Matthias, Thanks for raising this issue with us. First, We will add the missing definitions for UF_PARTIAL_SECRETS_ACCOUNT (0x4000000) to 2.2.1.13 MS-SAMR, USER_PARTIAL_SECRETS_ACCOUNT (0x00100000) to 2.2.1.12 MS-SAMR and DOMAIN_GROUP_RID_READONLY_DCS(0x00000209) to 2.2.1.14 MS-SAMR. In 3.1.1.8.1 MS-SAMR, we will add the following entry to the table in item 4 showing that if userAccountContol has bits UF_WORKSTATION_TRUST_ACCOUNT & UF_PARTIAL_SECRETS_ACCOUNT , the primaryGroupId attribute MUST be updated with DOMAIN_GROUP_RID_READONLY_CONTROLLERS.
We are in the process to update the document. The changes will appear in the future release of the document. Please let us know if you have any further question. If not, I will consider this issue resolved. Thanks! Hongwei -----Original Message----- From: Matthias Dieter Wallnöfer [mailto:[email protected]] Sent: Wednesday, September 15, 2010 6:09 AM To: Interoperability Documentation Help Cc: [email protected] Subject: Incompleteness in MS-SAMR section 3.1.1.8.1 objectClass Dear dochelp team, starting with Windows Server 2008 there has been introduced the UF_PARTIAL_SECURITY flag As far as we (s4 people) found out this also impacts the objectclass trigger described in MS-SAMR 3.1.1.8.1. For example if set on "userAccountControl" it switches the "primaryGroupID" to DOMAIN_GROUP_RID_READONLY_DCS. We would appreciate if the specified section could be enhanced regarding it. Thanks, Matthias Wallnöfer _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
