Good morning Andrew. Per your inquiry concerning elaboration on the objectSid definition, I am sending you copy of an update to the documentation as shown below (the second paragraph is new content).
Please let me know if this answers your question satisfactorily; if so, I will consider your question resolved. Thanks for helping us improve our documentation. ============================================================================== [MS-ADA3]: Active Directory Schema Attributes N-Z 2.44 Attribute objectSid This attribute specifies a binary value that specifies the security identifier (SID) of the user. The SID is a unique value used to identify the user as a security principal. For more information on the SID data type, refer to [MS-DTYP] section 2.4.2. SID usage is also discussed in [MS-ADTS], in particular in section 3.1.1.1.3. Because this is an attribute of String(SID) syntax, an application writing to this attribute via the LDAP protocol can specify a value for this attribute as a valid SDDL SID string, as specified in [MS-ADTS] section 3.1.1.3.1.2.5. The directory service will convert that value to its binary value equivalent. cn: Object-Sid ldapDisplayName: objectSid attributeId: 1.2.840.113556.1.4.146 attributeSyntax: 2.5.5.17 omSyntax: 4 isSingleValued: TRUE schemaIdGuid: bf9679e8-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE searchFlags: fPRESERVEONDELETE | fATTINDEX rangeLower: 0 rangeUpper: 28 attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf mapiID: 32807 isMemberOfPartialAttributeSet: TRUE systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_REQ_PARTIAL_SET_MEMBER schemaFlagsEx: FLAG_ATTR_IS_CRITICAL Version-Specific Behavior: Implemented on Windows 2000 Server, Windows Server 2003, Windows Server 2003 R2, and Windows Server 2008. In Windows 2000 Server, the following attributes are defined differently: systemOnly: FALSE The schemaFlagsEx attribute was added to this attribute definition in Windows Server 2008. ============================================================================== Regards, Bill Wesse MCSE / Escalation Engineer, US-CSS DSC PROTOCOL TEAM 8055 Microsoft Way Charlotte, NC 28273 TEL: +1(980) 776-8200 CELL: +1(704) 661-5438 FAX: +1(704) 665-9606 -----Original Message----- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 10, 2008 8:30 AM To: Bill Wesse Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: New case: SRX080910600015: [MS-ADA3]: 2.44 Elaborate on objectSid definition On Wed, 2008-09-10 at 03:34 -0700, Bill Wesse wrote: > Good morning Andrew. I have created the new case as noted in the > Subject line. I expect you will be happy to know that we are > initiating a strong recommendation that the objectSid definition in > [MS-ADA3] be modified as shown below. Thank you for your persistence > on this topic. No worries. > I will keep you advised of progress! > > > Change: > > 2.44 Attribute objectSid > This attribute specifies a binary value that specifies the security > identifier (SID) of the user. The SID is a unique value used to > identify the user as a security principal. For more information on the > SID data type, refer to [MS-DTYP] section 2.4.2. SID usage is also > discussed in [MS-ADTS], in particular in section 3.1.1.1.3. > > To: > > 2.44 Attribute objectSid > This attribute specifies a variable-length byte array value that > specifies the security identifier (SID) of the user. For more > information on the SID data type, refer to [MS-DTYP] section 2.4.2. It > also may be represented as a UTF-8 string that is a valid SDDL SID > string beginning with "S-" (see [MS-DTYP] sections 2.4.2 and 2.5.1, > and [MS-ADTS] 3.1.1.3.1.2.5). The SID is a unique value used to > identify the user as a security principal. SID usage is also discussed > in [MS-ADTS], in particular in section 3.1.1.1.3. That looks good. Let me know how you go - I had understood from the call that we were at a stalemate, so I'm particularly glad to see this (potentially) moving forward. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. _______________________________________________ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol