From 57be1d07afc2a0725b79327636204a9238ab94aa Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Mon, 4 Jan 2010 13:01:23 -0800 Subject: s4 torture: Add RAW-OPEN-NTCREATEDIR to test error checking for open directories as files --- source4/torture/raw/open.c | 198 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 198 insertions(+) (limited to 'source4') diff --git a/source4/torture/raw/open.c b/source4/torture/raw/open.c index 8c4311b530..e37fd8e09a 100644 --- a/source4/torture/raw/open.c +++ b/source4/torture/raw/open.c @@ -1879,6 +1879,203 @@ done: return ret; } +/** + * Test what happens when trying to open a file with directory parameters and + * vice-versa. Also test that NTCREATEX_OPTIONS_DIRECTORY is treated as + * mandatory and FILE_ATTRIBUTE_DIRECTORY is advisory for directory + * creation/opening. + */ +static bool test_ntcreatexdir(struct torture_context *tctx, + struct smbcli_state *cli) +{ + union smb_open io; + union smb_fileinfo finfo; + const char *fname = BASEDIR "\\torture_ntcreatex.txt"; + const char *dname = BASEDIR "\\torture_ntcreatex_dir"; + NTSTATUS status, expected_status; + bool ret = true; + int i; + uint32_t access_mask = 0; + + struct { + uint32_t open_disp; + uint32_t file_attr; + uint32_t create_options; + NTSTATUS correct_status; + } open_funcs[] = { + { NTCREATEX_DISP_SUPERSEDE, 0, NTCREATEX_OPTIONS_DIRECTORY, + NT_STATUS_INVALID_PARAMETER }, + { NTCREATEX_DISP_OPEN, 0, NTCREATEX_OPTIONS_DIRECTORY, + NT_STATUS_OBJECT_NAME_NOT_FOUND }, + { NTCREATEX_DISP_CREATE, 0, NTCREATEX_OPTIONS_DIRECTORY, + NT_STATUS_OK }, + { NTCREATEX_DISP_OPEN_IF, 0, NTCREATEX_OPTIONS_DIRECTORY, + NT_STATUS_OK }, + { NTCREATEX_DISP_OVERWRITE, 0, NTCREATEX_OPTIONS_DIRECTORY, + NT_STATUS_INVALID_PARAMETER }, + { NTCREATEX_DISP_OVERWRITE_IF, 0, NTCREATEX_OPTIONS_DIRECTORY, + NT_STATUS_INVALID_PARAMETER }, + { NTCREATEX_DISP_SUPERSEDE, FILE_ATTRIBUTE_DIRECTORY, 0, + NT_STATUS_OK }, + { NTCREATEX_DISP_OPEN, FILE_ATTRIBUTE_DIRECTORY, 0, + NT_STATUS_OBJECT_NAME_NOT_FOUND }, + { NTCREATEX_DISP_CREATE, FILE_ATTRIBUTE_DIRECTORY, 0, + NT_STATUS_OK }, + { NTCREATEX_DISP_OPEN_IF, FILE_ATTRIBUTE_DIRECTORY, 0, + NT_STATUS_OK }, + { NTCREATEX_DISP_OVERWRITE, FILE_ATTRIBUTE_DIRECTORY, 0, + NT_STATUS_OBJECT_NAME_NOT_FOUND }, + { NTCREATEX_DISP_OVERWRITE_IF, FILE_ATTRIBUTE_DIRECTORY, 0, + NT_STATUS_OK }, + + }; + + if (!torture_setup_dir(cli, BASEDIR)) { + return false; + } + + /* setup some base params. */ + io.generic.level = RAW_OPEN_NTCREATEX; + io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED; + io.ntcreatex.in.root_fid.fnum = 0; + io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL; + io.ntcreatex.in.alloc_size = 0; + io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE; + io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS; + io.ntcreatex.in.security_flags = 0; + io.ntcreatex.in.fname = fname; + + /* + * Test the validity checking for create dispositions, which is done + * against the requested parameters rather than what's actually on + * disk. + */ + for (i=0; itree, tctx, &io); + if (!NT_STATUS_EQUAL(status, open_funcs[i].correct_status)) { + torture_result(tctx, TORTURE_FAIL, + "(%s) incorrect status %s should be %s " + "(i=%d open_disp=%d)\n", + __location__, nt_errstr(status), + nt_errstr(open_funcs[i].correct_status), + i, (int)open_funcs[i].open_disp); + ret = false; + } + /* Close and delete the file. */ + if (NT_STATUS_IS_OK(status)) { + if (open_funcs[i].create_options != 0) { + /* out attrib should be a directory. */ + torture_assert_int_equal(tctx, + io.ntcreatex.out.attrib, + FILE_ATTRIBUTE_DIRECTORY, "should have " + "created a directory"); + + smbcli_close(cli->tree, + io.ntcreatex.out.file.fnum); + + /* Make sure unlink fails. */ + status = smbcli_unlink(cli->tree, fname); + torture_assert_ntstatus_equal(tctx, status, + NT_STATUS_FILE_IS_A_DIRECTORY, + "unlink should fail for a directory"); + + status = smbcli_rmdir(cli->tree, fname); + torture_assert_ntstatus_ok(tctx, status, + "rmdir failed"); + } else { + torture_assert_int_equal(tctx, + io.ntcreatex.out.attrib, + FILE_ATTRIBUTE_ARCHIVE, "should not have " + "created a directory"); + + smbcli_close(cli->tree, + io.ntcreatex.out.file.fnum); + + /* Make sure rmdir fails. */ + status = smbcli_rmdir(cli->tree, fname); + torture_assert_ntstatus_equal(tctx, status, + NT_STATUS_NOT_A_DIRECTORY, + "rmdir should fail for a file"); + + status = smbcli_unlink(cli->tree, fname); + torture_assert_ntstatus_ok(tctx, status, + "unlink failed"); + } + } + } + + /* Create a file. */ + io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL; + io.ntcreatex.in.create_options = 0; + io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE; + status = smb_raw_open(cli->tree, tctx, &io); + torture_assert_ntstatus_ok(tctx, status, "Failed to create file."); + smbcli_close(cli->tree, io.ntcreatex.out.file.fnum); + + /* Try and open the file with file_attr_dir and check the error. */ + io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY; + io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN; + + status = smb_raw_open(cli->tree, tctx, &io); + torture_assert_ntstatus_ok(tctx, status, "FILE_ATTRIBUTE_DIRECTORY " + "doesn't produce a hard failure."); + smbcli_close(cli->tree, io.ntcreatex.out.file.fnum); + + /* Try and open file with createx_option_dir and check the error. */ + io.ntcreatex.in.file_attr = 0; + io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY; + + status = smb_raw_open(cli->tree, tctx, &io); + torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_A_DIRECTORY, + "NTCREATEX_OPTIONS_DIRECTORY will a file from being opened."); + smbcli_close(cli->tree, io.ntcreatex.out.file.fnum); + + /* Delete the file and move onto directory testing. */ + smbcli_unlink(cli->tree, fname); + + /* Now try some tests on a directory. */ + io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE; + io.ntcreatex.in.file_attr = 0; + io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY; + io.ntcreatex.in.fname = dname; + + status = smb_raw_open(cli->tree, tctx, &io); + torture_assert_ntstatus_ok(tctx, status, "Failed to create dir."); + + /* out attrib should be a directory. */ + torture_assert_int_equal(tctx, io.ntcreatex.out.attrib, + FILE_ATTRIBUTE_DIRECTORY, "should have created a directory"); + + smbcli_close(cli->tree, io.ntcreatex.out.file.fnum); + + /* Try and open it with normal attr and check the error. */ + io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL; + io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN; + + status = smb_raw_open(cli->tree, tctx, &io); + torture_assert_ntstatus_ok(tctx, status, "FILE_ATTRIBUTE_NORMAL " + "doesn't produce a hard failure."); + smbcli_close(cli->tree, io.ntcreatex.out.file.fnum); + + /* Try and open it with file create_options and check the error. */ + io.ntcreatex.in.file_attr = 0; + io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE; + + status = smb_raw_open(cli->tree, tctx, &io); + torture_assert_ntstatus_equal(tctx, status, + NT_STATUS_FILE_IS_A_DIRECTORY, + "NTCREATEX_OPTIONS_NON_DIRECTORY_FILE should be returned "); + smbcli_close(cli->tree, io.ntcreatex.out.file.fnum); + +done: + smbcli_close(cli->tree, io.ntcreatex.out.file.fnum); + smbcli_deltree(cli->tree, BASEDIR); + + return ret; +} /* basic testing of all RAW_OPEN_* calls */ @@ -1902,6 +2099,7 @@ struct torture_suite *torture_raw_open(TALLOC_CTX *mem_ctx) torture_suite_add_1smb_test(suite, "OPENX-OVER-DIR", test_openx_over_dir); torture_suite_add_1smb_test(suite, "OPEN-FOR-DELETE", test_open_for_delete); torture_suite_add_1smb_test(suite, "OPENDISP-DIR", test_ntcreatex_opendisp_dir); + torture_suite_add_1smb_test(suite, "NTCREATEDIR", test_ntcreatexdir); return suite; } -- cgit From c915bd87185f37f95272b3332aecb470d93a5548 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 3 Jan 2010 23:08:46 +0100 Subject: linked_attributes: Fix missing dependency on util. --- source4/dsdb/samdb/ldb_modules/config.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 6128dc9d65..8f7b5d3258 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -337,7 +337,7 @@ ldb_subtree_delete_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/subtree_delete.o [MODULE::ldb_linked_attributes] INIT_FUNCTION = LDB_MODULE(linked_attributes) CFLAGS = -Ilib/ldb/include -PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS SAMDB +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS SAMDB DSDB_MODULE_HELPERS SUBSYSTEM = LIBLDB # End MODULE ldb_linked_attributes ################################################ -- cgit From fbc3a0fe6248871d6e8bed6947559c10f762954f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 4 Jan 2010 14:13:21 +1100 Subject: s4-dsdb: added samdb_reference_dn() This returns a 'reference' DN, which is a link to a DN, from the specified object. It is then used by samdb_server_reference_dn() which returns the serverReference DN, and samdb_rid_manager_dn() which returns the rIDManagerReference DN. --- source4/dsdb/common/util.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index b8ba26a4ec..2548b0b155 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1521,6 +1521,68 @@ struct ldb_dn *samdb_server_site_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx return server_site_dn; } +/* + find a 'reference' DN that points at another object + (eg. serverReference, rIDManagerReference etc) + */ +int samdb_reference_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_dn *base, + const char *attribute, struct ldb_dn **dn) +{ + const char *attrs[2]; + struct ldb_result *res; + int ret; + + attrs[0] = attribute; + attrs[1] = NULL; + + ret = ldb_search(ldb, mem_ctx, &res, base, LDB_SCOPE_BASE, attrs, NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + if (res->count != 1) { + talloc_free(res); + return LDB_ERR_NO_SUCH_OBJECT; + } + + *dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, res->msgs[0], attribute); + if (!*dn) { + talloc_free(res); + return LDB_ERR_NO_SUCH_ATTRIBUTE; + } + + talloc_free(res); + return LDB_SUCCESS; +} + +/* + find our machine account via the serverReference attribute in the + server DN + */ +int samdb_server_reference_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_dn **dn) +{ + struct ldb_dn *server_dn; + int ret; + + server_dn = samdb_server_dn(ldb, mem_ctx); + if (server_dn == NULL) { + return LDB_ERR_NO_SUCH_OBJECT; + } + + ret = samdb_reference_dn(ldb, mem_ctx, server_dn, "serverReference", dn); + talloc_free(server_dn); + + return ret; +} + +/* + find the RID Manager$ DN via the rIDManagerReference attribute in the + base DN + */ +int samdb_rid_manager_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_dn **dn) +{ + return samdb_reference_dn(ldb, mem_ctx, samdb_base_dn(ldb), "rIDManagerReference", dn); +} + const char *samdb_server_site_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx) { const struct ldb_val *val = ldb_dn_get_rdn_val(samdb_server_site_dn(ldb, mem_ctx)); -- cgit From bd6d0e93795589f18894b4e3837970436969fc60 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 5 Jan 2010 15:12:16 +1100 Subject: s4-ldb: added nice ldif display of 64 bit ranges for RIDs --- source4/lib/ldb-samba/ldif_handlers.c | 118 ++++++++++++++++++++++++++++++++++ source4/lib/ldb-samba/ldif_handlers.h | 1 + 2 files changed, 119 insertions(+) (limited to 'source4') diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index 4611eba3f1..10a733382a 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -700,6 +700,26 @@ static int val_to_int32(const struct ldb_val *in, int32_t *v) return LDB_SUCCESS; } +/* length limited conversion of a ldb_val to a int64_t */ +static int val_to_int64(const struct ldb_val *in, int64_t *v) +{ + char *end; + char buf[64]; + + /* make sure we don't read past the end of the data */ + if (in->length > sizeof(buf)-1) { + return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + } + strncpy(buf, (char *)in->data, in->length); + buf[in->length] = 0; + + *v = (int64_t) strtoll(buf, &end, 0); + if (*end != 0) { + return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + } + return LDB_SUCCESS; +} + /* Canonicalisation of two 32-bit integers */ static int ldif_canonicalise_int32(struct ldb_context *ldb, void *mem_ctx, const struct ldb_val *in, struct ldb_val *out) @@ -731,6 +751,37 @@ static int ldif_comparison_int32(struct ldb_context *ldb, void *mem_ctx, return i1 > i2? 1 : -1; } +/* Canonicalisation of two 64-bit integers */ +static int ldif_canonicalise_int64(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + int64_t i; + int ret; + + ret = val_to_int64(in, &i); + if (ret != LDB_SUCCESS) { + return ret; + } + out->data = (uint8_t *) talloc_asprintf(mem_ctx, "%lld", (long long)i); + if (out->data == NULL) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + out->length = strlen((char *)out->data); + return 0; +} + +/* Comparison of two 64-bit integers */ +static int ldif_comparison_int64(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *v1, const struct ldb_val *v2) +{ + int64_t i1=0, i2=0; + val_to_int64(v1, &i1); + val_to_int64(v2, &i2); + if (i1 == i2) return 0; + return i1 > i2? 1 : -1; +} + /* convert a NDR formatted blob to a ldif formatted repsFromTo */ @@ -778,6 +829,64 @@ static int extended_dn_write_hex(struct ldb_context *ldb, void *mem_ctx, return 0; } + +/* + write a 64 bit 2-part range +*/ +static int ldif_write_range64(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + int64_t v; + int ret; + ret = val_to_int64(in, &v); + if (ret != LDB_SUCCESS) { + return ret; + } + out->data = (uint8_t *)talloc_asprintf(mem_ctx, "%lu-%lu", + (unsigned long)(v&0xFFFFFFFF), + (unsigned long)(v>>32)); + if (out->data == NULL) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + out->length = strlen((char *)out->data); + return LDB_SUCCESS; +} + +/* + read a 64 bit 2-part range +*/ +static int ldif_read_range64(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + unsigned long high, low; + char buf[64]; + + if (memchr(in->data, '-', in->length) == NULL) { + return ldb_handler_copy(ldb, mem_ctx, in, out); + } + + if (in->length > sizeof(buf)-1) { + return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + } + strncpy(buf, (const char *)in->data, in->length); + buf[in->length] = 0; + + if (sscanf(buf, "%lu-%lu", &low, &high) != 2) { + return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + } + + out->data = (uint8_t *)talloc_asprintf(mem_ctx, "%llu", + (unsigned long long)(((uint64_t)high)<<32) | (low)); + + if (out->data == NULL) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + out->length = strlen((char *)out->data); + return LDB_SUCCESS; +} + static const struct ldb_schema_syntax samba_syntaxes[] = { { .name = LDB_SYNTAX_SAMBA_SID, @@ -845,6 +954,12 @@ static const struct ldb_schema_syntax samba_syntaxes[] = { .ldif_write_fn = ldb_handler_copy, .canonicalise_fn = dsdb_dn_string_canonicalise, .comparison_fn = dsdb_dn_string_comparison + },{ + .name = LDB_SYNTAX_SAMBA_RANGE64, + .ldif_read_fn = ldif_read_range64, + .ldif_write_fn = ldif_write_range64, + .canonicalise_fn = ldif_canonicalise_int64, + .comparison_fn = ldif_comparison_int64 }, }; @@ -928,6 +1043,9 @@ static const struct { { "repsTo", LDB_SYNTAX_SAMBA_REPSFROMTO }, { "replPropertyMetaData", LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA }, { "replUpToDateVector", LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR }, + { "rIDAllocationPool", LDB_SYNTAX_SAMBA_RANGE64 }, + { "rIDPreviousAllocationPool", LDB_SYNTAX_SAMBA_RANGE64 }, + { "rIDAvailablePool", LDB_SYNTAX_SAMBA_RANGE64 }, }; const struct ldb_schema_syntax *ldb_samba_syntax_by_name(struct ldb_context *ldb, const char *name) diff --git a/source4/lib/ldb-samba/ldif_handlers.h b/source4/lib/ldb-samba/ldif_handlers.h index 6906c822f9..8e4df77ffc 100644 --- a/source4/lib/ldb-samba/ldif_handlers.h +++ b/source4/lib/ldb-samba/ldif_handlers.h @@ -10,6 +10,7 @@ #define LDB_SYNTAX_SAMBA_REPSFROMTO "LDB_SYNTAX_SAMBA_REPSFROMTO" #define LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA "LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA" #define LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR "LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR" +#define LDB_SYNTAX_SAMBA_RANGE64 "LDB_SYNTAX_SAMBA_RANGE64" #include "lib/ldb-samba/ldif_handlers_proto.h" -- cgit From a1362492ab71a8853d2292d55b35e5c90de9448e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 5 Jan 2010 15:20:10 +1100 Subject: s4-provision: added an initial RID Set We will allocate RIDs from this set Pair-Programmed-With: Andrew Bartlett --- source4/setup/provision.ldif | 3 ++- source4/setup/provision_self_join.ldif | 11 ++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 395d404268..db29d3a108 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -431,7 +431,8 @@ dn: CN=RID Manager$,CN=System,${DOMAINDN} objectClass: top objectClass: rIDManager systemFlags: -1946157056 -rIDAvailablePool: 4611686014132423217 +# we have granted up to 1499 to ourselves in a RID Set +rIDAvailablePool: 1500-1073741823 isCriticalSystemObject: TRUE dn: CN=RpcServices,CN=System,${DOMAINDN} diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index 0d28b51a43..f110902316 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -15,7 +15,7 @@ localPolicyFlags: 0 operatingSystem: Samba operatingSystemVersion: ${SAMBA_VERSION_STRING} primaryGroupID: 516 -# "rIDSetReferences" doesn't exist since we still miss distributed RIDs +rIDSetReferences: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} sAMAccountName: ${NETBIOSNAME}$ # "servicePrincipalName" for FRS doesn't exit since we still miss FRS support # "servicePrincipalName"s for DNS ("ldap/../ForestDnsZones", @@ -34,6 +34,15 @@ servicePrincipalName: ldap/${DNSNAME}/${REALM} userAccountControl: 532480 userPassword:: ${MACHINEPASS_B64} +dn: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} +objectClass: top +objectClass: rIDSet +rIDAllocationPool: 1000-1499 +rIDPreviousAllocationPool: 1000-1499 +rIDUsedPool: 0 +rIDNextRID: 1000 + + # Here are missing the objects for the NTFRS subscription and the RID set since # we don't support those techniques (FRS, distributed RIDs) yet. -- cgit From 2bad107aa1110bd003aaca91c3214fe2c6b07197 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 5 Jan 2010 17:07:51 +1100 Subject: s4-dsdb: added samdb_rid_set_dn() This returns the DN of our RID Set object Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/common/util.