Hi Gordon: Thanks for contacting Microsoft. A member of the team will be in touch soon.
Regards, Obaid Farooqi Escalation Engineer | Microsoft Exceeding your expectations is my highest priority. If you would like to provide feedback on your case you may contact my manager at nkang at Microsoft dot com -----Original Message----- From: Gordon Ross [mailto:[email protected]] Sent: Thursday, December 06, 2012 2:10 PM To: Interoperability Documentation Help Cc: [email protected] Subject: Questions about "Unsecure Join" (old-style join domain) Hi Dochelp staff, I have questions about implementing "Unsecure Join" (a.k.a. old-style join domain) where one uses a pre-created computer account. I've cc'ed the cifs-protocol list in case anyone there might know the answers I'm looking for. I've searched msdn etc. and found a few pages describing the "Unsecure Join" method. Here are some of them: Automating the Domain Join [See the section on "Unsecure Join"] http://technet.microsoft.com/en-us/library/cc730845.aspx NetJoinDomain function (Windows) [ See NETSETUP_JOIN_UNSECURE] http://msdn.microsoft.com/en-us/library/windows/desktop/aa370433.aspx We would like to implement "Join using a pre-created computer account" and I'm looking for more details about how this should work. As I understand it, the "pre-created computer account" is one that has it's initial password set to the same string as the account name. The first reference above seems to say that. However, our test results suggest that this may not be the case. (or not always?) Also, on the AD server the MMC "User and Computers" tool offers an action to "reset the computer account". I'd like to know what that action really does. Does it set the machine account password back to the computer name? (our tests indicate maybe not) Is there a document describing the specific protocol actions we need to perform during an "unsecure join"? Here's what we're doing now: (a) get information about the domain from the LSA, via LsaQueryInfoPolicy (which we do over NULL sessions). (b) change the machine account password. We currently use the SamrUnicodeChangePasswordUser2 RPC call [MS-SAMR 3.1.5.10.3] for that purpose. Step (a) seems to work fine. In order for step (b) to work, we need to know the password of the pre-created account. Or is there some other trick for doing the password change? Thanks, Gordon Ross <[email protected]> Nexenta Systems, Inc. www.nexenta.com Enterprise class storage for everyone Microsoft is committed to protecting your privacy. Please read the Microsoft Privacy Statement for more information.The above is an email for a support case from Microsoft Corp.REPLY ALL TO THIS MESSAGE or INCLUDE [email protected] IN YOUR REPLY if you want your response added to the case automatically. For technical assistance, please include the Support Engineer on the TO: line. Thank you. _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
