Hi Andrew, Writing for additional feedback to help. The processing of ResetBadPwdCount implementation in Windows just resets BadPwdCount. Here is the message: https://msdn.microsoft.com/en-us/library/dd357623.aspx
Source code review confirmed this today as well. The call just resets BadPwdCount to 0. Thanks, Nathan From: Nathan Manis Sent: Tuesday, May 30, 2017 11:57 AM To: [email protected]; [email protected]; [email protected] Cc: MSSolve Case Email <[email protected]> Subject: RE: [REG:117052515795477]: Q3 of 4: Does a BadPwdCount reset also reset some UF flags or other attributes? Hi Andrew, Thank you for contacting Microsoft Open Protocols support. For the inquiry regarding BadPwdCount. This is correct that the attribute is not replicated and is local. What we can state on the specifics is documented here: https://msdn.microsoft.com/en-us/library/ms675244%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 Remarks This attribute is not replicated and is maintained separately on each domain controller in the domain. This attribute is reset on a specific domain controller when the user successfully logs onto that domain controller. Thanks, Nathan From: Bryan Burgin Sent: Wednesday, May 24, 2017 10:11 PM To: [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]> Cc: MSSolve Case Email <[email protected]<mailto:[email protected]>> Subject: [REG:117052515795477]: Q3 of 4: Does a BadPwdCount reset also reset some UF flags or other attributes? [dochelp on bcc] [+casemail] Andrew, Today we create four cases per your request. This thread concerns issue Q3 of 4: Case 3: Does a BadPwdCount reset also reset some UF flags or other attributes? BadPwdCount is local. When it's reset, does it trigger a reset of some other replicable flags or attributes so that the user is not locked out elsewhere? An engineer will contact you about each of these issues on separate threads soon. The other cases, to pull all the threads together, are specified below. Bryan Q1: 117052515795450: WDigest package of supplementalCredentials attribute Q2: 117052515795463: Which change password is proxied from RODC to PDC? Q3: 117052515795477: Does a BadPwdCount reset also reset some UF flags or other attributes? Q4: 117052515795488: Client behavior guidance of DRS_GET_TGT flag in GetNCChanges Case 1: WDigest package of supplementalCredentials attribute Documentation of pre-computation hash in WDigest property is wrong. Construction is inverted. Needs to fix the document. [MS-SAMR] 3.1.1.8.11.3 Primary:WDigest Property https://msdn.microsoft.com/en-us/library/cc245679.aspx 3.1.1.8.11.3.1 WDIGEST_CREDENTIALS Construction https://msdn.microsoft.com/en-us/library/cc245680.aspx Case 2: Which change password is proxied from RODC to PDC? Is it expected that RODC should be able to proxy Kerberos change password to the RWDC? Currently, Samba does proxy authentication, realm trust requests, but are not proxing any password change. Case 3: Does a BadPwdCount reset also reset some UF flags or other attributes? BadPwdCount is local. When it's reset, does it trigger a reset of some other replicable flags or attributes so that the user is not locked out elsewhere? Case 4: Client behavior guidance of DRS_GET_TGT flag in GetNCChanges The request is to provide clarity so that the server side can implement DRS_GET_TGT poperly. DRS_GET_TGT flag syncing particular link values. Needs tag object clarification, when linked object is deleted, or not present, etc. [MS-DRSR] 4.1.10 IDL_DRSGetNCChanges (Opnum 3) https://msdn.microsoft.com/en-us/library/dd207691.aspx 4.1.10.5 Server Behavior of the IDL_DRSGetNCChanges Method https://msdn.microsoft.com/en-us/library/dd207741.aspx 4.1.10.6 Client Behavior When Receiving the IDL_DRSGetNCChanges https://msdn.microsoft.com/en-us/library/dd207757.aspx
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