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 2548b0b155..2b8a68e58f 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1583,6 +1583,24 @@ int samdb_rid_manager_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ld return samdb_reference_dn(ldb, mem_ctx, samdb_base_dn(ldb), "rIDManagerReference", dn); } +/* + find the RID Set DN via the rIDSetReferences attribute in our + machine account DN + */ +int samdb_rid_set_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_dn **dn) +{ + struct ldb_dn *server_ref_dn; + int ret; + + ret = samdb_server_reference_dn(ldb, mem_ctx, &server_ref_dn); + if (ret != LDB_SUCCESS) { + return ret; + } + ret = samdb_reference_dn(ldb, mem_ctx, server_ref_dn, "rIDSetReferences", dn); + talloc_free(server_ref_dn); + return ret; +} + const char *samdb_server_site_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx) { const struct ldb_val *val = ldb_dn_get_rdn_val(samdb_server_site_dn(ldb, mem_ctx)); -- cgit From 5eb3b919c59b62065db32e0575fcd1d84a64e3db Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 5 Jan 2010 17:08:56 +1100 Subject: s4-provision: the DC object itself needs a fixed objectSID We can't allocate a objectSID until we have rIDSetReferences, but that is in the DC object, so we have to force the objectSID of the DC Pair-Programmed-With: Andrew Bartlett --- source4/scripting/python/samba/provision.py | 1 + source4/setup/provision_self_join.ldif | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index d7d0a790ca..62ca9282d1 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -796,6 +796,7 @@ def setup_self_join(samdb, names, "DNSPASS_B64": b64encode(dnspass), "REALM": names.realm, "DOMAIN": names.domain, + "DOMAINSID": str(domainsid), "DNSDOMAIN": names.dnsdomain, "SAMBA_VERSION_STRING": version, "NTDSGUID": ntdsguid_line, diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index f110902316..0ad1b90fdb 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -33,6 +33,7 @@ servicePrincipalName: ldap/${DNSNAME} servicePrincipalName: ldap/${DNSNAME}/${REALM} userAccountControl: 532480 userPassword:: ${MACHINEPASS_B64} +objectSID: ${DOMAINSID}-1001 dn: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} objectClass: top @@ -40,7 +41,7 @@ objectClass: rIDSet rIDAllocationPool: 1000-1499 rIDPreviousAllocationPool: 1000-1499 rIDUsedPool: 0 -rIDNextRID: 1000 +rIDNextRID: 1001 # Here are missing the objects for the NTFRS subscription and the RID set since -- cgit From 7f90a05c66df5483e949b109b9018ee70b9c5d27 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 5 Jan 2010 17:09:51 +1100 Subject: s4-samldb: use RID Set to allocate user/group RIDs This is the first step towards DRS-friendly RID allocation. We now get the next rid from the RID Set object Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/samldb.c | 663 +++++--------------------------- 1 file changed, 104 insertions(+), 559 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 17a99c74c7..4fb842fdc6 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -59,12 +59,6 @@ struct samldb_ctx { /* the resulting message */ struct ldb_message *msg; - /* used to find parent domain */ - struct ldb_dn *check_dn; - struct ldb_dn *domain_dn; - struct dom_sid *domain_sid; - uint32_t next_rid; - /* holds the entry SID */ struct dom_sid *sid; @@ -175,139 +169,6 @@ static int samldb_next_step(struct samldb_ctx *ac) } } -/* - * samldb_get_parent_domain (async) - */ - -static int samldb_get_parent_domain(struct samldb_ctx *ac); - -static int samldb_get_parent_domain_callback(struct ldb_request *req, - struct ldb_reply *ares) -{ - struct ldb_context *ldb; - struct samldb_ctx *ac; - const char *nextRid; - int ret; - - ac = talloc_get_type(req->context, struct samldb_ctx); - ldb = ldb_module_get_ctx(ac->module); - - if (!ares) { - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; - } - if (ares->error != LDB_SUCCESS) { - return ldb_module_done(ac->req, ares->controls, - ares->response, ares->error); - } - - switch (ares->type) { - case LDB_REPLY_ENTRY: - /* save entry */ - if ((ac->domain_dn != NULL) || (ac->domain_sid != NULL)) { - /* one too many! */ - ldb_set_errstring(ldb, - "Invalid number of results while searching " - "for domain object!"); - ret = LDB_ERR_OPERATIONS_ERROR; - break; - } - - nextRid = ldb_msg_find_attr_as_string(ares->message, - "nextRid", NULL); - if (nextRid == NULL) { - ldb_asprintf_errstring(ldb, - "While looking for domain above %s attribute nextRid not found in %s!", - ldb_dn_get_linearized( - ac->req->op.add.message->dn), - ldb_dn_get_linearized(ares->message->dn)); - ret = LDB_ERR_OPERATIONS_ERROR; - break; - } - - ac->next_rid = strtol(nextRid, NULL, 0); - - ac->domain_sid = samdb_result_dom_sid(ac, ares->message, - "objectSid"); - if (ac->domain_sid == NULL) { - ldb_set_errstring(ldb, - "Unable to get the parent domain SID!"); - ret = LDB_ERR_CONSTRAINT_VIOLATION; - break; - } - ac->domain_dn = ldb_dn_copy(ac, ares->message->dn); - - talloc_free(ares); - ret = LDB_SUCCESS; - break; - - case LDB_REPLY_REFERRAL: - /* ignore */ - talloc_free(ares); - ret = LDB_SUCCESS; - break; - - case LDB_REPLY_DONE: - talloc_free(ares); - if ((ac->domain_dn == NULL) || (ac->domain_sid == NULL)) { - /* not found -> retry */ - ret = samldb_get_parent_domain(ac); - } else { - /* found, go on */ - ret = samldb_next_step(ac); - } - break; - } - -done: - if (ret != LDB_SUCCESS) { - return ldb_module_done(ac->req, NULL, NULL, ret); - } - - return LDB_SUCCESS; -} - -/* Find a domain object in the parents of a particular DN. */ -static int samldb_get_parent_domain(struct samldb_ctx *ac) -{ - struct ldb_context *ldb; - static const char * const attrs[] = { "objectSid", "nextRid", NULL }; - struct ldb_request *req; - struct ldb_dn *dn; - int ret; - - ldb = ldb_module_get_ctx(ac->module); - - if (ac->check_dn == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - dn = ldb_dn_get_parent(ac, ac->check_dn); - if (dn == NULL) { - ldb_set_errstring(ldb, - "Unable to find parent domain object!"); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - ac->check_dn = dn; - - ret = ldb_build_search_req(&req, ldb, ac, - dn, LDB_SCOPE_BASE, - "(|(objectClass=domain)" - "(objectClass=builtinDomain))", - attrs, - NULL, - ac, samldb_get_parent_domain_callback, - ac->req); - - if (ret != LDB_SUCCESS) { - return ret; - } - - return ldb_next_request(ac->module, req); -} - - static int samldb_generate_samAccountName(struct ldb_message *msg) { char *name; @@ -395,7 +256,7 @@ static int samldb_check_samAccountName(struct samldb_ctx *ac) } ret = ldb_build_search_req(&req, ldb, ac, - ac->domain_dn, LDB_SCOPE_SUBTREE, + samdb_base_dn(ldb), LDB_SCOPE_SUBTREE, filter, NULL, NULL, ac, samldb_check_samAccountName_callback, @@ -464,134 +325,128 @@ static int samldb_check_samAccountType(struct samldb_ctx *ac) return samldb_next_step(ac); } +static bool samldb_msg_add_sid(struct ldb_message *msg, + const char *name, + const struct dom_sid *sid) +{ + struct ldb_val v; + enum ndr_err_code ndr_err; + + ndr_err = ndr_push_struct_blob(&v, msg, NULL, sid, + (ndr_push_flags_fn_t)ndr_push_dom_sid); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return false; + } + return (ldb_msg_add_value(msg, name, &v, NULL) == 0); +} -/* - * samldb_get_sid_domain (async) - */ -static int samldb_get_sid_domain_callback(struct ldb_request *req, - struct ldb_reply *ares) +/* allocate a SID using our RID Set */ +static int samldb_allocate_sid(struct samldb_ctx *ac) { struct ldb_context *ldb; - struct samldb_ctx *ac; - const char *nextRid; + static const char * const attrs[] = { "rIDAllocationPool", "rIDNextRID" , NULL }; int ret; + struct ldb_dn *rid_set_dn; + struct ldb_result *res; + uint64_t alloc_pool; + uint32_t alloc_pool_lo, alloc_pool_hi; + int next_rid; + struct ldb_message *msg; + TALLOC_CTX *tmp_ctx = talloc_new(ac); + struct ldb_message_element *el; + struct ldb_val v1, v2; + char *ridstring; - ac = talloc_get_type(req->context, struct samldb_ctx); ldb = ldb_module_get_ctx(ac->module); - if (!ares) { - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; - } - if (ares->error != LDB_SUCCESS) { - return ldb_module_done(ac->req, ares->controls, - ares->response, ares->error); - } - - switch (ares->type) { - case LDB_REPLY_ENTRY: - /* save entry */ - if (ac->next_rid != 0) { - /* one too many! */ - ldb_set_errstring(ldb, - "Invalid number of results while searching " - "for domain object!"); - ret = LDB_ERR_OPERATIONS_ERROR; - break; - } - - nextRid = ldb_msg_find_attr_as_string(ares->message, - "nextRid", NULL); - if (nextRid == NULL) { - ldb_asprintf_errstring(ldb, - "Attribute nextRid not found in %s!", - ldb_dn_get_linearized(ares->message->dn)); - ret = LDB_ERR_OPERATIONS_ERROR; - break; - } - - ac->next_rid = strtol(nextRid, NULL, 0); - - ac->domain_dn = ldb_dn_copy(ac, ares->message->dn); - - talloc_free(ares); - ret = LDB_SUCCESS; - break; - - case LDB_REPLY_REFERRAL: - /* ignore */ - talloc_free(ares); - ret = LDB_SUCCESS; - break; - - case LDB_REPLY_DONE: - talloc_free(ares); - if (ac->next_rid == 0) { - ldb_asprintf_errstring(ldb, - "Unable to get nextRid from domain entry!"); - ret = LDB_ERR_OPERATIONS_ERROR; - break; - } - - /* found, go on */ - ret = samldb_next_step(ac); - break; + ret = samdb_rid_set_dn(ldb, tmp_ctx, &rid_set_dn); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, __location__ ": No RID Set DN"); + talloc_free(tmp_ctx); + return ret; } -done: + ret = dsdb_module_search_dn(ac->module, tmp_ctx, &res, rid_set_dn, + attrs, 0); if (ret != LDB_SUCCESS) { - return ldb_module_done(ac->req, NULL, NULL, ret); + ldb_asprintf_errstring(ldb, __location__ ": No RID Set %s", ldb_dn_get_linearized(rid_set_dn)); + talloc_free(tmp_ctx); + return ret; } - return LDB_SUCCESS; -} + alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAllocationPool", 0); + next_rid = ldb_msg_find_attr_as_int(res->msgs[0], "rIDNextRID", -1); + if (next_rid == -1 || alloc_pool == 0) { + ldb_asprintf_errstring(ldb, __location__ ": Bad RID Set %s", ldb_dn_get_linearized(rid_set_dn)); + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } -/* Find a domain object in the parents of a particular DN. */ -static int samldb_get_sid_domain(struct samldb_ctx *ac) -{ - struct ldb_context *ldb; - static const char * const attrs[] = { "nextRid", NULL }; - struct ldb_request *req; - char *filter; - int ret; + alloc_pool_lo = alloc_pool & 0xFFFFFFFF; + alloc_pool_hi = alloc_pool >> 32; + if (next_rid > alloc_pool_hi) { + /* TODO: add call to RID Manager */ + ldb_asprintf_errstring(ldb, __location__ ": Out of RIDs in RID Set %s", + ldb_dn_get_linearized(rid_set_dn)); + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } - ldb = ldb_module_get_ctx(ac->module); + /* despite the name, rIDNextRID is the value of the last user + * added by this DC, not the next available RID */ + ac->sid = dom_sid_add_rid(ac, samdb_domain_sid(ldb), next_rid+1); if (ac->sid == NULL) { + talloc_free(tmp_ctx); return LDB_ERR_OPERATIONS_ERROR; } - ac->domain_sid = dom_sid_dup(ac, ac->sid); - if (!ac->domain_sid) { + if ( ! samldb_msg_add_sid(ac->msg, "objectSid", ac->sid)) { + talloc_free(tmp_ctx); return LDB_ERR_OPERATIONS_ERROR; } - /* get the domain component part of the provided SID */ - ac->domain_sid->num_auths--; - filter = talloc_asprintf(ac, - "(&(objectSid=%s)" - "(|(objectClass=domain)" - "(objectClass=builtinDomain)))", - ldap_encode_ndr_dom_sid(ac, ac->domain_sid)); - if (filter == NULL) { + /* now modify the RID Set to use up this RID using a + * constrained delete/add */ + msg = ldb_msg_new(tmp_ctx); + msg->dn = rid_set_dn; + + ret = ldb_msg_add_empty(msg, "rIDNextRID", LDB_FLAG_MOD_DELETE, &el); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + el->num_values = 1; + el->values = &v1; + ridstring = talloc_asprintf(msg, "%u", (unsigned)next_rid); + if (!ridstring) { + ldb_module_oom(ac->module); return LDB_ERR_OPERATIONS_ERROR; } + v1 = data_blob_string_const(ridstring); - ret = ldb_build_search_req(&req, ldb, ac, - ldb_get_default_basedn(ldb), - LDB_SCOPE_SUBTREE, - filter, attrs, - NULL, - ac, samldb_get_sid_domain_callback, - ac->req); + ret = ldb_msg_add_empty(msg, "rIDNextRID", LDB_FLAG_MOD_ADD, &el); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + el->num_values = 1; + el->values = &v2; + ridstring = talloc_asprintf(msg, "%u", (unsigned)next_rid+1); + if (!ridstring) { + ldb_module_oom(ac->module); + return LDB_ERR_OPERATIONS_ERROR; + } + v2 = data_blob_string_const(ridstring); + ret = dsdb_module_modify(ac->module, msg, 0); if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); return ret; } - ac->next_rid = 0; - return ldb_next_request(ac->module, req); + return samldb_next_step(ac); } /* @@ -722,161 +577,6 @@ static int samldb_check_primaryGroupID_2(struct samldb_ctx *ac) } -static bool samldb_msg_add_sid(struct ldb_message *msg, - const char *name, - const struct dom_sid *sid) -{ - struct ldb_val v; - enum ndr_err_code ndr_err; - - ndr_err = ndr_push_struct_blob(&v, msg, NULL, sid, - (ndr_push_flags_fn_t)ndr_push_dom_sid); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return false; - } - return (ldb_msg_add_value(msg, name, &v, NULL) == 0); -} - -static int samldb_new_sid(struct samldb_ctx *ac) -{ - - if (ac->domain_sid == NULL || ac->next_rid == 0) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ac->sid = dom_sid_add_rid(ac, ac->domain_sid, ac->next_rid + 1); - if (ac->sid == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if ( ! samldb_msg_add_sid(ac->msg, "objectSid", ac->sid)) { - return LDB_ERR_OPERATIONS_ERROR; - } - - return samldb_next_step(ac); -} - -/* - * samldb_notice_sid_callback (async) - */ - -static int samldb_notice_sid_callback(struct ldb_request *req, - struct ldb_reply *ares) -{ - struct ldb_context *ldb; - struct samldb_ctx *ac; - int ret; - - ac = talloc_get_type(req->context, struct samldb_ctx); - ldb = ldb_module_get_ctx(ac->module); - - if (!ares) { - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; - } - if (ares->error != LDB_SUCCESS) { - return ldb_module_done(ac->req, ares->controls, - ares->response, ares->error); - } - if (ares->type != LDB_REPLY_DONE) { - ldb_set_errstring(ldb, - "Invalid reply type!"); - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; - } - - ret = samldb_next_step(ac); - -done: - if (ret != LDB_SUCCESS) { - return ldb_module_done(ac->req, NULL, NULL, ret); - } - - return LDB_SUCCESS; -} - -/* If we are adding new users/groups, we need to update the nextRid - * attribute to be 'above' the new/incoming RID. Attempt to do it - * atomically. */ -static int samldb_notice_sid(struct samldb_ctx *ac) -{ - struct ldb_context *ldb; - uint32_t old_id, new_id; - struct ldb_request *req; - struct ldb_message *msg; - struct ldb_message_element *els; - struct ldb_val *vals; - int ret; - - ldb = ldb_module_get_ctx(ac->module); - old_id = ac->next_rid; - new_id = ac->sid->sub_auths[ac->sid->num_auths - 1]; - - if (old_id >= new_id) { - /* no need to update the domain nextRid attribute */ - return samldb_next_step(ac); - } - - /* we do a delete and add as a single operation. That prevents - a race, in case we are not actually on a transaction db */ - msg = ldb_msg_new(ac); - if (msg == NULL) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - els = talloc_array(msg, struct ldb_message_element, 2); - if (els == NULL) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - vals = talloc_array(msg, struct ldb_val, 2); - if (vals == NULL) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - msg->dn = ac->domain_dn; - msg->num_elements = 2; - msg->elements = els; - - els[0].num_values = 1; - els[0].values = &vals[0]; - els[0].flags = LDB_FLAG_MOD_DELETE; - els[0].name = talloc_strdup(msg, "nextRid"); - if (!els[0].name) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - els[1].num_values = 1; - els[1].values = &vals[1]; - els[1].flags = LDB_FLAG_MOD_ADD; - els[1].name = els[0].name; - - vals[0].data = (uint8_t *)talloc_asprintf(vals, "%u", old_id); - if (!vals[0].data) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - vals[0].length = strlen((char *)vals[0].data); - - vals[1].data = (uint8_t *)talloc_asprintf(vals, "%u", new_id); - if (!vals[1].data) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - vals[1].length = strlen((char *)vals[1].data); - - ret = ldb_build_mod_req(&req, ldb, ac, - msg, NULL, - ac, samldb_notice_sid_callback, - ac->req); - if (ret != LDB_SUCCESS) { - return ret; - } - - return ldb_next_request(ac->module, req); -} - /* * samldb_set_defaultObjectCategory_callback (async) */ @@ -1142,11 +842,6 @@ static int samldb_fill_object(struct samldb_ctx *ac, const char *type) ldb = ldb_module_get_ctx(ac->module); - /* search for a parent domain objet */ - ac->check_dn = ac->req->op.add.message->dn; - ret = samldb_add_step(ac, samldb_get_parent_domain); - if (ret != LDB_SUCCESS) return ret; - /* Add informations for the different account types */ ac->type = type; if (strcmp(ac->type, "user") == 0) { @@ -1287,20 +982,20 @@ static int samldb_fill_object(struct samldb_ctx *ac, const char *type) lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"), struct loadparm_context); - sid_generator = lp_sid_generator(lp_ctx); - if (sid_generator == SID_GENERATOR_INTERNAL) { - /* check if we have a valid SID */ - ac->sid = samdb_result_dom_sid(ac, ac->msg, "objectSid"); - if ( ! ac->sid) { - ret = samldb_add_step(ac, samldb_new_sid); - if (ret != LDB_SUCCESS) return ret; - } else { - ret = samldb_add_step(ac, samldb_get_sid_domain); + /* don't allow objectSID to be specified without the RELAX control */ + ac->sid = samdb_result_dom_sid(ac, ac->msg, "objectSid"); + if (ac->sid && !ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) { + ldb_asprintf_errstring(ldb, "No SID may be specified in user/group creation for %s", + ldb_dn_get_linearized(ac->msg->dn)); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + if ( ! ac->sid) { + sid_generator = lp_sid_generator(lp_ctx); + if (sid_generator == SID_GENERATOR_INTERNAL) { + ret = samldb_add_step(ac, samldb_allocate_sid); if (ret != LDB_SUCCESS) return ret; } - - ret = samldb_add_step(ac, samldb_notice_sid); - if (ret != LDB_SUCCESS) return ret; } /* finally proceed with adding the entry */ @@ -1310,144 +1005,6 @@ static int samldb_fill_object(struct samldb_ctx *ac, const char *type) return samldb_first_step(ac); } -/* - * samldb_foreign_notice_sid (async) - */ - -static int samldb_foreign_notice_sid_callback(struct ldb_request *req, - struct ldb_reply *ares) -{ - struct ldb_context *ldb; - struct samldb_ctx *ac; - const char *nextRid; - const char *name; - int ret; - - ac = talloc_get_type(req->context, struct samldb_ctx); - ldb = ldb_module_get_ctx(ac->module); - - if (!ares) { - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; - } - if (ares->error != LDB_SUCCESS) { - return ldb_module_done(ac->req, ares->controls, - ares->response, ares->error); - } - - switch (ares->type) { - case LDB_REPLY_ENTRY: - /* save entry */ - if (ac->next_rid != 0) { - /* one too many! */ - ldb_set_errstring(ldb, - "Invalid number of results while searching " - "for domain object!"); - ret = LDB_ERR_OPERATIONS_ERROR; - break; - } - - nextRid = ldb_msg_find_attr_as_string(ares->message, - "nextRid", NULL); - if (nextRid == NULL) { - ldb_asprintf_errstring(ldb, - "While looking for foreign SID %s attribute nextRid not found in %s", - dom_sid_string(ares, ac->sid), - ldb_dn_get_linearized(ares->message->dn)); - ret = LDB_ERR_OPERATIONS_ERROR; - break; - } - - ac->next_rid = strtol(nextRid, NULL, 0); - - ac->domain_dn = ldb_dn_copy(ac, ares->message->dn); - - name = samdb_result_string(ares->message, "name", NULL); - ldb_debug(ldb, LDB_DEBUG_TRACE, - "NOTE (strange but valid): Adding foreign SID " - "record with SID %s, but this domain (%s) is " - "not foreign in the database\n", - dom_sid_string(ares, ac->sid), name); - - talloc_free(ares); - ret = LDB_SUCCESS; - break; - - case LDB_REPLY_REFERRAL: - /* ignore */ - talloc_free(ares); - ret = LDB_SUCCESS; - break; - - case LDB_REPLY_DONE: - talloc_free(ares); - - /* if this is a fake foreign SID, notice the SID */ - if (ac->domain_dn) { - ret = samldb_notice_sid(ac); - break; - } - - /* found, go on */ - ret = samldb_next_step(ac); - break; - } - -done: - if (ret != LDB_SUCCESS) { - return ldb_module_done(ac->req, NULL, NULL, ret); - } - - return LDB_SUCCESS; -} - -/* Find a domain object in the parents of a particular DN. */ -static int samldb_foreign_notice_sid(struct samldb_ctx *ac) -{ - struct ldb_context *ldb; - static const char * const attrs[3] = { "nextRid", "name", NULL }; - struct ldb_request *req; - NTSTATUS status; - char *filter; - int ret; - - ldb = ldb_module_get_ctx(ac->module); - - if (ac->sid == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - status = dom_sid_split_rid(ac, ac->sid, &ac->domain_sid, NULL); - if (!NT_STATUS_IS_OK(status)) { - return LDB_ERR_OPERATIONS_ERROR; - } - - - filter = talloc_asprintf(ac, - "(&(objectSid=%s)" - "(|(objectClass=domain)" - "(objectClass=builtinDomain)))", - ldap_encode_ndr_dom_sid(ac, ac->domain_sid)); - if (filter == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ret = ldb_build_search_req(&req, ldb, ac, - ldb_get_default_basedn(ldb), - LDB_SCOPE_SUBTREE, - filter, attrs, - NULL, - ac, samldb_foreign_notice_sid_callback, - ac->req); - - if (ret != LDB_SUCCESS) { - return ret; - } - - return ldb_next_request(ac->module, req); -} - - static int samldb_fill_foreignSecurityPrincipal_object(struct samldb_ctx *ac) { struct ldb_context *ldb; @@ -1455,8 +1012,6 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct samldb_ctx *ac) ldb = ldb_module_get_ctx(ac->module); - ac->next_rid = 0; - ac->sid = samdb_result_dom_sid(ac->msg, ac->msg, "objectSid"); if (ac->sid == NULL) { ac->sid = dom_sid_parse_talloc(ac->msg, @@ -1474,10 +1029,6 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct samldb_ctx *ac) } } - /* check if we need to notice this SID */ - ret = samldb_add_step(ac, samldb_foreign_notice_sid); - if (ret != LDB_SUCCESS) return ret; - /* finally proceed with adding the entry */ ret = samldb_add_step(ac, samldb_add_entry); if (ret != LDB_SUCCESS) return ret; @@ -2393,14 +1944,8 @@ static int samldb_delete(struct ldb_module *module, struct ldb_request *req) } -static int samldb_init(struct ldb_module *module) -{ - return ldb_next_init(module); -} - _PUBLIC_ const struct ldb_module_ops ldb_samldb_module_ops = { .name = "samldb", - .init_context = samldb_init, .add = samldb_add, .modify = samldb_modify, .del = samldb_delete -- cgit From 226460d543892fcfcb569297bc450648f4fc4f0f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 5 Jan 2010 18:23:46 +1100 Subject: s4-dsdb: move the RID allocation logic into ridalloc.c This will end up having the RID Manager logic as well, so all the RID pool allocation logic is in one spot Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/config.mk | 4 +- source4/dsdb/samdb/ldb_modules/ridalloc.c | 140 ++++++++++++++++++++++++++++++ source4/dsdb/samdb/ldb_modules/samldb.c | 93 ++------------------ 3 files changed, 148 insertions(+), 89 deletions(-) create mode 100644 source4/dsdb/samdb/ldb_modules/ridalloc.c (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 8f7b5d3258..38ea1483e9 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -3,7 +3,9 @@ [SUBSYSTEM::DSDB_MODULE_HELPERS] PRIVATE_DEPENDENCIES = LIBLDB LIBNDR SAMDB_SCHEMA -DSDB_MODULE_HELPERS_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/util.o +DSDB_MODULE_HELPERS_OBJ_FILES = \ + $(dsdbsrcdir)/samdb/ldb_modules/util.o \ + $(dsdbsrcdir)/samdb/ldb_modules/ridalloc.o $(eval $(call proto_header_template,$(dsdbsrcdir)/samdb/ldb_modules/util_proto.h,$(DSDB_MODULE_HELPERS_OBJ_FILES:.o=.c))) diff --git a/source4/dsdb/samdb/ldb_modules/ridalloc.c b/source4/dsdb/samdb/ldb_modules/ridalloc.c new file mode 100644 index 0000000000..12318314d8 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/ridalloc.c @@ -0,0 +1,140 @@ +/* + RID allocation helper functions + + Copyright (C) Andrew Bartlett 2010 + Copyright (C) Andrew Tridgell 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/* + * Name: ldb + * + * Component: RID allocation logic + * + * Description: manage RID Set and RID Manager objects + * + */ + +#include "includes.h" +#include "ldb_module.h" +#include "dsdb/samdb/samdb.h" +#include "dsdb/samdb/ldb_modules/util.h" + +/* allocate a RID using our RID Set + If we run out of RIDs then allocate a new pool + either locally or by contacting the RID Manager +*/ +int ridalloc_allocate_rid(struct ldb_module *module, uint32_t *rid) +{ + struct ldb_context *ldb; + static const char * const attrs[] = { "rIDAllocationPool", "rIDNextRID" , NULL }; + int ret; + struct ldb_dn *rid_set_dn; + struct ldb_result *res; + uint64_t alloc_pool; + uint32_t alloc_pool_lo, alloc_pool_hi; + int next_rid; + struct ldb_message *msg; + TALLOC_CTX *tmp_ctx = talloc_new(module); + struct ldb_message_element *el; + struct ldb_val v1, v2; + char *ridstring; + + ldb = ldb_module_get_ctx(module); + + ret = samdb_rid_set_dn(ldb, tmp_ctx, &rid_set_dn); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, __location__ ": No RID Set DN"); + talloc_free(tmp_ctx); + return ret; + } + + ret = dsdb_module_search_dn(module, tmp_ctx, &res, rid_set_dn, attrs, 0); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, __location__ ": No RID Set %s", + ldb_dn_get_linearized(rid_set_dn)); + talloc_free(tmp_ctx); + return ret; + } + + alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAllocationPool", 0); + next_rid = ldb_msg_find_attr_as_int(res->msgs[0], "rIDNextRID", -1); + if (next_rid == -1 || alloc_pool == 0) { + ldb_asprintf_errstring(ldb, __location__ ": Bad RID Set %s", + ldb_dn_get_linearized(rid_set_dn)); + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + alloc_pool_lo = alloc_pool & 0xFFFFFFFF; + alloc_pool_hi = alloc_pool >> 32; + if (next_rid > alloc_pool_hi) { + /* TODO: add call to RID Manager */ + ldb_asprintf_errstring(ldb, __location__ ": Out of RIDs in RID Set %s", + ldb_dn_get_linearized(rid_set_dn)); + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* despite the name, rIDNextRID is the value of the last user + * added by this DC, not the next available RID */ + + (*rid) = next_rid + 1; + + /* now modify the RID Set to use up this RID using a + * constrained delete/add */ + msg = ldb_msg_new(tmp_ctx); + msg->dn = rid_set_dn; + + ret = ldb_msg_add_empty(msg, "rIDNextRID", LDB_FLAG_MOD_DELETE, &el); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + el->num_values = 1; + el->values = &v1; + ridstring = talloc_asprintf(msg, "%u", (unsigned)next_rid); + if (!ridstring) { + ldb_module_oom(module); + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + v1 = data_blob_string_const(ridstring); + + ret = ldb_msg_add_empty(msg, "rIDNextRID", LDB_FLAG_MOD_ADD, &el); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + el->num_values = 1; + el->values = &v2; + ridstring = talloc_asprintf(msg, "%u", (unsigned)next_rid+1); + if (!ridstring) { + ldb_module_oom(module); + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + v2 = data_blob_string_const(ridstring); + + ret = dsdb_module_modify(module, msg, 0); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + + talloc_free(tmp_ctx); + + return LDB_SUCCESS; +} diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 4fb842fdc6..eb83633fe2 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -344,107 +344,24 @@ static bool samldb_msg_add_sid(struct ldb_message *msg, /* allocate a SID using our RID Set */ static int samldb_allocate_sid(struct samldb_ctx *ac) { - struct ldb_context *ldb; - static const char * const attrs[] = { "rIDAllocationPool", "rIDNextRID" , NULL }; + uint32_t rid; int ret; - struct ldb_dn *rid_set_dn; - struct ldb_result *res; - uint64_t alloc_pool; - uint32_t alloc_pool_lo, alloc_pool_hi; - int next_rid; - struct ldb_message *msg; - TALLOC_CTX *tmp_ctx = talloc_new(ac); - struct ldb_message_element *el; - struct ldb_val v1, v2; - char *ridstring; - - ldb = ldb_module_get_ctx(ac->module); - - ret = samdb_rid_set_dn(ldb, tmp_ctx, &rid_set_dn); - if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(ldb, __location__ ": No RID Set DN"); - talloc_free(tmp_ctx); - return ret; - } + struct ldb_context *ldb = ldb_module_get_ctx(ac->module); - ret = dsdb_module_search_dn(ac->module, tmp_ctx, &res, rid_set_dn, - attrs, 0); + ret = ridalloc_allocate_rid(ac->module, &rid); if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(ldb, __location__ ": No RID Set %s", ldb_dn_get_linearized(rid_set_dn)); - talloc_free(tmp_ctx); return ret; } - alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAllocationPool", 0); - next_rid = ldb_msg_find_attr_as_int(res->msgs[0], "rIDNextRID", -1); - if (next_rid == -1 || alloc_pool == 0) { - ldb_asprintf_errstring(ldb, __location__ ": Bad RID Set %s", ldb_dn_get_linearized(rid_set_dn)); - talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - - alloc_pool_lo = alloc_pool & 0xFFFFFFFF; - alloc_pool_hi = alloc_pool >> 32; - if (next_rid > alloc_pool_hi) { - /* TODO: add call to RID Manager */ - ldb_asprintf_errstring(ldb, __location__ ": Out of RIDs in RID Set %s", - ldb_dn_get_linearized(rid_set_dn)); - talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* despite the name, rIDNextRID is the value of the last user - * added by this DC, not the next available RID */ - - ac->sid = dom_sid_add_rid(ac, samdb_domain_sid(ldb), next_rid+1); + ac->sid = dom_sid_add_rid(ac, samdb_domain_sid(ldb), rid); if (ac->sid == NULL) { - talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - - if ( ! samldb_msg_add_sid(ac->msg, "objectSid", ac->sid)) { - talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* now modify the RID Set to use up this RID using a - * constrained delete/add */ - msg = ldb_msg_new(tmp_ctx); - msg->dn = rid_set_dn; - - ret = ldb_msg_add_empty(msg, "rIDNextRID", LDB_FLAG_MOD_DELETE, &el); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return ret; - } - el->num_values = 1; - el->values = &v1; - ridstring = talloc_asprintf(msg, "%u", (unsigned)next_rid); - if (!ridstring) { ldb_module_oom(ac->module); return LDB_ERR_OPERATIONS_ERROR; } - v1 = data_blob_string_const(ridstring); - ret = ldb_msg_add_empty(msg, "rIDNextRID", LDB_FLAG_MOD_ADD, &el); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return ret; - } - el->num_values = 1; - el->values = &v2; - ridstring = talloc_asprintf(msg, "%u", (unsigned)next_rid+1); - if (!ridstring) { - ldb_module_oom(ac->module); + if ( ! samldb_msg_add_sid(ac->msg, "objectSid", ac->sid)) { return LDB_ERR_OPERATIONS_ERROR; } - v2 = data_blob_string_const(ridstring); - - ret = dsdb_module_modify(ac->module, msg, 0); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return ret; - } return samldb_next_step(ac); } -- cgit From fcfb5d7b63293a13fa4984c0a4502a682a5a02a9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 09:15:35 +1100 Subject: s4-provision: allow provision modifies to add records we need to recognise a changetype of 'add' --- source4/scripting/python/samba/__init__.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py index 5d61c1bd8c..d7df6b979b 100644 --- a/source4/scripting/python/samba/__init__.py +++ b/source4/scripting/python/samba/__init__.py @@ -255,7 +255,10 @@ class Ldb(ldb.Ldb): :param ldif: LDIF text. """ for changetype, msg in self.parse_ldif(ldif): - self.modify(msg, controls) + if (changetype == ldb.CHANGETYPE_ADD): + self.add(msg, controls) + else: + self.modify(msg, controls) def set_domain_sid(self, sid): """Change the domain SID used by this LDB. -- cgit From f137f93e098b23b48d3e7bc9e0bbc46f04b29cbd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 09:17:19 +1100 Subject: s4-dsdb: added dsdb_module_add() added a ldb add function for modules Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/util.c | 46 +++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c index 32b79a6701..5d66177d8b 100644 --- a/source4/dsdb/samdb/ldb_modules/util.c +++ b/source4/dsdb/samdb/ldb_modules/util.c @@ -391,6 +391,52 @@ int dsdb_module_rename(struct ldb_module *module, return ret; } +/* + a ldb_add request operating on modules below the + current module + */ +int dsdb_module_add(struct ldb_module *module, + const struct ldb_message *message, + uint32_t dsdb_flags) +{ + struct ldb_request *req; + int ret; + struct ldb_context *ldb = ldb_module_get_ctx(module); + TALLOC_CTX *tmp_ctx = talloc_new(module); + + ret = ldb_build_add_req(&req, ldb, tmp_ctx, + message, + NULL, + NULL, + ldb_op_default_callback, + NULL); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + + ret = dsdb_request_add_controls(module, req, dsdb_flags); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + + /* Run the new request */ + if (dsdb_flags & DSDB_FLAG_OWN_MODULE) { + const struct ldb_module_ops *ops = ldb_module_get_ops(module); + ret = ops->add(module, req); + } else { + ret = ldb_next_request(module, req); + } + if (ret == LDB_SUCCESS) { + ret = ldb_wait(req->handle, LDB_WAIT_ALL); + } + + talloc_free(tmp_ctx); + return ret; +} + + const struct dsdb_class * get_last_structural_class(const struct dsdb_schema *schema,const struct ldb_message_element *element) { const struct dsdb_class *last_class = NULL; -- cgit From f24011059b8b656eeb32c2724c0350f135dd2309 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 09:19:04 +1100 Subject: s4-dsdb: added dsdb_module_reference_dn() This adds a module callable version of samdb_reference_dn(), which finds a DN via a reference link Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/util.c | 43 +++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c index 5d66177d8b..16d5ddecd6 100644 --- a/source4/dsdb/samdb/ldb_modules/util.c +++ b/source4/dsdb/samdb/ldb_modules/util.c @@ -492,3 +492,46 @@ int dsdb_check_single_valued_link(const struct dsdb_attribute *attr, return LDB_SUCCESS; } + + +/* + find a 'reference' DN that points at another object + (eg. serverReference, rIDManagerReference etc) + */ +int dsdb_module_reference_dn(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn *base, + const char *attribute, struct ldb_dn **dn) +{ + const char *attrs[2]; + struct ldb_result *res; + int ret; + + attrs[0] = attribute; + attrs[1] = NULL; + + ret = dsdb_module_search_dn(module, mem_ctx, &res, base, attrs, 0); + if (ret != LDB_SUCCESS) { + return ret; + } + + *dn = ldb_msg_find_attr_as_dn(ldb_module_get_ctx(module), + mem_ctx, res->msgs[0], attribute); + if (!*dn) { + talloc_free(res); + return LDB_ERR_NO_SUCH_ATTRIBUTE; + } + + talloc_free(res); + return LDB_SUCCESS; +} + +/* + find the RID Manager$ DN via the rIDManagerReference attribute in the + base DN + */ +int dsdb_module_rid_manager_dn(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn **dn) +{ + return dsdb_module_reference_dn(module, mem_ctx, + samdb_base_dn(ldb_module_get_ctx(module)), + "rIDManagerReference", dn); +} + -- cgit From e6f14ac2c4f0d1eaae93980b3628250de945e71e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 09:20:35 +1100 Subject: s4-dsdb: added dsdb_module_constrainted_update_integer() This provides a convenient way to update a integer attribute with a constrained delete/add Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/util.c | 50 +++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c index 16d5ddecd6..f642160397 100644 --- a/source4/dsdb/samdb/ldb_modules/util.c +++ b/source4/dsdb/samdb/ldb_modules/util.c @@ -535,3 +535,53 @@ int dsdb_module_rid_manager_dn(struct ldb_module *module, TALLOC_CTX *mem_ctx, s "rIDManagerReference", dn); } + +/* + update an integer attribute safely via a constrained delete/add + */ +int dsdb_module_constrainted_update_integer(struct ldb_module *module, struct ldb_dn *dn, + const char *attr, uint64_t old_val, uint64_t new_val) +{ + struct ldb_message *msg; + struct ldb_message_element *el; + struct ldb_val v1, v2; + int ret; + char *vstring; + + msg = ldb_msg_new(module); + msg->dn = dn; + + ret = ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_DELETE, &el); + if (ret != LDB_SUCCESS) { + talloc_free(msg); + return ret; + } + el->num_values = 1; + el->values = &v1; + vstring = talloc_asprintf(msg, "%llu", (unsigned long long)old_val); + if (!vstring) { + ldb_module_oom(module); + talloc_free(msg); + return LDB_ERR_OPERATIONS_ERROR; + } + v1 = data_blob_string_const(vstring); + + ret = ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_ADD, &el); + if (ret != LDB_SUCCESS) { + talloc_free(msg); + return ret; + } + el->num_values = 1; + el->values = &v2; + vstring = talloc_asprintf(msg, "%llu", (unsigned long long)new_val); + if (!vstring) { + ldb_module_oom(module); + talloc_free(msg); + return LDB_ERR_OPERATIONS_ERROR; + } + v2 = data_blob_string_const(vstring); + + ret = dsdb_module_modify(module, msg, 0); + talloc_free(msg); + return ret; +} -- cgit From d0bd6e7ea5a6cc760916acd4f549ac7652c46e05 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 09:21:21 +1100 Subject: s4-dsdb: added dsdb_next_callback() This should be used when you create a sub request and just want the parent requests callback to be called when done. Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/util.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c index f642160397..09b41a254b 100644 --- a/source4/dsdb/samdb/ldb_modules/util.c +++ b/source4/dsdb/samdb/ldb_modules/util.c @@ -585,3 +585,15 @@ int dsdb_module_constrainted_update_integer(struct ldb_module *module, struct ld talloc_free(msg); return ret; } + +/* + used to chain to the callers callback + */ +int dsdb_next_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct ldb_request *up_req = talloc_get_type(req->context, struct ldb_request); + + talloc_steal(up_req, req); + return up_req->callback(up_req, ares); +} + -- cgit From 439ee5aaaeb9036d2db69d512bcbc7e88f4a601e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 09:23:29 +1100 Subject: s4-dsdb: use dsdb_next_callback() We can't just use the callers callback directly otherwise the ldb_module_done() is never called on the parent request, as the child request is passed to the callback. Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/instancetype.c | 3 ++- source4/dsdb/samdb/ldb_modules/lazy_commit.c | 13 +++++++------ source4/dsdb/samdb/ldb_modules/show_deleted.c | 4 ++-- 3 files changed, 11 insertions(+), 9 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/instancetype.c b/source4/dsdb/samdb/ldb_modules/instancetype.c index b17f40e82a..0a297d587a 100644 --- a/source4/dsdb/samdb/ldb_modules/instancetype.c +++ b/source4/dsdb/samdb/ldb_modules/instancetype.c @@ -36,6 +36,7 @@ #include "librpc/gen_ndr/ndr_misc.h" #include "dsdb/samdb/samdb.h" #include "../libds/common/flags.h" +#include "dsdb/samdb/ldb_modules/util.h" struct it_context { struct ldb_module *module; @@ -143,7 +144,7 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req) ret = ldb_build_add_req(&down_req, ldb, req, msg, req->controls, - req->context, req->callback, + req, dsdb_next_callback, req); if (ret != LDB_SUCCESS) { return ret; diff --git a/source4/dsdb/samdb/ldb_modules/lazy_commit.c b/source4/dsdb/samdb/ldb_modules/lazy_commit.c index 0502b2efa1..b4eaf50d51 100644 --- a/source4/dsdb/samdb/ldb_modules/lazy_commit.c +++ b/source4/dsdb/samdb/ldb_modules/lazy_commit.c @@ -28,6 +28,7 @@ */ #include "ldb_module.h" +#include "dsdb/samdb/ldb_modules/util.h" static int unlazy_op(struct ldb_module *module, struct ldb_request *req) { @@ -47,28 +48,28 @@ static int unlazy_op(struct ldb_module *module, struct ldb_request *req) req->op.search.tree, req->op.search.attrs, req->controls, - req->context, req->callback, + req, dsdb_next_callback, req); break; case LDB_ADD: ret = ldb_build_add_req(&new_req, ldb_module_get_ctx(module), req, req->op.add.message, req->controls, - req->context, req->callback, + req, dsdb_next_callback, req); break; case LDB_MODIFY: ret = ldb_build_mod_req(&new_req, ldb_module_get_ctx(module), req, req->op.mod.message, req->controls, - req->context, req->callback, + req, dsdb_next_callback, req); break; case LDB_DELETE: ret = ldb_build_del_req(&new_req, ldb_module_get_ctx(module), req, req->op.del.dn, req->controls, - req->context, req->callback, + req, dsdb_next_callback, req); break; case LDB_RENAME: @@ -76,7 +77,7 @@ static int unlazy_op(struct ldb_module *module, struct ldb_request *req) req->op.rename.olddn, req->op.rename.newdn, req->controls, - req->context, req->callback, + req, dsdb_next_callback, req); break; case LDB_EXTENDED: @@ -85,7 +86,7 @@ static int unlazy_op(struct ldb_module *module, struct ldb_request *req) req->op.extended.oid, req->op.extended.data, req->controls, - req->context, req->callback, + req, dsdb_next_callback, req); break; default: diff --git a/source4/dsdb/samdb/ldb_modules/show_deleted.c b/source4/dsdb/samdb/ldb_modules/show_deleted.c index 666d28053c..93463ae95f 100644 --- a/source4/dsdb/samdb/ldb_modules/show_deleted.c +++ b/source4/dsdb/samdb/ldb_modules/show_deleted.c @@ -32,7 +32,7 @@ #include "includes.h" #include "ldb/include/ldb_module.h" #include "dsdb/samdb/samdb.h" - +#include "dsdb/samdb/ldb_modules/util.h" static int show_deleted_search(struct ldb_module *module, struct ldb_request *req) { @@ -83,7 +83,7 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re new_tree, req->op.search.attrs, req->controls, - req->context, req->callback, + req, dsdb_next_callback, req); if (ret != LDB_SUCCESS) { return ret; -- cgit From 1053ce529d2ed833edd9343c36f28b4ba788db96 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 09:24:29 +1100 Subject: s4-dsdb: implement creation of the RID Set object when we are the RID Manager we can create our own RID Set object when the first user is created --- source4/dsdb/samdb/ldb_modules/ridalloc.c | 348 +++++++++++++++++++++++++----- 1 file changed, 289 insertions(+), 59 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/ridalloc.c b/source4/dsdb/samdb/ldb_modules/ridalloc.c index 12318314d8..8715828fd9 100644 --- a/source4/dsdb/samdb/ldb_modules/ridalloc.c +++ b/source4/dsdb/samdb/ldb_modules/ridalloc.c @@ -32,109 +32,339 @@ #include "dsdb/samdb/samdb.h" #include "dsdb/samdb/ldb_modules/util.h" -/* allocate a RID using our RID Set - If we run out of RIDs then allocate a new pool - either locally or by contacting the RID Manager -*/ -int ridalloc_allocate_rid(struct ldb_module *module, uint32_t *rid) + +/* + create a RID Set object for the specified DC + */ +static int ridalloc_create_rid_set_ntds(struct ldb_module *module, TALLOC_CTX *mem_ctx, + struct ldb_dn *rid_manager_dn, + struct ldb_dn *ntds_dn, struct ldb_dn **dn) { - struct ldb_context *ldb; - static const char * const attrs[] = { "rIDAllocationPool", "rIDNextRID" , NULL }; + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + struct ldb_dn *server_dn, *machine_dn, *rid_set_dn; int ret; - struct ldb_dn *rid_set_dn; - struct ldb_result *res; - uint64_t alloc_pool; - uint32_t alloc_pool_lo, alloc_pool_hi; - int next_rid; + const char *attrs[] = { "rIDAvailablePool", NULL }; + uint64_t rid_pool, new_rid_pool, dc_pool; + uint32_t rid_pool_lo, rid_pool_hi; struct ldb_message *msg; - TALLOC_CTX *tmp_ctx = talloc_new(module); - struct ldb_message_element *el; - struct ldb_val v1, v2; - char *ridstring; + struct ldb_context *ldb = ldb_module_get_ctx(module); + const unsigned int alloc_size = 500; + struct ldb_result *res; - ldb = ldb_module_get_ctx(module); + /* + steps: - ret = samdb_rid_set_dn(ldb, tmp_ctx, &rid_set_dn); + find the machine object for the DC + construct the RID Set DN + load rIDAvailablePool to find next available set + modify RID Manager object to update rIDAvailablePool + add the RID Set object + link to the RID Set object in machine object + */ + + server_dn = ldb_dn_get_parent(tmp_ctx, ntds_dn); + if (!server_dn) { + ldb_module_oom(module); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = dsdb_module_reference_dn(module, tmp_ctx, server_dn, "serverReference", &machine_dn); if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(ldb, __location__ ": No RID Set DN"); + ldb_asprintf_errstring(ldb, "Failed to find serverReference in %s - %s", + ldb_dn_get_linearized(server_dn), ldb_errstring(ldb)); talloc_free(tmp_ctx); return ret; } - ret = dsdb_module_search_dn(module, tmp_ctx, &res, rid_set_dn, attrs, 0); + rid_set_dn = ldb_dn_copy(tmp_ctx, machine_dn); + if (rid_set_dn == NULL) { + ldb_module_oom(module); + return LDB_ERR_OPERATIONS_ERROR; + } + + if (! ldb_dn_add_child_fmt(rid_set_dn, "CN=RID Set")) { + ldb_module_oom(module); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = dsdb_module_search_dn(module, tmp_ctx, &res, rid_manager_dn, attrs, 0); if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(ldb, __location__ ": No RID Set %s", - ldb_dn_get_linearized(rid_set_dn)); + ldb_asprintf_errstring(ldb, "Failed to find rIDAvailablePool in %s - %s", + ldb_dn_get_linearized(rid_manager_dn), ldb_errstring(ldb)); talloc_free(tmp_ctx); return ret; } - alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAllocationPool", 0); - next_rid = ldb_msg_find_attr_as_int(res->msgs[0], "rIDNextRID", -1); - if (next_rid == -1 || alloc_pool == 0) { - ldb_asprintf_errstring(ldb, __location__ ": Bad RID Set %s", - ldb_dn_get_linearized(rid_set_dn)); + rid_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAvailablePool", 0); + rid_pool_lo = rid_pool & 0xFFFFFFFF; + rid_pool_hi = rid_pool >> 32; + if (rid_pool_lo >= rid_pool_hi) { + ldb_asprintf_errstring(ldb, "Out of RIDs in RID Manager - rIDAvailablePool is %u-%u", + rid_pool_lo, rid_pool_hi); talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ret; } - alloc_pool_lo = alloc_pool & 0xFFFFFFFF; - alloc_pool_hi = alloc_pool >> 32; - if (next_rid > alloc_pool_hi) { - /* TODO: add call to RID Manager */ - ldb_asprintf_errstring(ldb, __location__ ": Out of RIDs in RID Set %s", - ldb_dn_get_linearized(rid_set_dn)); - talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } + /* lower part of new pool is the low part of the rIDAvailablePool */ + dc_pool = rid_pool_lo; - /* despite the name, rIDNextRID is the value of the last user - * added by this DC, not the next available RID */ + /* allocate 500 RIDs to this DC */ + rid_pool_lo = MIN(rid_pool_hi, rid_pool_lo + alloc_size); - (*rid) = next_rid + 1; + /* work out upper part of new pool */ + dc_pool |= (((uint64_t)rid_pool_lo-1)<<32); - /* now modify the RID Set to use up this RID using a - * constrained delete/add */ + /* and new rIDAvailablePool value */ + new_rid_pool = rid_pool_lo | (((uint64_t)rid_pool_hi)<<32); + + ret = dsdb_module_constrainted_update_integer(module, rid_manager_dn, "rIDAvailablePool", + rid_pool, new_rid_pool); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, "Failed to update rIDAvailablePool - %s", + ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + + /* create the RID Set object */ msg = ldb_msg_new(tmp_ctx); msg->dn = rid_set_dn; - ret = ldb_msg_add_empty(msg, "rIDNextRID", LDB_FLAG_MOD_DELETE, &el); + ret = ldb_msg_add_string(msg, "objectClass", "top"); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); return ret; } - el->num_values = 1; - el->values = &v1; - ridstring = talloc_asprintf(msg, "%u", (unsigned)next_rid); - if (!ridstring) { - ldb_module_oom(module); + ret = ldb_msg_add_string(msg, "objectClass", "rIDSet"); + if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ret; + } + ret = ldb_msg_add_string(msg, "cn", "RID Set"); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + ret = ldb_msg_add_string(msg, "name", "RID Set"); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + ret = ldb_msg_add_fmt(msg, "rIDAllocationPool", "%llu", (unsigned long long)dc_pool); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + ret = ldb_msg_add_fmt(msg, "rIDPreviousAllocationPool", "%llu", (unsigned long long)dc_pool); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + ret = ldb_msg_add_fmt(msg, "rIDUsedPool", "0"); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + ret = ldb_msg_add_fmt(msg, "rIDNextRID", "%lu", (unsigned long)(dc_pool & 0xFFFFFFFF)); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; } - v1 = data_blob_string_const(ridstring); - ret = ldb_msg_add_empty(msg, "rIDNextRID", LDB_FLAG_MOD_ADD, &el); + ret = dsdb_module_add(module, msg, 0); if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, "Failed to add RID Set %s - %s", + ldb_dn_get_linearized(msg->dn), + ldb_errstring(ldb)); talloc_free(tmp_ctx); return ret; } - el->num_values = 1; - el->values = &v2; - ridstring = talloc_asprintf(msg, "%u", (unsigned)next_rid+1); - if (!ridstring) { - ldb_module_oom(module); + + /* add the rIDSetReferences link */ + msg = ldb_msg_new(tmp_ctx); + msg->dn = machine_dn; + + ret = ldb_msg_add_string(msg, "rIDSetReferences", ldb_dn_get_linearized(rid_set_dn)); + if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ret; } - v2 = data_blob_string_const(ridstring); + msg->elements[0].flags = LDB_FLAG_MOD_ADD; ret = dsdb_module_modify(module, msg, 0); if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, "Failed to add rIDSetReferences to %s - %s", + ldb_dn_get_linearized(msg->dn), + ldb_errstring(ldb)); talloc_free(tmp_ctx); return ret; } - talloc_free(tmp_ctx); + (*dn) = talloc_steal(mem_ctx, rid_set_dn); + talloc_free(tmp_ctx); return LDB_SUCCESS; } + + +/* + create a RID Set object for this DC + */ +static int ridalloc_create_own_rid_set(struct ldb_module *module, TALLOC_CTX *mem_ctx, + struct ldb_dn **dn) +{ + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + struct ldb_dn *rid_manager_dn, *fsmo_role_dn; + int ret; + struct ldb_context *ldb = ldb_module_get_ctx(module); + + /* work out who is the RID Manager */ + ret = dsdb_module_rid_manager_dn(module, tmp_ctx, &rid_manager_dn); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, "Failed to find RID Manager object - %s", + ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + + /* find the DN of the RID Manager */ + ret = dsdb_module_reference_dn(module, tmp_ctx, rid_manager_dn, "fSMORoleOwner", &fsmo_role_dn); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, "Failed to find fSMORoleOwner in RID Manager object - %s", + ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + + if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), fsmo_role_dn) != 0) { + ldb_asprintf_errstring(ldb, "Remote RID Set allocation not implemented"); + talloc_free(tmp_ctx); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + ret = ridalloc_create_rid_set_ntds(module, mem_ctx, rid_manager_dn, fsmo_role_dn, dn); + talloc_free(tmp_ctx); + return ret; +} + +/* + refresh a RID Set object for the specified DC + also returns the first RID for the new pool + */ +static int ridalloc_refresh_rid_set_ntds(struct ldb_module *module, + struct ldb_dn *rid_manager_dn, + struct ldb_dn *ntds_dn, uint32_t *first_rid) +{ + ldb_asprintf_errstring(ldb, "Refresh of RID Set not implemented"); + return LDB_ERR_UNWILLING_TO_PERFORM; +} + + + +/* + get a new RID pool for ourselves + also returns the first rid for the new pool + */ +static int ridalloc_refresh_own_pool(struct ldb_module *module, uint32_t *first_rid) +{ + TALLOC_CTX *tmp_ctx = talloc_new(module); + struct ldb_dn *rid_manager_dn, *fsmo_role_dn; + int ret; + struct ldb_context *ldb = ldb_module_get_ctx(module); + + /* work out who is the RID Manager */ + ret = dsdb_module_rid_manager_dn(module, tmp_ctx, &rid_manager_dn); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, "Failed to find RID Manager object - %s", + ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + + /* find the DN of the RID Manager */ + ret = dsdb_module_reference_dn(module, tmp_ctx, rid_manager_dn, "fSMORoleOwner", &fsmo_role_dn); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, "Failed to find fSMORoleOwner in RID Manager object - %s", + ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + + if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), fsmo_role_dn) != 0) { + ldb_asprintf_errstring(ldb, "Remote RID Set allocation not implemented"); + talloc_free(tmp_ctx); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + ret = ridalloc_refresh_rid_set_ntds(module, rid_manager_dn, fsmo_role_dn, first_rid); + talloc_free(tmp_ctx); + return ret; +} + + +/* allocate a RID using our RID Set + If we run out of RIDs then allocate a new pool + either locally or by contacting the RID Manager +*/ +int ridalloc_allocate_rid(struct ldb_module *module, uint32_t *rid) +{ + struct ldb_context *ldb; + static const char * const attrs[] = { "rIDAllocationPool", "rIDNextRID" , NULL }; + int ret; + struct ldb_dn *rid_set_dn; + struct ldb_result *res; + uint64_t alloc_pool; + uint32_t alloc_pool_lo, alloc_pool_hi; + int prev_rid; + TALLOC_CTX *tmp_ctx = talloc_new(module); + + ldb = ldb_module_get_ctx(module); + + ret = samdb_rid_set_dn(ldb, tmp_ctx, &rid_set_dn); + if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) { + ret = ridalloc_create_own_rid_set(module, tmp_ctx, &rid_set_dn); + } + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, __location__ ": No RID Set DN - %s", + ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + + ret = dsdb_module_search_dn(module, tmp_ctx, &res, rid_set_dn, attrs, 0); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, __location__ ": No RID Set %s", + ldb_dn_get_linearized(rid_set_dn)); + talloc_free(tmp_ctx); + return ret; + } + + alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAllocationPool", 0); + prev_rid = ldb_msg_find_attr_as_int(res->msgs[0], "rIDNextRID", -1); + if (prev_rid == -1 || alloc_pool == 0) { + ldb_asprintf_errstring(ldb, __location__ ": Bad RID Set %s", + ldb_dn_get_linearized(rid_set_dn)); + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + alloc_pool_lo = alloc_pool & 0xFFFFFFFF; + alloc_pool_hi = alloc_pool >> 32; + if (prev_rid > alloc_pool_hi) { + ret = ridalloc_refresh_own_pool(module, rid); + if (ret != LDB_SUCCESS) { + return ret; + } + } else { + /* despite the name, rIDNextRID is the value of the last user + * added by this DC, not the next available RID */ + (*rid) = prev_rid + 1; + } + + /* now modify the RID Set to use up this RID using a + * constrained delete/add */ + ret = dsdb_module_constrainted_update_integer(module, rid_set_dn, "rIDNextRID", prev_rid, *rid); + talloc_free(tmp_ctx); + + return ret; +} -- cgit From 53d10d139e569f9132193e8f8c268638eab30a0b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 09:26:17 +1100 Subject: s4-provision: don't hard wire the creation of the RID Set object We now create it automatically in the samldb module when the first user is created. The creation of the dns user also had to move to the _modify.ldif as it now relies on the fSMO role being setup for the RID Manager Pair-Programmed-With: Andrew Bartlett --- source4/scripting/python/samba/provision.py | 4 ++-- source4/setup/provision.ldif | 3 +-- source4/setup/provision_self_join.ldif | 26 +------------------------- source4/setup/provision_self_join_modify.ldif | 14 ++++++++++++++ 4 files changed, 18 insertions(+), 29 deletions(-) (limited to 'source4') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 62ca9282d1..bb47d2bd5c 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -793,7 +793,6 @@ def setup_self_join(samdb, names, "DEFAULTSITE": names.sitename, "DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain), "MACHINEPASS_B64": b64encode(machinepass), - "DNSPASS_B64": b64encode(dnspass), "REALM": names.realm, "DOMAIN": names.domain, "DOMAINSID": str(domainsid), @@ -825,7 +824,8 @@ def setup_self_join(samdb, names, "DEFAULTSITE": names.sitename, "SERVERDN": names.serverdn, "NETBIOSNAME": names.netbiosname, - "NTDSGUID": names.ntdsguid + "NTDSGUID": names.ntdsguid, + "DNSPASS_B64": b64encode(dnspass), }) diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index db29d3a108..eb7bd02db6 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -431,8 +431,7 @@ dn: CN=RID Manager$,CN=System,${DOMAINDN} objectClass: top objectClass: rIDManager systemFlags: -1946157056 -# we have granted up to 1499 to ourselves in a RID Set -rIDAvailablePool: 1500-1073741823 +rIDAvailablePool: 1000-1073741823 isCriticalSystemObject: TRUE dn: CN=RpcServices,CN=System,${DOMAINDN} diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index 0ad1b90fdb..48f7157679 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -15,7 +15,6 @@ localPolicyFlags: 0 operatingSystem: Samba operatingSystemVersion: ${SAMBA_VERSION_STRING} primaryGroupID: 516 -rIDSetReferences: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} sAMAccountName: ${NETBIOSNAME}$ # "servicePrincipalName" for FRS doesn't exit since we still miss FRS support # "servicePrincipalName"s for DNS ("ldap/../ForestDnsZones", @@ -33,16 +32,7 @@ servicePrincipalName: ldap/${DNSNAME} servicePrincipalName: ldap/${DNSNAME}/${REALM} userAccountControl: 532480 userPassword:: ${MACHINEPASS_B64} -objectSID: ${DOMAINSID}-1001 - -dn: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} -objectClass: top -objectClass: rIDSet -rIDAllocationPool: 1000-1499 -rIDPreviousAllocationPool: 1000-1499 -rIDUsedPool: 0 -rIDNextRID: 1001 - +objectSID: ${DOMAINSID}-1000 # Here are missing the objects for the NTFRS subscription and the RID set since # we don't support those techniques (FRS, distributed RIDs) yet. @@ -78,17 +68,3 @@ msDS-hasMasterNCs: ${DOMAINDN} options: 1 systemFlags: 33554432 ${NTDSGUID} - -# Provides an account for DNS keytab export -dn: CN=dns,CN=Users,${DOMAINDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: user -description: DNS Service Account -userAccountControl: 514 -accountExpires: 9223372036854775807 -sAMAccountName: dns -servicePrincipalName: DNS/${DNSDOMAIN} -userPassword:: ${DNSPASS_B64} -isCriticalSystemObject: TRUE diff --git a/source4/setup/provision_self_join_modify.ldif b/source4/setup/provision_self_join_modify.ldif index dfcca728f2..394398a9b9 100644 --- a/source4/setup/provision_self_join_modify.ldif +++ b/source4/setup/provision_self_join_modify.ldif @@ -33,3 +33,17 @@ changetype: modify add: servicePrincipalName servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN} servicePrincipalName: ldap/${NTDSGUID}._msdcs.${DNSDOMAIN} + +dn: CN=dns,CN=Users,${DOMAINDN} +changetype: add +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +description: DNS Service Account +userAccountControl: 514 +accountExpires: 9223372036854775807 +sAMAccountName: dns +servicePrincipalName: DNS/${DNSDOMAIN} +userPassword:: ${DNSPASS_B64} +isCriticalSystemObject: TRUE -- cgit From 5136438ad612435ceb11e81e4dc316791bdc003e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 10:27:30 +1100 Subject: s4-dsdb: implement refresh of RID Set pool for a local RID Manager when we run out of RIDs in our RID Set pool then grab a new one from the RID Manager object Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/ridalloc.c | 195 +++++++++++++++++++++++------- 1 file changed, 151 insertions(+), 44 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/ridalloc.c b/source4/dsdb/samdb/ldb_modules/ridalloc.c index 8715828fd9..421929801c 100644 --- a/source4/dsdb/samdb/ldb_modules/ridalloc.c +++ b/source4/dsdb/samdb/ldb_modules/ridalloc.c @@ -33,6 +33,64 @@ #include "dsdb/samdb/ldb_modules/util.h" +/* + allocate a new range of RIDs in the RID Manager object + */ +static int ridalloc_rid_manager_allocate(struct ldb_module *module, struct ldb_dn *rid_manager_dn, uint64_t *new_pool) +{ + int ret; + TALLOC_CTX *tmp_ctx = talloc_new(module); + const char *attrs[] = { "rIDAvailablePool", NULL }; + uint64_t rid_pool, new_rid_pool, dc_pool; + uint32_t rid_pool_lo, rid_pool_hi; + struct ldb_result *res; + struct ldb_context *ldb = ldb_module_get_ctx(module); + const unsigned alloc_size = 500; + + ret = dsdb_module_search_dn(module, tmp_ctx, &res, rid_manager_dn, attrs, 0); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, "Failed to find rIDAvailablePool in %s - %s", + ldb_dn_get_linearized(rid_manager_dn), ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + + rid_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAvailablePool", 0); + rid_pool_lo = rid_pool & 0xFFFFFFFF; + rid_pool_hi = rid_pool >> 32; + if (rid_pool_lo >= rid_pool_hi) { + ldb_asprintf_errstring(ldb, "Out of RIDs in RID Manager - rIDAvailablePool is %u-%u", + rid_pool_lo, rid_pool_hi); + talloc_free(tmp_ctx); + return ret; + } + + /* lower part of new pool is the low part of the rIDAvailablePool */ + dc_pool = rid_pool_lo; + + /* allocate 500 RIDs to this DC */ + rid_pool_lo = MIN(rid_pool_hi, rid_pool_lo + alloc_size); + + /* work out upper part of new pool */ + dc_pool |= (((uint64_t)rid_pool_lo-1)<<32); + + /* and new rIDAvailablePool value */ + new_rid_pool = rid_pool_lo | (((uint64_t)rid_pool_hi)<<32); + + ret = dsdb_module_constrainted_update_integer(module, rid_manager_dn, "rIDAvailablePool", + rid_pool, new_rid_pool); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, "Failed to update rIDAvailablePool - %s", + ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + + (*new_pool) = dc_pool; + talloc_free(tmp_ctx); + return LDB_SUCCESS; +} + /* create a RID Set object for the specified DC */ @@ -43,13 +101,9 @@ static int ridalloc_create_rid_set_ntds(struct ldb_module *module, TALLOC_CTX *m TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); struct ldb_dn *server_dn, *machine_dn, *rid_set_dn; int ret; - const char *attrs[] = { "rIDAvailablePool", NULL }; - uint64_t rid_pool, new_rid_pool, dc_pool; - uint32_t rid_pool_lo, rid_pool_hi; + uint64_t dc_pool; struct ldb_message *msg; struct ldb_context *ldb = ldb_module_get_ctx(module); - const unsigned int alloc_size = 500; - struct ldb_result *res; /* steps: @@ -87,41 +141,9 @@ static int ridalloc_create_rid_set_ntds(struct ldb_module *module, TALLOC_CTX *m return LDB_ERR_OPERATIONS_ERROR; } - ret = dsdb_module_search_dn(module, tmp_ctx, &res, rid_manager_dn, attrs, 0); - if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(ldb, "Failed to find rIDAvailablePool in %s - %s", - ldb_dn_get_linearized(rid_manager_dn), ldb_errstring(ldb)); - talloc_free(tmp_ctx); - return ret; - } - - rid_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAvailablePool", 0); - rid_pool_lo = rid_pool & 0xFFFFFFFF; - rid_pool_hi = rid_pool >> 32; - if (rid_pool_lo >= rid_pool_hi) { - ldb_asprintf_errstring(ldb, "Out of RIDs in RID Manager - rIDAvailablePool is %u-%u", - rid_pool_lo, rid_pool_hi); - talloc_free(tmp_ctx); - return ret; - } - - /* lower part of new pool is the low part of the rIDAvailablePool */ - dc_pool = rid_pool_lo; - - /* allocate 500 RIDs to this DC */ - rid_pool_lo = MIN(rid_pool_hi, rid_pool_lo + alloc_size); - - /* work out upper part of new pool */ - dc_pool |= (((uint64_t)rid_pool_lo-1)<<32); - - /* and new rIDAvailablePool value */ - new_rid_pool = rid_pool_lo | (((uint64_t)rid_pool_hi)<<32); - - ret = dsdb_module_constrainted_update_integer(module, rid_manager_dn, "rIDAvailablePool", - rid_pool, new_rid_pool); + /* grab a pool from the RID Manager object */ + ret = ridalloc_rid_manager_allocate(module, rid_manager_dn, &dc_pool); if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(ldb, "Failed to update rIDAvailablePool - %s", - ldb_errstring(ldb)); talloc_free(tmp_ctx); return ret; } @@ -252,11 +274,96 @@ static int ridalloc_create_own_rid_set(struct ldb_module *module, TALLOC_CTX *me also returns the first RID for the new pool */ static int ridalloc_refresh_rid_set_ntds(struct ldb_module *module, - struct ldb_dn *rid_manager_dn, - struct ldb_dn *ntds_dn, uint32_t *first_rid) + struct ldb_dn *rid_manager_dn, + struct ldb_dn *ntds_dn, uint32_t *first_rid) { - ldb_asprintf_errstring(ldb, "Refresh of RID Set not implemented"); - return LDB_ERR_UNWILLING_TO_PERFORM; + TALLOC_CTX *tmp_ctx = talloc_new(module); + uint64_t new_pool; + struct ldb_dn *server_dn, *machine_dn, *rid_set_dn; + struct ldb_result *res; + const char *attrs[] = { "rIDAllocationPool", "rIDUsedPool", NULL }; + struct ldb_message *msg; + uint64_t prev_pool; + uint32_t used_pool; + struct ldb_context *ldb = ldb_module_get_ctx(module); + int ret; + + /* grab a pool from the RID Manager object */ + ret = ridalloc_rid_manager_allocate(module, rid_manager_dn, &new_pool); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + + server_dn = ldb_dn_get_parent(tmp_ctx, ntds_dn); + if (!server_dn) { + ldb_module_oom(module); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = dsdb_module_reference_dn(module, tmp_ctx, server_dn, "serverReference", &machine_dn); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, "Failed to find serverReference in %s - %s", + ldb_dn_get_linearized(server_dn), ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + + ret = dsdb_module_reference_dn(module, tmp_ctx, machine_dn, "rIDSetReferences", &rid_set_dn); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, "Failed to find rIDSetReferences in %s - %s", + ldb_dn_get_linearized(machine_dn), ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + + ret = dsdb_module_search_dn(module, tmp_ctx, &res, rid_set_dn, attrs, 0); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, "Failed to load old pool values from %s - %s", + ldb_dn_get_linearized(rid_set_dn), ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + + prev_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAllocationPool", 0); + used_pool = ldb_msg_find_attr_as_uint(res->msgs[0], "rIDUsedPool", 0); + + msg = ldb_msg_new(tmp_ctx); + msg->dn = rid_set_dn; + + ret = ldb_msg_add_fmt(msg, "rIDPreviousAllocationPool", "%llu", (unsigned long long)prev_pool); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + msg->elements[0].flags = LDB_FLAG_MOD_REPLACE; + + ret = ldb_msg_add_fmt(msg, "rIDAllocationPool", "%llu", (unsigned long long)new_pool); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + msg->elements[1].flags = LDB_FLAG_MOD_REPLACE; + + ret = ldb_msg_add_fmt(msg, "rIDUsedPool", "%lu", (unsigned long)used_pool+1); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + msg->elements[2].flags = LDB_FLAG_MOD_REPLACE; + + ret = dsdb_module_modify(module, msg, 0); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, "Failed to modify RID Set object %s - %s", + ldb_dn_get_linearized(rid_set_dn), ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + + (*first_rid) = (new_pool & 0xFFFFFFFF); + + talloc_free(tmp_ctx); + return LDB_SUCCESS; } @@ -350,7 +457,7 @@ int ridalloc_allocate_rid(struct ldb_module *module, uint32_t *rid) alloc_pool_lo = alloc_pool & 0xFFFFFFFF; alloc_pool_hi = alloc_pool >> 32; - if (prev_rid > alloc_pool_hi) { + if (prev_rid >= alloc_pool_hi) { ret = ridalloc_refresh_own_pool(module, rid); if (ret != LDB_SUCCESS) { return ret; -- cgit From dd8cb3c7ed1e32fa4073c6e38dafc35fe2cb4f72 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 11:38:38 +1100 Subject: s4-dsdb: fixed usage of rIDAllocationPool and rIDPreviousAllocationPool These are very badly named attributes! See the comments in ridalloc.c for a explanation of what they really seem to mean Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/ridalloc.c | 102 +++++++++++++++++------------- 1 file changed, 58 insertions(+), 44 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/ridalloc.c b/source4/dsdb/samdb/ldb_modules/ridalloc.c index 421929801c..c616da01fe 100644 --- a/source4/dsdb/samdb/ldb_modules/ridalloc.c +++ b/source4/dsdb/samdb/ldb_modules/ridalloc.c @@ -32,6 +32,23 @@ #include "dsdb/samdb/samdb.h" #include "dsdb/samdb/ldb_modules/util.h" +/* + Note: the RID allocation attributes in AD are very badly named. Here + is what we think they really do: + + in RID Set object: + - rIDPreviousAllocationPool: the pool which a DC is currently + pulling RIDs from + - rIDAllocationPool: the pool that the DC will switch to next, + when rIDPreviousAllocationPool is exhausted + - rIDNextRID: the last RID allocated by this DC + + in RID Manager object: + - rIDAvailablePool: the pool where the RID Manager gets new rID + pools from when it gets a EXOP_RID_ALLOC getncchanges call (or + locally when the DC is the RID Manager) + */ + /* allocate a new range of RIDs in the RID Manager object @@ -177,6 +194,8 @@ static int ridalloc_create_rid_set_ntds(struct ldb_module *module, TALLOC_CTX *m talloc_free(tmp_ctx); return ret; } + /* TODO: check if the RID Manager adds these fields, or if the + client DC does it */ ret = ldb_msg_add_fmt(msg, "rIDPreviousAllocationPool", "%llu", (unsigned long long)dc_pool); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); @@ -275,21 +294,16 @@ static int ridalloc_create_own_rid_set(struct ldb_module *module, TALLOC_CTX *me */ static int ridalloc_refresh_rid_set_ntds(struct ldb_module *module, struct ldb_dn *rid_manager_dn, - struct ldb_dn *ntds_dn, uint32_t *first_rid) + struct ldb_dn *ntds_dn, uint64_t *new_pool) { TALLOC_CTX *tmp_ctx = talloc_new(module); - uint64_t new_pool; struct ldb_dn *server_dn, *machine_dn, *rid_set_dn; - struct ldb_result *res; - const char *attrs[] = { "rIDAllocationPool", "rIDUsedPool", NULL }; struct ldb_message *msg; - uint64_t prev_pool; - uint32_t used_pool; struct ldb_context *ldb = ldb_module_get_ctx(module); int ret; /* grab a pool from the RID Manager object */ - ret = ridalloc_rid_manager_allocate(module, rid_manager_dn, &new_pool); + ret = ridalloc_rid_manager_allocate(module, rid_manager_dn, new_pool); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); return ret; @@ -317,41 +331,16 @@ static int ridalloc_refresh_rid_set_ntds(struct ldb_module *module, return ret; } - ret = dsdb_module_search_dn(module, tmp_ctx, &res, rid_set_dn, attrs, 0); - if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(ldb, "Failed to load old pool values from %s - %s", - ldb_dn_get_linearized(rid_set_dn), ldb_errstring(ldb)); - talloc_free(tmp_ctx); - return ret; - } - - prev_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAllocationPool", 0); - used_pool = ldb_msg_find_attr_as_uint(res->msgs[0], "rIDUsedPool", 0); - msg = ldb_msg_new(tmp_ctx); msg->dn = rid_set_dn; - ret = ldb_msg_add_fmt(msg, "rIDPreviousAllocationPool", "%llu", (unsigned long long)prev_pool); + ret = ldb_msg_add_fmt(msg, "rIDAllocationPool", "%llu", (unsigned long long)*new_pool); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); return ret; } msg->elements[0].flags = LDB_FLAG_MOD_REPLACE; - ret = ldb_msg_add_fmt(msg, "rIDAllocationPool", "%llu", (unsigned long long)new_pool); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return ret; - } - msg->elements[1].flags = LDB_FLAG_MOD_REPLACE; - - ret = ldb_msg_add_fmt(msg, "rIDUsedPool", "%lu", (unsigned long)used_pool+1); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return ret; - } - msg->elements[2].flags = LDB_FLAG_MOD_REPLACE; - ret = dsdb_module_modify(module, msg, 0); if (ret != LDB_SUCCESS) { ldb_asprintf_errstring(ldb, "Failed to modify RID Set object %s - %s", @@ -360,8 +349,6 @@ static int ridalloc_refresh_rid_set_ntds(struct ldb_module *module, return ret; } - (*first_rid) = (new_pool & 0xFFFFFFFF); - talloc_free(tmp_ctx); return LDB_SUCCESS; } @@ -372,7 +359,7 @@ static int ridalloc_refresh_rid_set_ntds(struct ldb_module *module, get a new RID pool for ourselves also returns the first rid for the new pool */ -static int ridalloc_refresh_own_pool(struct ldb_module *module, uint32_t *first_rid) +static int ridalloc_refresh_own_pool(struct ldb_module *module, uint64_t *new_pool) { TALLOC_CTX *tmp_ctx = talloc_new(module); struct ldb_dn *rid_manager_dn, *fsmo_role_dn; @@ -403,7 +390,7 @@ static int ridalloc_refresh_own_pool(struct ldb_module *module, uint32_t *first_ return LDB_ERR_UNWILLING_TO_PERFORM; } - ret = ridalloc_refresh_rid_set_ntds(module, rid_manager_dn, fsmo_role_dn, first_rid); + ret = ridalloc_refresh_rid_set_ntds(module, rid_manager_dn, fsmo_role_dn, new_pool); talloc_free(tmp_ctx); return ret; } @@ -416,12 +403,13 @@ static int ridalloc_refresh_own_pool(struct ldb_module *module, uint32_t *first_ int ridalloc_allocate_rid(struct ldb_module *module, uint32_t *rid) { struct ldb_context *ldb; - static const char * const attrs[] = { "rIDAllocationPool", "rIDNextRID" , NULL }; + static const char * const attrs[] = { "rIDAllocationPool", "rIDPreviousAllocationPool", + "rIDNextRID" , NULL }; int ret; struct ldb_dn *rid_set_dn; struct ldb_result *res; - uint64_t alloc_pool; - uint32_t alloc_pool_lo, alloc_pool_hi; + uint64_t alloc_pool, prev_alloc_pool; + uint32_t prev_alloc_pool_lo, prev_alloc_pool_hi; int prev_rid; TALLOC_CTX *tmp_ctx = talloc_new(module); @@ -446,6 +434,7 @@ int ridalloc_allocate_rid(struct ldb_module *module, uint32_t *rid) return ret; } + prev_alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDPreviousAllocationPool", 0); alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAllocationPool", 0); prev_rid = ldb_msg_find_attr_as_int(res->msgs[0], "rIDNextRID", -1); if (prev_rid == -1 || alloc_pool == 0) { @@ -455,13 +444,38 @@ int ridalloc_allocate_rid(struct ldb_module *module, uint32_t *rid) return LDB_ERR_OPERATIONS_ERROR; } - alloc_pool_lo = alloc_pool & 0xFFFFFFFF; - alloc_pool_hi = alloc_pool >> 32; - if (prev_rid >= alloc_pool_hi) { - ret = ridalloc_refresh_own_pool(module, rid); + prev_alloc_pool_lo = prev_alloc_pool & 0xFFFFFFFF; + prev_alloc_pool_hi = prev_alloc_pool >> 32; + if (prev_rid >= prev_alloc_pool_hi) { + ret = dsdb_module_constrainted_update_integer(module, rid_set_dn, "rIDPreviousAllocationPool", + prev_alloc_pool, alloc_pool); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, __location__ ": Failed to update rIDPreviousAllocationPool on %s - %s", + ldb_dn_get_linearized(rid_set_dn), ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + prev_alloc_pool = alloc_pool; + prev_alloc_pool_lo = prev_alloc_pool & 0xFFFFFFFF; + prev_alloc_pool_hi = prev_alloc_pool >> 32; + } + /* see if we are still out of RIDs, and if so then ask + the RID Manager to give us more */ + if (prev_rid >= prev_alloc_pool_hi) { + uint64_t new_pool; + ret = ridalloc_refresh_own_pool(module, &new_pool); + if (ret != LDB_SUCCESS) { + return ret; + } + ret = dsdb_module_constrainted_update_integer(module, rid_set_dn, "rIDPreviousAllocationPool", + prev_alloc_pool, new_pool); if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, __location__ ": Failed to update rIDPreviousAllocationPool on %s - %s", + ldb_dn_get_linearized(rid_set_dn), ldb_errstring(ldb)); + talloc_free(tmp_ctx); return ret; } + (*rid) = (new_pool & 0xFFFFFFFF); } else { /* despite the name, rIDNextRID is the value of the last user * added by this DC, not the next available RID */ -- cgit From c12b9ab2f2d26147a0878bbb2a1672892599293e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 11:40:05 +1100 Subject: s4-dsdb: clarify who is responsible for each attribute Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/ridalloc.