Cjeffm%40microsoft.com%7Cc2e0a39196fc435b47fa08d
> > > > b
> > > > f5dc2c6d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6383740982355
> > > > 3
> > > > 5788%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC
> > > > J
> > > > BTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7j4AKpVR1hn1klsWX
> > > > P
> > > > 2R7QosVLL3GhalBEiNFtuFWE4%3D&reserved=0
> > > > v%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C37acc21f856446162c7908d
> > > > b
> > > > f
> > > > 47f3e15%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63837259959133
> > > > 8
> > > > 6
> > > > 72%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB
> > > > T
> > > > i
> > > > I6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=gxKesolna5%2FUxxvV2D
> > > > p
> > > > e
> > > > uDX16CM9ouRDBwgTM7Tvfrc%3D&reserved=0
> > > > iceshub.microsoft.com%2Fsupport%2Fcontactsupport_&data=05%7C01%7Cje
> > > > f
> > > > f
> > > > m
> > > > %40microsoft.com%7C8b3892695c1c41c7cf8208dbf1257df4%7C72f988bf86f14
> > > > 1
> > > > a
> > > > f
> > > > 91ab2d7cd011db47%7C1%7C0%7C638368915588086793%7CUnknown%7CTWFpbGZsb
> > > > 3
> > > > d
> > > > 8
> > > > eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%
> > > > 7
> > > > C
> > > > 3
> > > > 000%7C%7C%7C&sdata=dEauc2KQK4aFU651P9jTIflUtc%2FNo2xOEbtxm0ptVA0%3D
> > > > &
> > > > r
> > > > e
> > > > served=0
> > > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> > > > s%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C48d59ce43f074d10f3b008d
> > > > bf691aec7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638374877824
> > > > 131030%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi
> > > > LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2FEOs07Ew9O6p
> > > > haSZ0LB1cy7M6wTQQIc1g4hcKxN%2FnxU%3D&reserved=0
> > > > e%2F&data=05%7C02%7Cjeffm%40microsoft.com%7Cc2e0a39196fc435b47fa08d
> > > > b
> > > > f5dc2c6d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6383740982355
> > > > 3
> > > > 9507%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC
> > > > J
> > > > BTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0WYra6Lx06ebYtLNt
> > > > y
> > > > smOWfahLWnw4MCl8cfdjHwmmI%3D&reserved=0
> > > > r%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C37acc21f856446162c7908d
> > > > b
> > > > f
> > > > 47f3e15%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63837259959134
> > > > 2
> > > > 5
> > > > 14%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB
> > > > T
> > > > i
> > > > I6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=unPGfUeLwQfQjVcfKA3G
> > > > m
> > > > J
> > > > 7FlPDtIqTnCgauok6%2Fi%2Fg%3D&reserved=0
> > > > viceshub.microsoft.com%2Fsupport%2Fcontactsupport_&data=05%7C01%7Cj
> > > > e
> > > > f
> > > > f
> > > > m%40microsoft.com%7C8b3892695c1c41c7cf8208dbf1257df4%7C72f988bf86f1
> > > > 4
> > > > 1
> > > > a
> > > > f91ab2d7cd011db47%7C1%7C0%7C638368915588090768%7CUnknown%7CTWFpbGZs
> > > > b
> > > > 3
> > > > d
> > > > 8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D
> > > > %
> > > > 7
> > > > C
> > > > 3000%7C%7C%7C&sdata=J8RQLZPBTRSaUz96apjc%2FVAdm68kGw%2FwYLjeW0dPGXI
> > > > %
> > > > 3
> > > > D
> > > > &reserved=0>
> > > >
> > > > /In case you don't hear from me, please call your regional number here:
> > > > //https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2
> > > > F
> > > > s%2F&data=05%7C02%7Cjeffm%40microsoft.com%7Cc2e0a39196fc435b47fa08d
> > > > b
> > > > f5dc2c6d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6383740982355
> > > > 4
> > > > 3243%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC
> > > > J
> > > > BTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Ka3V89uG%2BMscBwk
> > > > U
> > > > 91SrBcC4XHfbgYUufKGfnrO0%2BTE%3D&reserved=0
> > > > u%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C37acc21f856446162c7908d
> > > > b
> > > > f
> > > > 47f3e15%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63837259959134
> > > > 6
> > > > 2
> > > > 11%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB
> > > > T
> > > > i
> > > > I6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=eDfbZcxA%2FZiDj8eGAm
> > > > X
> > > > 5
> > > > RN4PBWOfLxeadzb6JMoWYKI%3D&reserved=0
> > > > pport.microsoft.com%2Fhelp%2F13948%2Fglobal-customer-service-phone-
> > > > n
> > > > u
> > > > m
> > > > bers&data=05%7C01%7Cjeffm%40microsoft.com%7C8b3892695c1c41c7cf8208d
> > > > b
> > > > f
> > > > 1
> > > > 257df4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638368915588094
> > > > 7
> > > > 0
> > > > 7
> > > > %7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTi
> > > > I
> > > > 6
> > > > I
> > > > k1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0zHR9%2B93B63JnnnOu49ld
> > > > U
> > > > c
> > > > m
> > > > xH85vxpdd4fWB0mledo%3D&reserved=0.
> > > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> > > > s%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C48d59ce43f074d10f3b008d
> > > > bf691aec7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638374877824
> > > > 140938%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi
> > > > LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dBvItNHPXOB%2F
> > > > 5cCX93z2Vv5O9iHURIfMOI51fDKLD54%3D&reserved=0
> > > > u%2F&data=05%7C02%7Cjeffm%40microsoft.com%7Cc2e0a39196fc435b47fa08d
> > > > b
> > > > f5dc2c6d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6383740982355
> > > > 4
> > > > 6938%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC
> > > > J
> > > > BTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=8Y7KhrWQj3fxe5eQd
> > > > R
> > > > Eo%2FkFa2GWEFhcXKlTAo8ugKTI%3D&reserved=0
> > > > p%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C37acc21f856446162c7908d
> > > > b
> > > > f
> > > > 47f3e15%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63837259959134
> > > > 9
> > > > 9
> > > > 03%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB
> > > > T
> > > > i
> > > > I6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=d%2FNirKerr2gNFw3K7w
> > > > h
> > > > W
> > > > lZ8QOD6gwS8nDyZcFKlPNJs%3D&reserved=0
> > > > port.microsoft.com%2Fhelp%2F13948%2Fglobal-customer-service-phone-n
> > > > u
> > > > m
> > > > b
> > > > ers&data=05%7C01%7Cjeffm%40microsoft.com%7C8b3892695c1c41c7cf8208db
> > > > f
> > > > 1
> > > > 2
> > > > 57df4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6383689155880993
> > > > 8
> > > > 7
> > > > %
> > > > 7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI
> > > > 6
> > > > I
> > > > k
> > > > 1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=SCTt0XWCAtZTwsZSQuREvqzU
> > > > 5
> > > > T
> > > > W
> > > > 6a5MQLrCSGC1r3f8%3D&reserved=0.>///
> > > >
> > > > /If you need assistance outside my normal working hours, please
> > > > reach out to //devbu@microsoft.com <mailto:devbu@microsoft.com>//.
> > > > One of my colleagues will gladly continue working on this
> > > > issue.//devbu@microsoft.com <mailto:devbu@microsoft.com>//. One of
> > > > my colleagues will gladly continue working on this issue./
> > > >
> > > > -------------------------------------------------------------------
> > > > -
> > > > -
> > > > -
> > > > --
> > > >
> > > > *From:*Joseph Sutton <jsutton@samba.org <mailto:jsutton@samba.org>>
> > > > *Sent:* Monday, November 27, 2023 2:53 PM
> > > > *To:* cifs-protocol@lists.samba.org
> > > > <mailto:cifs-protocol@lists.samba.org>
> > > > <cifs-protocol@lists.samba.org
> > > > <mailto:cifs-protocol@lists.samba.org>>; Interoperability
> > > > Documentation Help <dochelp@microsoft.com
> > > > <mailto:dochelp@microsoft.com>>
> > > > *Subject:* [EXTERNAL] [MS-ADTS] Procedure for setting
> > > > msDS-ManagedPasswordId attribute
> > > >
> > > > Hi dochelp,
> > > >
> > > > The calculation of the msDS-ManagedPassword attribute depends upon
> > > > the values of two other important attributes, namely
> > > > msDS-ManagedPasswordId and msDS-ManagedPasswordPreviousId. I can't
> > > > find any documentation on how these two attributes are to be set
> > > > initially (on the creation of a Group Managed Service Account), nor
> > > > on how and when they are subsequently to be updated.
> > > >
> > > > Are you able to give me any information on the procedure by which
> > > > these attributes are assigned values? - Are they supposed to be
> > > > updated periodically?
> > > >
> > > > Regards,
> > > > Joseph
> > > >
_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic