Andrew, I think I have some answers for you but I wanted to clarify the question first. As I understand it, you are looking to get information on how objects sync’ed via Directory Replication Services (DRS) look to a receiving application, what is their layout, how are they exposed to the application that has requested the sync via a mechanism like IDL_DRSGetNCChanges in the DRSUAPI interface (MS-DRSR) with respect to privledge and access control structures. For example, if one were to replicate permissions or privledges between two domain controllers, what would that permissions object look like to the receiving domain controller and what would an application like the Local Security Authority (LSA) running on a domain controller see, how would it access them. Is this a correct interpretation of what you are looking for?
Richard Guthrie Open Protocols Support Team Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM 7100 N Hwy 161, Irving, TX - 75039 "Las Colinas - LC2" Tel: +1 469 775 7794 E-mail: [EMAIL PROTECTED] We're hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted ________________________________________ From: Andrew Bartlett [EMAIL PROTECTED] Sent: Monday, July 14, 2008 8:17 PM To: Richard Guthrie Cc: Interoperability Documentation Help; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Mapping of MS-LSAD onto LDAP and DRS replications On Fri, 2008-07-11 at 10:53 -0700, Richard Guthrie wrote: > Andrew, > > I will be working with you to resolve your question. I need to do > some research on the MS-LSAD documentation, before we proceed to start > resolving this issue, so that I accurately captured everything. I > will send you an update Monday with any questions I have based on that > research. Have a good weekend! I should note that I'm particularly interested (as a first step, and what made me ask this) in the mapping of 'privileges' onto LDAP attributes. The SAMR documentation would be a very good standard to aim for, in terms of what a renewed document could look like. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
