Hi Edgar,
I didn't had the time to investigate this but for sure I was on level
2008R2 and didn't had the recycle bin activated.
I'll keep you inform soon.
Matthieu.
On 26/02/2011 08:11, Edgar Olougouna wrote:
Matthieu,
I wanted to drop a quick note for an explicit closure to this thread. I was
able to observe the following in the lab. I also ran this through our AD
experts.
- DC running Windows Server 2008 R2 with a forest functional level of
Windows Server 2003: the test duplicates the behavior you observed. Here the
LDAP_SERVER_SHOW_RECYCLED_OID control is not meaningful since the forest does
not meet the requirements specified in MS-ADTS 3.1.1.8.1 Recycle Bin Optional
Feature.
- DC running Windows Server 2008 R2 with a forest functional level of
Windows Server 2008 R2, and recycle bin optional feature enabled (see MS-ADTS
3.1.1.8.1 and my previous email): the test results are consistent with the
MS-ADTS document. The LDAP_SERVER_SHOW_DELETED_OID control returns only deleted
objects with isDeleted=TRUE. The LDAP_SERVER_SHOW_RECYCLED_OID control returns
deleted objects isDeleted=TRUE and recycled objects isRecycled=TRUE.
As a result MS-ADTS appears to describe the expected behavior, as I mentioned
in my initial answer.
Hope this helps.
Regards,
Edgar
-----Original Message-----
From: Edgar Olougouna
Sent: Thursday, February 24, 2011 5:13 PM
To: '[email protected]'
Cc: [email protected]; [email protected]
Subject: RE: show-recycled and show-deleted LDAP controls
Matthieu,
Can you confirm whether the forest functional level is Windows Server 2008 R2
and that the recycle bin is enabled?
Active Directory Recycle Bin Step-by-Step Guide
http://technet.microsoft.com/en-us/library/dd392261(WS.10).aspx
Step 1: Enable Active Directory Recycle Bin
http://technet.microsoft.com/en-us/library/dd379481(WS.10).aspx
Thanks,
Edgar
-----Original Message-----
From: Matthieu Patou [mailto:[email protected]]
Sent: Thursday, February 24, 2011 1:28 AM
To: Edgar Olougouna
Cc: [email protected]; [email protected]
Subject: Re: show-recycled and show-deleted LDAP controls
Edgar,
On 17/02/2011 09:30, Edgar Olougouna wrote:
Matthieu,
The LDAP_SERVER_SHOW_DELETED_OID (section 3.1.1.3.4.1.14) control is used with
an LDAP operation to specify that tombstones and deleted-objects are visible to
the operation.
The LDAP_SERVER_SHOW_RECYCLED_OID is used with an LDAP operation to specify
that tombstones, deleted-objects, and recycled-objects are visible to the
operation.
When the LDAP_SERVER_SHOW_RECYCLED_OID (section 3.1.1.3.4.1.26) control is used
with an LDAP search operation, the search results include any tombstones,
deleted-objects, or recycled-objects that match the search filter.
The above controls specify respectively which subset of objects is visible to
the search, the results will simply match the filter, in your trace Filter:
(isDeleted=TRUE).
Ok but the initial question is why when we have LDAP_SERVER_SHOW_DELETED_OID I
can see object that has been recycled (those with isRecycled=TRUE), from what
you explained it should be shown only if I specify the
LDAP_SERVER_SHOW_RECYCLED_OID no ?
Also I wanted to double check that your forest functional level is Windows
Server 2008 R2. This is required prior to enabling the Recycle Bin optional
feature, which in turn is required for recycled objects functionality.
I have 2008 R2 server.
MS-ADTS 3.1.1.8.1 Recycle Bin Optional Feature The Recycle Bin
optional feature requires a Forest Functional Level of DS_BEHAVIOR_WIN2008R2 or
greater.
When the Recycle Bin optional feature is enabled, object deletion is performed
in three stages.
Stage 1. Active object transformed into a deleted object (isDeleted=TRUE).
Stage 2. Deleted object transformed into a recycled object (after
deleted-object lifetime, isRecycled=TRUE).
Stage 3. Recycled object is garbage collected (after tombstone lifetime).
Matthieu.
--
Matthieu Patou
Samba Team http://samba.org
Private repo http://git.samba.org/?p=mat/samba.git;a=summary
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol