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/ridalloc.c b/source4/dsdb/samdb/ldb_modules/ridalloc.c index c616da01fe..87642592c4 100644 --- a/source4/dsdb/samdb/ldb_modules/ridalloc.c +++ b/source4/dsdb/samdb/ldb_modules/ridalloc.c @@ -38,10 +38,12 @@ in RID Set object: - rIDPreviousAllocationPool: the pool which a DC is currently - pulling RIDs from + pulling RIDs from. Managed by client DC + - rIDAllocationPool: the pool that the DC will switch to next, - when rIDPreviousAllocationPool is exhausted - - rIDNextRID: the last RID allocated by this DC + when rIDPreviousAllocationPool is exhausted. Managed by RID Manager. + + - rIDNextRID: the last RID allocated by this DC. Managed by client DC in RID Manager object: - rIDAvailablePool: the pool where the RID Manager gets new rID -- cgit From 45550f83f00f259a64cd70f7b2f741a12ee55854 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 14:48:55 +1100 Subject: s4-dsdb: added dsdb_module_set_integer() This will be used by ridalloc.c Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/util.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c index 09b41a254b..12972eb185 100644 --- a/source4/dsdb/samdb/ldb_modules/util.c +++ b/source4/dsdb/samdb/ldb_modules/util.c @@ -597,3 +597,27 @@ int dsdb_next_callback(struct ldb_request *req, struct ldb_reply *ares) return up_req->callback(up_req, ares); } + +/* + set an integer attribute + */ +int dsdb_module_set_integer(struct ldb_module *module, struct ldb_dn *dn, + const char *attr, uint64_t new_val) +{ + struct ldb_message *msg; + int ret; + + msg = ldb_msg_new(module); + msg->dn = dn; + + ret = ldb_msg_add_fmt(msg, attr, "%llu", (unsigned long long)new_val); + if (ret != LDB_SUCCESS) { + talloc_free(msg); + return ret; + } + msg->elements[0].flags = LDB_FLAG_MOD_REPLACE; + + ret = dsdb_module_modify(module, msg, 0); + talloc_free(msg); + return ret; +} -- cgit From 37340d5a2e04a194479beb80b96b0bc78df4393a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 14:50:04 +1100 Subject: s4-ridalloc: copy with missing rIDNextRid and rIDAllocationPool The attributes rIDNextRid and rIDAllocationPool are not replicated, so their initial value when we first get a RID Set from the RID Manager is blank. Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/ridalloc.c | 60 ++++++++++++++++++------------- 1 file changed, 36 insertions(+), 24 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/ridalloc.c b/source4/dsdb/samdb/ldb_modules/ridalloc.c index 87642592c4..02737dd88b 100644 --- a/source4/dsdb/samdb/ldb_modules/ridalloc.c +++ b/source4/dsdb/samdb/ldb_modules/ridalloc.c @@ -196,9 +196,9 @@ static int ridalloc_create_rid_set_ntds(struct ldb_module *module, TALLOC_CTX *m talloc_free(tmp_ctx); return ret; } - /* TODO: check if the RID Manager adds these fields, or if the - client DC does it */ - ret = ldb_msg_add_fmt(msg, "rIDPreviousAllocationPool", "%llu", (unsigned long long)dc_pool); + + /* w2k8-r2 sets these to zero when first created */ + ret = ldb_msg_add_fmt(msg, "rIDPreviousAllocationPool", "0"); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); return ret; @@ -208,7 +208,7 @@ static int ridalloc_create_rid_set_ntds(struct ldb_module *module, TALLOC_CTX *m talloc_free(tmp_ctx); return ret; } - ret = ldb_msg_add_fmt(msg, "rIDNextRID", "%lu", (unsigned long)(dc_pool & 0xFFFFFFFF)); + ret = ldb_msg_add_fmt(msg, "rIDNextRID", "0"); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); return ret; @@ -300,7 +300,6 @@ static int ridalloc_refresh_rid_set_ntds(struct ldb_module *module, { TALLOC_CTX *tmp_ctx = talloc_new(module); struct ldb_dn *server_dn, *machine_dn, *rid_set_dn; - struct ldb_message *msg; struct ldb_context *ldb = ldb_module_get_ctx(module); int ret; @@ -333,17 +332,7 @@ static int ridalloc_refresh_rid_set_ntds(struct ldb_module *module, return ret; } - msg = ldb_msg_new(tmp_ctx); - msg->dn = rid_set_dn; - - ret = ldb_msg_add_fmt(msg, "rIDAllocationPool", "%llu", (unsigned long long)*new_pool); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return ret; - } - msg->elements[0].flags = LDB_FLAG_MOD_REPLACE; - - ret = dsdb_module_modify(module, msg, 0); + ret = dsdb_module_set_integer(module, rid_set_dn, "rIDAllocationPool", *new_pool); if (ret != LDB_SUCCESS) { ldb_asprintf_errstring(ldb, "Failed to modify RID Set object %s - %s", ldb_dn_get_linearized(rid_set_dn), ldb_errstring(ldb)); @@ -438,8 +427,8 @@ int ridalloc_allocate_rid(struct ldb_module *module, uint32_t *rid) prev_alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDPreviousAllocationPool", 0); alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAllocationPool", 0); - prev_rid = ldb_msg_find_attr_as_int(res->msgs[0], "rIDNextRID", -1); - if (prev_rid == -1 || alloc_pool == 0) { + prev_rid = ldb_msg_find_attr_as_int(res->msgs[0], "rIDNextRID", 0); + if (alloc_pool == 0) { ldb_asprintf_errstring(ldb, __location__ ": Bad RID Set %s", ldb_dn_get_linearized(rid_set_dn)); talloc_free(tmp_ctx); @@ -449,8 +438,12 @@ int ridalloc_allocate_rid(struct ldb_module *module, uint32_t *rid) prev_alloc_pool_lo = prev_alloc_pool & 0xFFFFFFFF; prev_alloc_pool_hi = prev_alloc_pool >> 32; if (prev_rid >= prev_alloc_pool_hi) { - ret = dsdb_module_constrainted_update_integer(module, rid_set_dn, "rIDPreviousAllocationPool", - prev_alloc_pool, alloc_pool); + if (prev_alloc_pool == 0) { + ret = dsdb_module_set_integer(module, rid_set_dn, "rIDPreviousAllocationPool", alloc_pool); + } else { + ret = dsdb_module_constrainted_update_integer(module, rid_set_dn, "rIDPreviousAllocationPool", + prev_alloc_pool, alloc_pool); + } if (ret != LDB_SUCCESS) { ldb_asprintf_errstring(ldb, __location__ ": Failed to update rIDPreviousAllocationPool on %s - %s", ldb_dn_get_linearized(rid_set_dn), ldb_errstring(ldb)); @@ -477,16 +470,35 @@ int ridalloc_allocate_rid(struct ldb_module *module, uint32_t *rid) talloc_free(tmp_ctx); return ret; } - (*rid) = (new_pool & 0xFFFFFFFF); + prev_alloc_pool = new_pool; + prev_alloc_pool_lo = prev_alloc_pool & 0xFFFFFFFF; + prev_alloc_pool_hi = prev_alloc_pool >> 32; + (*rid) = prev_alloc_pool_lo; } else { /* despite the name, rIDNextRID is the value of the last user * added by this DC, not the next available RID */ - (*rid) = prev_rid + 1; + if (prev_rid == 0) { + (*rid) = prev_alloc_pool_lo; + } else { + (*rid) = prev_rid + 1; + } + } + + if (*rid < prev_alloc_pool_lo || *rid > prev_alloc_pool_hi) { + ldb_asprintf_errstring(ldb, __location__ ": Bad rid chosen %u from range %u-%u", + (unsigned)*rid, (unsigned)prev_alloc_pool_lo, + (unsigned)prev_alloc_pool_hi); + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; } /* now modify the RID Set to use up this RID using a - * constrained delete/add */ - ret = dsdb_module_constrainted_update_integer(module, rid_set_dn, "rIDNextRID", prev_rid, *rid); + * constrained delete/add if possible */ + if (prev_rid == 0) { + ret = dsdb_module_set_integer(module, rid_set_dn, "rIDNextRID", *rid); + } else { + ret = dsdb_module_constrainted_update_integer(module, rid_set_dn, "rIDNextRID", prev_rid, *rid); + } talloc_free(tmp_ctx); return ret; -- cgit From 8cd2bedee74ae8dfb3a19f9bdde4a568de4b44cd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 14:50:41 +1100 Subject: s4-dsdb: added dsdb_find_guid_attr_by_dn() Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/common/util.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 2b8a68e58f..70750ca141 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -2433,16 +2433,20 @@ int dsdb_search_dn_with_deleted(struct ldb_context *ldb, /* - use a DN to find a GUID + use a DN to find a GUID with a given attribute name */ -int dsdb_find_guid_by_dn(struct ldb_context *ldb, - struct ldb_dn *dn, struct GUID *guid) +int dsdb_find_guid_attr_by_dn(struct ldb_context *ldb, + struct ldb_dn *dn, const char *attribute, + struct GUID *guid) { int ret; struct ldb_result *res; - const char *attrs[] = { "objectGUID", NULL }; + const char *attrs[2]; TALLOC_CTX *tmp_ctx = talloc_new(ldb); + attrs[0] = attribute; + attrs[1] = NULL; + ret = dsdb_search_dn_with_deleted(ldb, tmp_ctx, &res, dn, attrs); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); @@ -2452,11 +2456,20 @@ int dsdb_find_guid_by_dn(struct ldb_context *ldb, talloc_free(tmp_ctx); return LDB_ERR_NO_SUCH_OBJECT; } - *guid = samdb_result_guid(res->msgs[0], "objectGUID"); + *guid = samdb_result_guid(res->msgs[0], attribute); talloc_free(tmp_ctx); return LDB_SUCCESS; } +/* + use a DN to find a GUID + */ +int dsdb_find_guid_by_dn(struct ldb_context *ldb, + struct ldb_dn *dn, struct GUID *guid) +{ + return dsdb_find_guid_attr_by_dn(ldb, dn, "objectGUID", guid); +} + /* -- cgit From 19e515aac7a6e5ce85cfd6905a1cc773277047a9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 14:54:12 +1100 Subject: s4-repl: added request for RID allocation in drepl task The drepl task now checks to see if our rIDAllocationPool is exhausted, and if it is then we queue a extended operation DsGetNCChanges call to ask the RID Manager to give us a new allocation pool. Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/config.mk | 3 +- source4/dsdb/repl/drepl_out_helpers.c | 4 +- source4/dsdb/repl/drepl_out_pull.c | 14 +- source4/dsdb/repl/drepl_partitions.c | 6 +- source4/dsdb/repl/drepl_periodic.c | 2 + source4/dsdb/repl/drepl_ridalloc.c | 254 ++++++++++++++++++++++++++++++++++ source4/dsdb/repl/drepl_service.h | 6 + 7 files changed, 276 insertions(+), 13 deletions(-) create mode 100644 source4/dsdb/repl/drepl_ridalloc.c (limited to 'source4') diff --git a/source4/dsdb/config.mk b/source4/dsdb/config.mk index 35a0c84903..3226c08ec0 100644 --- a/source4/dsdb/config.mk +++ b/source4/dsdb/config.mk @@ -64,7 +64,8 @@ DREPL_SRV_OBJ_FILES = $(addprefix $(dsdbsrcdir)/repl/, \ drepl_partitions.o \ drepl_out_pull.o \ drepl_out_helpers.o \ - drepl_notify.o) + drepl_notify.o \ + drepl_ridalloc.o) $(eval $(call proto_header_template,$(dsdbsrcdir)/repl/drepl_service_proto.h,$(DREPL_SRV_OBJ_FILES:.o=.c))) diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c index 722db4f8ee..1225edecc7 100644 --- a/source4/dsdb/repl/drepl_out_helpers.c +++ b/source4/dsdb/repl/drepl_out_helpers.c @@ -289,7 +289,7 @@ static void dreplsrv_op_pull_source_get_changes_send(struct dreplsrv_op_pull_sou r->in.req->req8.replica_flags = rf1->replica_flags; r->in.req->req8.max_object_count = 133; r->in.req->req8.max_ndr_size = 1336811; - r->in.req->req8.extended_op = DRSUAPI_EXOP_NONE; + r->in.req->req8.extended_op = st->op->extended_op; r->in.req->req8.fsmo_info = 0; r->in.req->req8.partial_attribute_set = NULL; r->in.req->req8.partial_attribute_set_ex= NULL; @@ -305,7 +305,7 @@ static void dreplsrv_op_pull_source_get_changes_send(struct dreplsrv_op_pull_sou r->in.req->req5.replica_flags = rf1->replica_flags; r->in.req->req5.max_object_count = 133; r->in.req->req5.max_ndr_size = 1336770; - r->in.req->req5.extended_op = DRSUAPI_EXOP_NONE; + r->in.req->req5.extended_op = st->op->extended_op; r->in.req->req5.fsmo_info = 0; } diff --git a/source4/dsdb/repl/drepl_out_pull.c b/source4/dsdb/repl/drepl_out_pull.c index 2793eec8b4..ceec61848d 100644 --- a/source4/dsdb/repl/drepl_out_pull.c +++ b/source4/dsdb/repl/drepl_out_pull.c @@ -33,21 +33,21 @@ #include "librpc/gen_ndr/ndr_drsblobs.h" #include "libcli/composite/composite.h" -static WERROR dreplsrv_schedule_partition_pull_source(struct dreplsrv_service *s, - struct dreplsrv_partition *p, - struct dreplsrv_partition_source_dsa *source, - TALLOC_CTX *mem_ctx) +WERROR dreplsrv_schedule_partition_pull_source(struct dreplsrv_service *s, + struct dreplsrv_partition_source_dsa *source, + enum drsuapi_DsExtendedOperation extended_op) { struct dreplsrv_out_operation *op; - op = talloc_zero(mem_ctx, struct dreplsrv_out_operation); + op = talloc_zero(s, struct dreplsrv_out_operation); W_ERROR_HAVE_NO_MEMORY(op); op->service = s; op->source_dsa = source; + op->extended_op = extended_op; DLIST_ADD_END(s->ops.pending, op, struct dreplsrv_out_operation *); - talloc_steal(s, op); + return WERR_OK; } @@ -59,7 +59,7 @@ static WERROR dreplsrv_schedule_partition_pull(struct dreplsrv_service *s, struct dreplsrv_partition_source_dsa *cur; for (cur = p->sources; cur; cur = cur->next) { - status = dreplsrv_schedule_partition_pull_source(s, p, cur, mem_ctx); + status = dreplsrv_schedule_partition_pull_source(s, cur, DRSUAPI_EXOP_NONE); W_ERROR_NOT_OK_RETURN(status); } diff --git a/source4/dsdb/repl/drepl_partitions.c b/source4/dsdb/repl/drepl_partitions.c index 5b8227e7de..f5c8a701a9 100644 --- a/source4/dsdb/repl/drepl_partitions.c +++ b/source4/dsdb/repl/drepl_partitions.c @@ -88,9 +88,9 @@ WERROR dreplsrv_load_partitions(struct dreplsrv_service *s) return WERR_OK; } -static WERROR dreplsrv_out_connection_attach(struct dreplsrv_service *s, - const struct repsFromTo1 *rft, - struct dreplsrv_out_connection **_conn) +WERROR dreplsrv_out_connection_attach(struct dreplsrv_service *s, + const struct repsFromTo1 *rft, + struct dreplsrv_out_connection **_conn) { struct dreplsrv_out_connection *cur, *conn = NULL; const char *hostname; diff --git a/source4/dsdb/repl/drepl_periodic.c b/source4/dsdb/repl/drepl_periodic.c index 61d5598207..d2fbe45586 100644 --- a/source4/dsdb/repl/drepl_periodic.c +++ b/source4/dsdb/repl/drepl_periodic.c @@ -109,6 +109,8 @@ static void dreplsrv_periodic_run(struct dreplsrv_service *service) /* the KCC might have changed repsFrom */ dreplsrv_refresh_partitions(service); + dreplsrv_ridalloc_check_rid_pool(service); + dreplsrv_run_pending_ops(service); dreplsrv_notify_run_ops(service); } diff --git a/source4/dsdb/repl/drepl_ridalloc.c b/source4/dsdb/repl/drepl_ridalloc.c new file mode 100644 index 0000000000..34f75862da --- /dev/null +++ b/source4/dsdb/repl/drepl_ridalloc.c @@ -0,0 +1,254 @@ +/* + Unix SMB/CIFS mplementation. + + DSDB replication service - RID allocation code + + Copyright (C) Andrew Tridgell 2010 + Copyright (C) Andrew Bartlett 2010 + + based on drepl_notify.c + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +*/ + +#include "includes.h" +#include "dsdb/samdb/samdb.h" +#include "smbd/service.h" +#include "dsdb/repl/drepl_service.h" +#include "param/param.h" + + +/* + create the RID manager source dsa structure + */ +static WERROR drepl_create_rid_manager_source_dsa(struct dreplsrv_service *service, + struct ldb_dn *rid_manager_dn, struct ldb_dn *fsmo_role_dn) +{ + struct dreplsrv_partition_source_dsa *sdsa; + struct ldb_context *ldb = service->samdb; + int ret; + WERROR werr; + + sdsa = talloc_zero(service, struct dreplsrv_partition_source_dsa); + W_ERROR_HAVE_NO_MEMORY(sdsa); + + sdsa->partition = talloc_zero(sdsa, struct dreplsrv_partition); + if (!sdsa->partition) { + talloc_free(sdsa); + return WERR_NOMEM; + } + + sdsa->partition->dn = samdb_base_dn(ldb); + sdsa->partition->nc.dn = ldb_dn_alloc_linearized(sdsa->partition, rid_manager_dn); + ret = dsdb_find_guid_by_dn(ldb, rid_manager_dn, &sdsa->partition->nc.guid); + if (ret != LDB_SUCCESS) { + DEBUG(0,(__location__ ": Failed to find GUID for %s\n", + ldb_dn_get_linearized(rid_manager_dn))); + talloc_free(sdsa); + return WERR_DS_DRA_INTERNAL_ERROR; + } + + sdsa->repsFrom1 = &sdsa->_repsFromBlob.ctr.ctr1; + ret = dsdb_find_guid_attr_by_dn(ldb, fsmo_role_dn, "objectGUID", &sdsa->repsFrom1->source_dsa_obj_guid); + if (ret != LDB_SUCCESS) { + DEBUG(0,(__location__ ": Failed to find objectGUID for %s\n", + ldb_dn_get_linearized(fsmo_role_dn))); + talloc_free(sdsa); + return WERR_DS_DRA_INTERNAL_ERROR; + } + + sdsa->repsFrom1->other_info = talloc_zero(sdsa, struct repsFromTo1OtherInfo); + if (!sdsa->repsFrom1->other_info) { + talloc_free(sdsa); + return WERR_NOMEM; + } + + sdsa->repsFrom1->other_info->dns_name = + talloc_asprintf(sdsa->repsFrom1->other_info, "%s._msdcs.%s", + GUID_string(sdsa->repsFrom1->other_info, &sdsa->repsFrom1->source_dsa_obj_guid), + lp_dnsdomain(service->task->lp_ctx)); + if (!sdsa->repsFrom1->other_info->dns_name) { + talloc_free(sdsa); + return WERR_NOMEM; + } + + + werr = dreplsrv_out_connection_attach(service, sdsa->repsFrom1, &sdsa->conn); + if (!W_ERROR_IS_OK(werr)) { + DEBUG(0,(__location__ ": Failed to attach to RID manager connection\n")); + talloc_free(sdsa); + return werr; + } + + service->ridalloc.rid_manager_source_dsa = sdsa; + return WERR_OK; +} + + +/* + schedule a getncchanges request to the RID Manager to ask for a new + set of RIDs using DRSUAPI_EXOP_FSMO_RID_ALLOC + */ +static WERROR drepl_request_new_rid_pool(struct dreplsrv_service *service, + struct ldb_dn *rid_manager_dn, struct ldb_dn *fsmo_role_dn) +{ + WERROR werr; + + if (service->ridalloc.rid_manager_source_dsa == NULL) { + /* we need to establish a connection to the RID + Manager */ + werr = drepl_create_rid_manager_source_dsa(service, rid_manager_dn, fsmo_role_dn); + W_ERROR_NOT_OK_RETURN(werr); + } + + werr = dreplsrv_schedule_partition_pull_source(service, service->ridalloc.rid_manager_source_dsa, + DRSUAPI_EXOP_FSMO_RID_ALLOC); + return werr; +} + + +/* + see if we are on the last pool we have + */ +static int drepl_ridalloc_pool_exhausted(struct ldb_context *ldb, bool *exhausted) +{ + struct ldb_dn *server_dn, *machine_dn, *rid_set_dn; + TALLOC_CTX *tmp_ctx = talloc_new(ldb); + uint64_t alloc_pool, prev_alloc_pool; + const char *attrs[] = { "rIDPreviousAllocationPool", "rIDAllocationPool", NULL }; + int ret; + struct ldb_result *res; + + server_dn = ldb_dn_get_parent(tmp_ctx, samdb_ntds_settings_dn(ldb)); + if (!server_dn) { + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = samdb_reference_dn(ldb, tmp_ctx, server_dn, "serverReference", &machine_dn); + if (ret != LDB_SUCCESS) { + DEBUG(0,(__location__ ": Failed to find serverReference in %s - %s", + ldb_dn_get_linearized(server_dn), ldb_errstring(ldb))); + talloc_free(tmp_ctx); + return ret; + } + + ret = samdb_reference_dn(ldb, tmp_ctx, machine_dn, "rIDSetReferences", &rid_set_dn); + if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) { + *exhausted = true; + talloc_free(tmp_ctx); + return LDB_SUCCESS; + } + if (ret != LDB_SUCCESS) { + DEBUG(0,(__location__ ": Failed to find rIDSetReferences in %s - %s", + ldb_dn_get_linearized(machine_dn), ldb_errstring(ldb))); + talloc_free(tmp_ctx); + return ret; + } + + ret = ldb_search(ldb, tmp_ctx, &res, rid_set_dn, LDB_SCOPE_BASE, attrs, NULL); + if (ret != LDB_SUCCESS) { + DEBUG(0,(__location__ ": Failed to load RID Set attrs from %s - %s", + ldb_dn_get_linearized(rid_set_dn), ldb_errstring(ldb))); + talloc_free(tmp_ctx); + return ret; + } + + alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAllocationPool", 0); + prev_alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDPreviousAllocationPool", 0); + + if (alloc_pool != prev_alloc_pool) { + *exhausted = false; + } else { + *exhausted = true; + } + + talloc_free(tmp_ctx); + return LDB_SUCCESS; +} + + +/* + see if we are low on RIDs in the RID Set rIDAllocationPool. If we + are, then schedule a replication call with DRSUAPI_EXOP_FSMO_RID_ALLOC + to the RID Manager + */ +WERROR dreplsrv_ridalloc_check_rid_pool(struct dreplsrv_service *service) +{ + struct ldb_dn *rid_manager_dn, *fsmo_role_dn; + TALLOC_CTX *tmp_ctx = talloc_new(service); + struct ldb_context *ldb = service->samdb; + bool exhausted; + WERROR werr; + int ret; + + /* + steps: + - find who the RID Manager is + - if we are the RID Manager then nothing to do + - find our RID Set object + - load rIDAllocationPool and rIDPreviousAllocationPool + - if rIDAllocationPool != rIDPreviousAllocationPool then + nothing to do + - schedule a getncchanges with DRSUAPI_EXOP_FSMO_RID_ALLOC + to the RID Manager + */ + + /* work out who is the RID Manager */ + ret = samdb_rid_manager_dn(ldb, tmp_ctx, &rid_manager_dn); + if (ret != LDB_SUCCESS) { + DEBUG(0, (__location__ ": Failed to find RID Manager object - %s", ldb_errstring(ldb))); + talloc_free(tmp_ctx); + return WERR_DS_DRA_INTERNAL_ERROR; + } + + /* find the DN of the RID Manager */ + ret = samdb_reference_dn(ldb, tmp_ctx, rid_manager_dn, "fSMORoleOwner", &fsmo_role_dn); + if (ret != LDB_SUCCESS) { + DEBUG(0,(__location__ ": Failed to find fSMORoleOwner in RID Manager object - %s", + ldb_errstring(ldb))); + talloc_free(tmp_ctx); + return WERR_DS_DRA_INTERNAL_ERROR; + } + + if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), fsmo_role_dn) == 0) { + /* we are the RID Manager - no need to do a + DRSUAPI_EXOP_FSMO_RID_ALLOC */ + talloc_free(tmp_ctx); + return WERR_OK; + } + + ret = drepl_ridalloc_pool_exhausted(ldb, &exhausted); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return WERR_DS_DRA_INTERNAL_ERROR; + } + + if (!exhausted) { + /* if we're not exhausted we don't need the exop call */ + talloc_free(tmp_ctx); + + /* we don't need to keep an open connection to the RID + Manager */ + talloc_free(service->ridalloc.rid_manager_source_dsa); + service->ridalloc.rid_manager_source_dsa = NULL; + + return WERR_OK; + } + + werr = drepl_request_new_rid_pool(service, rid_manager_dn, fsmo_role_dn); + talloc_free(tmp_ctx); + return werr; +} diff --git a/source4/dsdb/repl/drepl_service.h b/source4/dsdb/repl/drepl_service.h index 0f9684fa78..eb3cd045f9 100644 --- a/source4/dsdb/repl/drepl_service.h +++ b/source4/dsdb/repl/drepl_service.h @@ -108,6 +108,8 @@ struct dreplsrv_out_operation { struct dreplsrv_partition_source_dsa *source_dsa; struct composite_context *creq; + + enum drsuapi_DsExtendedOperation extended_op; }; struct dreplsrv_notify_operation { @@ -204,6 +206,10 @@ struct dreplsrv_service { /* an active notify operation */ struct dreplsrv_notify_operation *n_current; } ops; + + struct { + struct dreplsrv_partition_source_dsa *rid_manager_source_dsa; + } ridalloc; }; #include "dsdb/repl/drepl_out_helpers.h" -- cgit From 805ab0ef15faf339c4336eb95e09e1bea4b85d5a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 16:45:34 +1100 Subject: s4-messaging: added a new msg type MSG_DREPL_ALLOCATE_RID This will be used to ask the drepl task for a new RID pool Pair-Programmed-With: Andrew Bartlett --- source4/lib/messaging/messaging.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source4') diff --git a/source4/lib/messaging/messaging.h b/source4/lib/messaging/messaging.h index 4ec69c8f34..08953856a0 100644 --- a/source4/lib/messaging/messaging.h +++ b/source4/lib/messaging/messaging.h @@ -32,6 +32,7 @@ struct messaging_context; #define MSG_IRPC 6 #define MSG_PVFS_NOTIFY 7 #define MSG_NTVFS_OPLOCK_BREAK 8 +#define MSG_DREPL_ALLOCATE_RID 9 /* temporary messaging endpoints are allocated above this line */ #define MSG_TMP_BASE 1000 -- cgit From dc11414f987aa99f286acb1d1ece625d290831f3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 16:47:11 +1100 Subject: s4-dsdb: send a message to the drepl task when we need another RID pool We send the message when the current pool is half gone. We don't wait for a reply. Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/ridalloc.c | 72 ++++++++++++++++++++++++++++--- 1 file changed, 66 insertions(+), 6 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/ridalloc.c b/source4/dsdb/samdb/ldb_modules/ridalloc.c index 02737dd88b..c3d334ff3a 100644 --- a/source4/dsdb/samdb/ldb_modules/ridalloc.c +++ b/source4/dsdb/samdb/ldb_modules/ridalloc.c @@ -31,6 +31,8 @@ #include "ldb_module.h" #include "dsdb/samdb/samdb.h" #include "dsdb/samdb/ldb_modules/util.h" +#include "lib/messaging/irpc.h" +#include "param/param.h" /* Note: the RID allocation attributes in AD are very badly named. Here @@ -280,7 +282,7 @@ static int ridalloc_create_own_rid_set(struct ldb_module *module, TALLOC_CTX *me } if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), fsmo_role_dn) != 0) { - ldb_asprintf_errstring(ldb, "Remote RID Set allocation not implemented"); + ldb_asprintf_errstring(ldb, "Remote RID Set allocation needs refresh"); talloc_free(tmp_ctx); return LDB_ERR_UNWILLING_TO_PERFORM; } @@ -345,6 +347,43 @@ static int ridalloc_refresh_rid_set_ntds(struct ldb_module *module, } +/* + make a IRPC call to the drepl task to ask it to get the RID + Manager to give us another RID pool. + + This function just sends the message to the drepl task then + returns immediately. It should be called well before we + completely run out of RIDs + */ +static void ridalloc_poke_rid_manager(struct ldb_module *module) +{ + struct messaging_context *msg; + struct server_id *server; + struct ldb_context *ldb = ldb_module_get_ctx(module); + struct loadparm_context *lp_ctx = ldb_get_opaque(ldb, "loadparm"); + TALLOC_CTX *tmp_ctx = talloc_new(module); + + msg = messaging_client_init(tmp_ctx, lp_messaging_path(tmp_ctx, lp_ctx), + lp_iconv_convenience(lp_ctx), + ldb_get_event_context(ldb)); + if (!msg) { + DEBUG(3,(__location__ ": Failed to create messaging context\n")); + talloc_free(tmp_ctx); + return; + } + + server = irpc_servers_byname(msg, msg, "dreplsrv"); + if (!server) { + /* this means the drepl service is not running */ + talloc_free(tmp_ctx); + return; + } + + messaging_send(msg, server[0], MSG_DREPL_ALLOCATE_RID, NULL); + + /* we don't care if the message got through */ + talloc_free(tmp_ctx); +} /* get a new RID pool for ourselves @@ -376,7 +415,7 @@ static int ridalloc_refresh_own_pool(struct ldb_module *module, uint64_t *new_po } if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), fsmo_role_dn) != 0) { - ldb_asprintf_errstring(ldb, "Remote RID Set allocation not implemented"); + ldb_asprintf_errstring(ldb, "Remote RID Set allocation needs refresh"); talloc_free(tmp_ctx); return LDB_ERR_UNWILLING_TO_PERFORM; } @@ -395,15 +434,17 @@ int ridalloc_allocate_rid(struct ldb_module *module, uint32_t *rid) { struct ldb_context *ldb; static const char * const attrs[] = { "rIDAllocationPool", "rIDPreviousAllocationPool", - "rIDNextRID" , NULL }; + "rIDNextRID" , "rIDUsedPool", NULL }; int ret; struct ldb_dn *rid_set_dn; struct ldb_result *res; uint64_t alloc_pool, prev_alloc_pool; uint32_t prev_alloc_pool_lo, prev_alloc_pool_hi; + uint32_t rid_used_pool; int prev_rid; TALLOC_CTX *tmp_ctx = talloc_new(module); + (*rid) = 0; ldb = ldb_module_get_ctx(module); ret = samdb_rid_set_dn(ldb, tmp_ctx, &rid_set_dn); @@ -428,6 +469,7 @@ int ridalloc_allocate_rid(struct ldb_module *module, uint32_t *rid) prev_alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDPreviousAllocationPool", 0); alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAllocationPool", 0); prev_rid = ldb_msg_find_attr_as_int(res->msgs[0], "rIDNextRID", 0); + rid_used_pool = ldb_msg_find_attr_as_int(res->msgs[0], "rIDUsedPool", 0); if (alloc_pool == 0) { ldb_asprintf_errstring(ldb, __location__ ": Bad RID Set %s", ldb_dn_get_linearized(rid_set_dn)); @@ -453,7 +495,19 @@ int ridalloc_allocate_rid(struct ldb_module *module, uint32_t *rid) prev_alloc_pool = alloc_pool; prev_alloc_pool_lo = prev_alloc_pool & 0xFFFFFFFF; prev_alloc_pool_hi = prev_alloc_pool >> 32; + + /* update the rIDUsedPool attribute */ + ret = dsdb_module_set_integer(module, rid_set_dn, "rIDUsedPool", rid_used_pool+1); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, __location__ ": Failed to update rIDUsedPool on %s - %s", + ldb_dn_get_linearized(rid_set_dn), ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + + (*rid) = prev_alloc_pool_lo; } + /* see if we are still out of RIDs, and if so then ask the RID Manager to give us more */ if (prev_rid >= prev_alloc_pool_hi) { @@ -477,9 +531,7 @@ int ridalloc_allocate_rid(struct ldb_module *module, uint32_t *rid) } else { /* despite the name, rIDNextRID is the value of the last user * added by this DC, not the next available RID */ - if (prev_rid == 0) { - (*rid) = prev_alloc_pool_lo; - } else { + if (*rid == 0) { (*rid) = prev_rid + 1; } } @@ -499,7 +551,15 @@ int ridalloc_allocate_rid(struct ldb_module *module, uint32_t *rid) } else { ret = dsdb_module_constrainted_update_integer(module, rid_set_dn, "rIDNextRID", prev_rid, *rid); } + + /* if we are half-exhausted then ask the repl task to start + * getting another one */ + if (*rid > (prev_alloc_pool_hi + prev_alloc_pool_lo)/2) { + ridalloc_poke_rid_manager(module); + } + talloc_free(tmp_ctx); + return ret; } -- cgit From 7a40cacbde0dc707ac2d354bfb335312f420da4b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 16:47:36 +1100 Subject: s4-dsdb: the dsdb ldb modules now need messagiing Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/config.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 38ea1483e9..7dfe58451f 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -1,7 +1,7 @@ ################################################ # Start SUBSYSTEM DSDB_MODULE_HELPERS [SUBSYSTEM::DSDB_MODULE_HELPERS] -PRIVATE_DEPENDENCIES = LIBLDB LIBNDR SAMDB_SCHEMA +PRIVATE_DEPENDENCIES = LIBLDB LIBNDR SAMDB_SCHEMA MESSAGING DSDB_MODULE_HELPERS_OBJ_FILES = \ $(dsdbsrcdir)/samdb/ldb_modules/util.o \ -- cgit From cc7967b1c0555ba7641fb0248077295521f74943 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 17:16:58 +1100 Subject: s4-repl: allow for callbacks when a repl operation completes Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/repl/drepl_out_helpers.c | 4 ++-- source4/dsdb/repl/drepl_out_pull.c | 11 +++++++++-- source4/dsdb/repl/drepl_service.h | 5 +++++ 3 files changed, 16 insertions(+), 4 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c index 1225edecc7..4aa0e86b48 100644 --- a/source4/dsdb/repl/drepl_out_helpers.c +++ b/source4/dsdb/repl/drepl_out_helpers.c @@ -290,7 +290,7 @@ static void dreplsrv_op_pull_source_get_changes_send(struct dreplsrv_op_pull_sou r->in.req->req8.max_object_count = 133; r->in.req->req8.max_ndr_size = 1336811; r->in.req->req8.extended_op = st->op->extended_op; - r->in.req->req8.fsmo_info = 0; + r->in.req->req8.fsmo_info = st->op->fsmo_info; r->in.req->req8.partial_attribute_set = NULL; r->in.req->req8.partial_attribute_set_ex= NULL; r->in.req->req8.mapping_ctr.num_mappings= 0; @@ -306,7 +306,7 @@ static void dreplsrv_op_pull_source_get_changes_send(struct dreplsrv_op_pull_sou r->in.req->req5.max_object_count = 133; r->in.req->req5.max_ndr_size = 1336770; r->in.req->req5.extended_op = st->op->extended_op; - r->in.req->req5.fsmo_info = 0; + r->in.req->req5.fsmo_info = st->op->fsmo_info; } req = dcerpc_drsuapi_DsGetNCChanges_send(drsuapi->pipe, r, r); diff --git a/source4/dsdb/repl/drepl_out_pull.c b/source4/dsdb/repl/drepl_out_pull.c index ceec61848d..8a33006d06 100644 --- a/source4/dsdb/repl/drepl_out_pull.c +++ b/source4/dsdb/repl/drepl_out_pull.c @@ -35,7 +35,9 @@ WERROR dreplsrv_schedule_partition_pull_source(struct dreplsrv_service *s, struct dreplsrv_partition_source_dsa *source, - enum drsuapi_DsExtendedOperation extended_op) + enum drsuapi_DsExtendedOperation extended_op, + uint64_t fsmo_info, + dreplsrv_fsmo_callback_t callback) { struct dreplsrv_out_operation *op; @@ -45,6 +47,8 @@ WERROR dreplsrv_schedule_partition_pull_source(struct dreplsrv_service *s, op->service = s; op->source_dsa = source; op->extended_op = extended_op; + op->fsmo_info = fsmo_info; + op->callback = callback; DLIST_ADD_END(s->ops.pending, op, struct dreplsrv_out_operation *); @@ -59,7 +63,7 @@ static WERROR dreplsrv_schedule_partition_pull(struct dreplsrv_service *s, struct dreplsrv_partition_source_dsa *cur; for (cur = p->sources; cur; cur = cur->next) { - status = dreplsrv_schedule_partition_pull_source(s, cur, DRSUAPI_EXOP_NONE); + status = dreplsrv_schedule_partition_pull_source(s, cur, DRSUAPI_EXOP_NONE, 0, NULL); W_ERROR_NOT_OK_RETURN(status); } @@ -122,6 +126,9 @@ static void dreplsrv_pending_op_callback(struct dreplsrv_out_operation *op) rf->consecutive_sync_failures)); done: + if (op->callback) { + op->callback(s, rf->result_last_attempt); + } talloc_free(op); s->ops.current = NULL; dreplsrv_run_pending_ops(s); diff --git a/source4/dsdb/repl/drepl_service.h b/source4/dsdb/repl/drepl_service.h index eb3cd045f9..b9e8640ae9 100644 --- a/source4/dsdb/repl/drepl_service.h +++ b/source4/dsdb/repl/drepl_service.h @@ -100,6 +100,8 @@ struct dreplsrv_partition { struct dreplsrv_partition_source_dsa *sources; }; +typedef void (*dreplsrv_fsmo_callback_t)(struct dreplsrv_service *, WERROR ); + struct dreplsrv_out_operation { struct dreplsrv_out_operation *prev, *next; @@ -110,6 +112,8 @@ struct dreplsrv_out_operation { struct composite_context *creq; enum drsuapi_DsExtendedOperation extended_op; + uint64_t fsmo_info; + dreplsrv_fsmo_callback_t callback; }; struct dreplsrv_notify_operation { @@ -208,6 +212,7 @@ struct dreplsrv_service { } ops; struct { + bool in_progress; struct dreplsrv_partition_source_dsa *rid_manager_source_dsa; } ridalloc; }; -- cgit From 2590b7795d38728f53f795c2b60b32ace9ca5c4b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 17:18:42 +1100 Subject: s4-repl: implement MSG_DREPL_ALLOCATE_RID When the repl server gets MSG_DREPL_ALLOCATE_RID it contacts the RID Manager to ask for another RID pool. We use a callback on completion of the operation to make sure that we don't have two RID allocation requests in flight at once Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/repl/drepl_ridalloc.c | 66 +++++++++++++++++++++++++++----------- source4/dsdb/repl/drepl_service.c | 1 + 2 files changed, 48 insertions(+), 19 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/repl/drepl_ridalloc.c b/source4/dsdb/repl/drepl_ridalloc.c index 34f75862da..43fc5a2c51 100644 --- a/source4/dsdb/repl/drepl_ridalloc.c +++ b/source4/dsdb/repl/drepl_ridalloc.c @@ -96,13 +96,32 @@ static WERROR drepl_create_rid_manager_source_dsa(struct dreplsrv_service *servi return WERR_OK; } +/* + called when a rid allocation request has completed + */ +static void drepl_new_rid_pool_callback(struct dreplsrv_service *service, WERROR werr) +{ + if (!W_ERROR_IS_OK(werr)) { + DEBUG(0,(__location__ ": RID Manager failed RID allocation - %s\n", + win_errstr(werr))); + } else { + DEBUG(3,(__location__ ": RID Manager completed RID allocation OK\n")); + } + + /* don't keep the connection open to the RID Manager */ + talloc_free(service->ridalloc.rid_manager_source_dsa); + service->ridalloc.rid_manager_source_dsa = NULL; + + service->ridalloc.in_progress = false; +} /* schedule a getncchanges request to the RID Manager to ask for a new set of RIDs using DRSUAPI_EXOP_FSMO_RID_ALLOC */ static WERROR drepl_request_new_rid_pool(struct dreplsrv_service *service, - struct ldb_dn *rid_manager_dn, struct ldb_dn *fsmo_role_dn) + struct ldb_dn *rid_manager_dn, struct ldb_dn *fsmo_role_dn, + uint64_t alloc_pool) { WERROR werr; @@ -113,8 +132,11 @@ static WERROR drepl_request_new_rid_pool(struct dreplsrv_service *service, W_ERROR_NOT_OK_RETURN(werr); } + service->ridalloc.in_progress = true; + werr = dreplsrv_schedule_partition_pull_source(service, service->ridalloc.rid_manager_source_dsa, - DRSUAPI_EXOP_FSMO_RID_ALLOC); + DRSUAPI_EXOP_FSMO_RID_ALLOC, alloc_pool, + drepl_new_rid_pool_callback); return werr; } @@ -122,11 +144,11 @@ static WERROR drepl_request_new_rid_pool(struct dreplsrv_service *service, /* see if we are on the last pool we have */ -static int drepl_ridalloc_pool_exhausted(struct ldb_context *ldb, bool *exhausted) +static int drepl_ridalloc_pool_exhausted(struct ldb_context *ldb, bool *exhausted, uint64_t *alloc_pool) { struct ldb_dn *server_dn, *machine_dn, *rid_set_dn; TALLOC_CTX *tmp_ctx = talloc_new(ldb); - uint64_t alloc_pool, prev_alloc_pool; + uint64_t prev_alloc_pool; const char *attrs[] = { "rIDPreviousAllocationPool", "rIDAllocationPool", NULL }; int ret; struct ldb_result *res; @@ -166,10 +188,10 @@ static int drepl_ridalloc_pool_exhausted(struct ldb_context *ldb, bool *exhauste return ret; } - alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAllocationPool", 0); + *alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAllocationPool", 0); prev_alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDPreviousAllocationPool", 0); - if (alloc_pool != prev_alloc_pool) { + if (*alloc_pool != prev_alloc_pool) { *exhausted = false; } else { *exhausted = true; @@ -193,6 +215,12 @@ WERROR dreplsrv_ridalloc_check_rid_pool(struct dreplsrv_service *service) bool exhausted; WERROR werr; int ret; + uint64_t alloc_pool; + + if (service->ridalloc.in_progress) { + talloc_free(tmp_ctx); + return WERR_OK; + } /* steps: @@ -230,25 +258,25 @@ WERROR dreplsrv_ridalloc_check_rid_pool(struct dreplsrv_service *service) return WERR_OK; } - ret = drepl_ridalloc_pool_exhausted(ldb, &exhausted); + ret = drepl_ridalloc_pool_exhausted(ldb, &exhausted, &alloc_pool); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); return WERR_DS_DRA_INTERNAL_ERROR; } - if (!exhausted) { - /* if we're not exhausted we don't need the exop call */ - talloc_free(tmp_ctx); - - /* we don't need to keep an open connection to the RID - Manager */ - talloc_free(service->ridalloc.rid_manager_source_dsa); - service->ridalloc.rid_manager_source_dsa = NULL; + DEBUG(2,(__location__ ": Requesting more RIDs from RID Manager\n")); - return WERR_OK; - } - - werr = drepl_request_new_rid_pool(service, rid_manager_dn, fsmo_role_dn); + werr = drepl_request_new_rid_pool(service, rid_manager_dn, fsmo_role_dn, alloc_pool); talloc_free(tmp_ctx); return werr; } + +/* called by the samldb ldb module to tell us to ask for a new RID + pool */ +void dreplsrv_allocate_rid(struct messaging_context *msg, void *private_data, + uint32_t msg_type, + struct server_id server_id, DATA_BLOB *data) +{ + struct dreplsrv_service *service = talloc_get_type(private_data, struct dreplsrv_service); + dreplsrv_ridalloc_check_rid_pool(service); +} diff --git a/source4/dsdb/repl/drepl_service.c b/source4/dsdb/repl/drepl_service.c index a05ccc8d70..44164ff68f 100644 --- a/source4/dsdb/repl/drepl_service.c +++ b/source4/dsdb/repl/drepl_service.c @@ -206,6 +206,7 @@ static void dreplsrv_task_init(struct task_server *task) irpc_add_name(task->msg_ctx, "dreplsrv"); IRPC_REGISTER(task->msg_ctx, drsuapi, DRSUAPI_DSREPLICASYNC, drepl_replica_sync, service); + messaging_register(task->msg_ctx, service, MSG_DREPL_ALLOCATE_RID, dreplsrv_allocate_rid); } /* -- cgit From b1f97b7e60b68429f0a9c12de9cd1cf24b2d8d35 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 19:34:14 +1100 Subject: s4-dsdb: added an extended operation for allocating a new RID pool This will be called by getncchanges when a client asks for a DRSUAPI_EXOP_FSMO_RID_ALLOC operation Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/ridalloc.c | 90 +++++++++++++++++++++++++++++++ source4/dsdb/samdb/ldb_modules/samldb.c | 32 ++++++++++- source4/dsdb/samdb/samdb.h | 8 +++ source4/setup/schema_samba4.ldif | 1 + 4 files changed, 130 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/ridalloc.c b/source4/dsdb/samdb/ldb_modules/ridalloc.c index c3d334ff3a..2d0753f393 100644 --- a/source4/dsdb/samdb/ldb_modules/ridalloc.c +++ b/source4/dsdb/samdb/ldb_modules/ridalloc.c @@ -33,6 +33,7 @@ #include "dsdb/samdb/ldb_modules/util.h" #include "lib/messaging/irpc.h" #include "param/param.h" +#include "librpc/gen_ndr/ndr_misc.h" /* Note: the RID allocation attributes in AD are very badly named. Here @@ -140,6 +141,7 @@ static int ridalloc_create_rid_set_ntds(struct ldb_module *module, TALLOC_CTX *m server_dn = ldb_dn_get_parent(tmp_ctx, ntds_dn); if (!server_dn) { ldb_module_oom(module); + talloc_free(tmp_ctx); return LDB_ERR_OPERATIONS_ERROR; } @@ -315,6 +317,7 @@ static int ridalloc_refresh_rid_set_ntds(struct ldb_module *module, server_dn = ldb_dn_get_parent(tmp_ctx, ntds_dn); if (!server_dn) { ldb_module_oom(module); + talloc_free(tmp_ctx); return LDB_ERR_OPERATIONS_ERROR; } @@ -560,6 +563,93 @@ int ridalloc_allocate_rid(struct ldb_module *module, uint32_t *rid) talloc_free(tmp_ctx); + return ret; +} + + +/* + called by DSDB_EXTENDED_ALLOCATE_RID_POOL extended operation in samldb + */ +int ridalloc_allocate_rid_pool_fsmo(struct ldb_module *module, struct dsdb_fsmo_extended_op *exop) +{ + struct ldb_dn *ntds_dn, *server_dn, *machine_dn, *rid_set_dn; + struct ldb_dn *rid_manager_dn; + TALLOC_CTX *tmp_ctx = talloc_new(module); + int ret; + struct ldb_context *ldb = ldb_module_get_ctx(module); + uint64_t new_pool; + + ret = dsdb_module_dn_by_guid(module, tmp_ctx, &exop->destination_dsa_guid, &ntds_dn); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, __location__ ": Unable to find NTDS object for guid %s - %s\n", + GUID_string(tmp_ctx, &exop->destination_dsa_guid), ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + + server_dn = ldb_dn_get_parent(tmp_ctx, ntds_dn); + if (!server_dn) { + ldb_module_oom(module); + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = dsdb_module_reference_dn(module, tmp_ctx, server_dn, "serverReference", &machine_dn); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, __location__ ": Failed to find serverReference in %s - %s", + ldb_dn_get_linearized(server_dn), ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + + ret = dsdb_module_rid_manager_dn(module, tmp_ctx, &rid_manager_dn); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, __location__ ": Failed to find RID Manager object - %s", + ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + + ret = dsdb_module_reference_dn(module, tmp_ctx, machine_dn, "rIDSetReferences", &rid_set_dn); + if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) { + ret = ridalloc_create_rid_set_ntds(module, tmp_ctx, rid_manager_dn, ntds_dn, &rid_set_dn); + talloc_free(tmp_ctx); + return ret; + } + + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, "Failed to find rIDSetReferences in %s - %s", + ldb_dn_get_linearized(machine_dn), ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + + if (exop->fsmo_info != 0) { + const char *attrs[] = { "rIDAllocationPool", NULL }; + struct ldb_result *res; + uint64_t alloc_pool; + + ret = dsdb_module_search_dn(module, tmp_ctx, &res, rid_set_dn, attrs, 0); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, __location__ ": No RID Set %s", + ldb_dn_get_linearized(rid_set_dn)); + talloc_free(tmp_ctx); + return ret; + } + + alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAllocationPool", 0); + if (alloc_pool != exop->fsmo_info) { + /* it has already been updated */ + DEBUG(2,(__location__ ": rIDAllocationPool fsmo_info mismatch - already changed (0x%llx 0x%llx)\n", + (unsigned long long)exop->fsmo_info, + (unsigned long long)alloc_pool)); + talloc_free(tmp_ctx); + return LDB_SUCCESS; + } + } + + ret = ridalloc_refresh_rid_set_ntds(module, rid_manager_dn, ntds_dn, &new_pool); + talloc_free(tmp_ctx); return ret; } diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index eb83633fe2..79bfc0a15c 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -1860,11 +1860,41 @@ static int samldb_delete(struct ldb_module *module, struct ldb_request *req) return samldb_prim_group_users_check(ac); } +static int samldb_extended_allocate_rid_pool(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_context *ldb = ldb_module_get_ctx(module); + struct dsdb_fsmo_extended_op *exop; + int ret; + + exop = talloc_get_type(req->op.extended.data, struct dsdb_fsmo_extended_op); + if (!exop) { + ldb_debug(ldb, LDB_DEBUG_FATAL, "samldb_extended_allocate_rid_pool: invalid extended data\n"); + return LDB_ERR_PROTOCOL_ERROR; + } + + ret = ridalloc_allocate_rid_pool_fsmo(module, exop); + if (ret != LDB_SUCCESS) { + return ret; + } + + return ldb_module_done(req, NULL, NULL, LDB_SUCCESS); +} + +static int samldb_extended(struct ldb_module *module, struct ldb_request *req) +{ + if (strcmp(req->op.extended.oid, DSDB_EXTENDED_ALLOCATE_RID_POOL) == 0) { + return samldb_extended_allocate_rid_pool(module, req); + } + + return ldb_next_request(module, req); +} + _PUBLIC_ const struct ldb_module_ops ldb_samldb_module_ops = { .name = "samldb", .add = samldb_add, .modify = samldb_modify, - .del = samldb_delete + .del = samldb_delete, + .extended = samldb_extended }; diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h index a05aa00f7a..6df30b2904 100644 --- a/source4/dsdb/samdb/samdb.h +++ b/source4/dsdb/samdb/samdb.h @@ -142,4 +142,12 @@ struct dsdb_extended_dn_store_format { #define DSDB_OPAQUE_PARTITION_MODULE_MSG_OPAQUE_NAME "DSDB_OPAQUE_PARTITION_MODULE_MSG" +/* this takes a struct dsdb_fsmo_extended_op */ +#define DSDB_EXTENDED_ALLOCATE_RID_POOL "1.3.6.1.4.1.7165.4.4.5" + +struct dsdb_fsmo_extended_op { + uint64_t fsmo_info; + struct GUID destination_dsa_guid; +}; + #endif /* __SAMDB_H__ */ diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 70ae5d8d77..e28aa0e5cb 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -182,6 +182,7 @@ #Allocated: DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID 1.3.6.1.4.1.7165.4.4.2 #Allocated: LDB_EXTENDED_SEQUENCE_NUMBER 1.3.6.1.4.1.7165.4.4.3 #Allocated: DSDB_EXTENDED_CREATE_PARTITION_OID 1.3.6.1.4.1.7165.4.4.4 +#Allocated: DSDB_EXTENDED_ALLOCATE_RID_POOL 1.3.6.1.4.1.7165.4.4.5 #Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1 -- cgit From f25409195737e8e9c29495526f6d2f6c58bda037 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 19:35:05 +1100 Subject: s4-dsdb: added support for DRSUAPI_EXOP_FSMO_RID_ALLOC This allocates a RID pool for the client DC when we are the RID Manager Pair-Programmed-With: Andrew Bartlett --- source4/rpc_server/drsuapi/getncchanges.c | 110 ++++++++++++++++++++++++++++-- 1 file changed, 103 insertions(+), 7 deletions(-) (limited to 'source4') diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index 437dc87ae8..f2cc75cc39 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -564,6 +564,88 @@ static int site_res_cmp_usn_order(const struct ldb_message **m1, const struct ld } +/* + handle a DRSUAPI_EXOP_FSMO_RID_ALLOC call + */ +static WERROR getncchanges_rid_alloc(struct drsuapi_bind_state *b_state, + TALLOC_CTX *mem_ctx, + struct drsuapi_DsGetNCChangesRequest8 *req8, + struct drsuapi_DsGetNCChangesCtr6 *ctr6) +{ + struct ldb_dn *rid_manager_dn, *fsmo_role_dn, *req_dn; + int ret; + struct ldb_context *ldb = b_state->sam_ctx; + struct ldb_result *ext_res; + struct ldb_dn *base_dn; + struct dsdb_fsmo_extended_op *exop; + + /* + steps: + - verify that the DN being asked for is the RID Manager DN + - verify that we are the RID Manager + */ + + /* work out who is the RID Manager */ + ret = samdb_rid_manager_dn(ldb, mem_ctx, &rid_manager_dn); + if (ret != LDB_SUCCESS) { + DEBUG(0, (__location__ ": Failed to find RID Manager object - %s", ldb_errstring(ldb))); + return WERR_DS_DRA_INTERNAL_ERROR; + } + + req_dn = ldb_dn_new(ldb, mem_ctx, req8->naming_context->dn); + if (!req_dn || + !ldb_dn_validate(req_dn) || + ldb_dn_compare(samdb_ntds_settings_dn(ldb), rid_manager_dn) != 0) { + /* that isn't the RID Manager DN */ + ctr6->extended_ret = DRSUAPI_EXOP_ERR_MISMATCH; + return WERR_OK; + } + + /* find the DN of the RID Manager */ + ret = samdb_reference_dn(ldb, mem_ctx, rid_manager_dn, "fSMORoleOwner", &fsmo_role_dn); + if (ret != LDB_SUCCESS) { + DEBUG(0,(__location__ ": Failed to find fSMORoleOwner in RID Manager object - %s", + ldb_errstring(ldb))); + return WERR_DS_DRA_INTERNAL_ERROR; + } + + if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), fsmo_role_dn) != 0) { + /* we're not the RID Manager - go away */ + ctr6->extended_ret = DRSUAPI_EXOP_ERR_FSMO_NOT_OWNER; + return WERR_OK; + } + + exop = talloc(mem_ctx, struct dsdb_fsmo_extended_op); + W_ERROR_HAVE_NO_MEMORY(exop); + + exop->fsmo_info = req8->fsmo_info; + exop->destination_dsa_guid = req8->destination_dsa_guid; + + ret = ldb_extended(ldb, DSDB_EXTENDED_ALLOCATE_RID_POOL, exop, &ext_res); + if (ret != LDB_SUCCESS) { + DEBUG(0,(__location__ ": Failed extended allocation RID pool operation - %s\n", + ldb_errstring(ldb))); + return WERR_DS_DRA_INTERNAL_ERROR; + } + talloc_free(ext_res); + + base_dn = samdb_base_dn(ldb); + + /* to complete the rest of the operation we need to point + getncchanges at the base DN for the domain */ + req8->naming_context->dn = ldb_dn_get_linearized(base_dn); + ret = dsdb_find_guid_by_dn(ldb, base_dn, &req8->naming_context->guid); + if (ret != LDB_SUCCESS) { + DEBUG(0,(__location__ ": Failed to find base DN GUID - %s\n", + ldb_errstring(ldb))); + return WERR_DS_DRA_INTERNAL_ERROR; + } + + return WERR_OK; +} + + + /* state of a partially completed getncchanges call */ struct drsuapi_getncchanges_state { struct ldb_result *site_res; @@ -669,6 +751,27 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ return werr; } + /* we don't yet support extended operations */ + switch (req8->extended_op) { + case DRSUAPI_EXOP_NONE: + break; + + case DRSUAPI_EXOP_FSMO_RID_ALLOC: + werr = getncchanges_rid_alloc(b_state, mem_ctx, req8, &r->out.ctr->ctr6); + W_ERROR_NOT_OK_RETURN(werr); + break; + + case DRSUAPI_EXOP_FSMO_REQ_ROLE: + case DRSUAPI_EXOP_FSMO_RID_REQ_ROLE: + case DRSUAPI_EXOP_FSMO_REQ_PDC: + case DRSUAPI_EXOP_FSMO_ABANDON_ROLE: + case DRSUAPI_EXOP_REPL_OBJ: + case DRSUAPI_EXOP_REPL_SECRET: + DEBUG(0,(__location__ ": Request for DsGetNCChanges unsupported extended op 0x%x\n", + (unsigned)req8->extended_op)); + return WERR_DS_DRA_NOT_SUPPORTED; + } + getnc_state = b_state->getncchanges_state; /* see if a previous replication has been abandoned */ @@ -706,13 +809,6 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ return WERR_DS_DRA_INTERNAL_ERROR; } - /* we don't yet support extended operations */ - if (req8->extended_op != DRSUAPI_EXOP_NONE) { - DEBUG(0,(__location__ ": Request for DsGetNCChanges extended op 0x%x\n", - (unsigned)req8->extended_op)); - return WERR_DS_DRA_NOT_SUPPORTED; - } - /* TODO: MS-DRSR section 4.1.10.1.1 Work out if this is the start of a new cycle */ -- cgit From dcbba583d9a7acbbd0086889f3be722121754eae Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 20:55:38 +1100 Subject: s4-event: added s4_event_context_set_default() we're still not weaned off event_context_find() --- source4/lib/events/events.h | 1 + source4/lib/events/tevent_s4.c | 15 ++++++++++++++- source4/smbd/server.c | 3 +++ 3 files changed, 18 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/lib/events/events.h b/source4/lib/events/events.h index 1b2dbde32b..5fdb96794e 100644 --- a/source4/lib/events/events.h +++ b/source4/lib/events/events.h @@ -4,4 +4,5 @@ #include <../lib/tevent/tevent.h> struct tevent_context *s4_event_context_init(TALLOC_CTX *mem_ctx); struct tevent_context *event_context_find(TALLOC_CTX *mem_ctx) _DEPRECATED_; +void s4_event_context_set_default(struct tevent_context *ev); #endif /* __LIB_EVENTS_H__ */ diff --git a/source4/lib/events/tevent_s4.c b/source4/lib/events/tevent_s4.c index 1898269c2c..838f20debe 100644 --- a/source4/lib/events/tevent_s4.c +++ b/source4/lib/events/tevent_s4.c @@ -71,6 +71,16 @@ struct tevent_context *s4_event_context_init(TALLOC_CTX *mem_ctx) return ev; } +static struct tevent_context *default_tevent_context; + +/* set a default event context that will be used for + * event_context_find() if a parent event context is not found + */ +void s4_event_context_set_default(struct tevent_context *ev) +{ + default_tevent_context = ev; +} + /* find an event context that is a parent of the given memory context, or create a new event context as a child of the given context if @@ -83,7 +93,10 @@ struct tevent_context *s4_event_context_init(TALLOC_CTX *mem_ctx) struct tevent_context *event_context_find(TALLOC_CTX *mem_ctx) { struct tevent_context *ev = talloc_find_parent_bytype(mem_ctx, struct tevent_context); - if (ev == NULL) { + if (ev == NULL) { + ev = default_tevent_context; + } + if (ev == NULL) { ev = tevent_context_init(mem_ctx); } return ev; diff --git a/source4/smbd/server.c b/source4/smbd/server.c index e73cdfd659..99e9c68a87 100644 --- a/source4/smbd/server.c +++ b/source4/smbd/server.c @@ -376,6 +376,9 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[ should hang off that */ event_ctx = s4_event_context_init(talloc_autofree_context()); + /* setup this as the default context */ + s4_event_context_set_default(event_ctx); + if (event_ctx == NULL) { DEBUG(0,("Initializing event context failed\n")); return 1; -- cgit From ac5d42606270423b409e2cac32550bb6e48b27de Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 20:56:19 +1100 Subject: s4-drs: added some debug messages It is nice to see when a RID Alloc is successful --- source4/rpc_server/drsuapi/getncchanges.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source4') diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index f2cc75cc39..64588f3a5d 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -597,6 +597,8 @@ static WERROR getncchanges_rid_alloc(struct drsuapi_bind_state *b_state, !ldb_dn_validate(req_dn) || ldb_dn_compare(samdb_ntds_settings_dn(ldb), rid_manager_dn) != 0) { /* that isn't the RID Manager DN */ + DEBUG(0,(__location__ ": RID Alloc request for wrong DN %s", + req8->naming_context->dn)); ctr6->extended_ret = DRSUAPI_EXOP_ERR_MISMATCH; return WERR_OK; } @@ -611,6 +613,7 @@ static WERROR getncchanges_rid_alloc(struct drsuapi_bind_state *b_state, if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), fsmo_role_dn) != 0) { /* we're not the RID Manager - go away */ + DEBUG(0,(__location__ ": RID Alloc request when not RID Manager")); ctr6->extended_ret = DRSUAPI_EXOP_ERR_FSMO_NOT_OWNER; return WERR_OK; } @@ -631,6 +634,9 @@ static WERROR getncchanges_rid_alloc(struct drsuapi_bind_state *b_state, base_dn = samdb_base_dn(ldb); + DEBUG(2,("Allocated RID pool for server %s\n", + GUID_string(mem_ctx, &req8->destination_dsa_guid))); + /* to complete the rest of the operation we need to point getncchanges at the base DN for the domain */ req8->naming_context->dn = ldb_dn_get_linearized(base_dn); -- cgit From c4fa4d116264f661d9eaddc6c4e430de476cff83 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 10:09:09 +1100 Subject: s4-dsdb: improve error messages in schema and pdc_fsmo modules We want to incorporate the error messages from the modules further down the stack. --- source4/dsdb/samdb/ldb_modules/pdc_fsmo.c | 4 ++-- source4/dsdb/samdb/ldb_modules/schema_load.c | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c index 796ecaf7bc..00d9a30fd3 100644 --- a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c @@ -75,8 +75,8 @@ static int pdc_fsmo_init(struct ldb_module *module) return ldb_next_init(module); } else if (ret != LDB_SUCCESS) { ldb_debug_set(ldb, LDB_DEBUG_FATAL, - "pdc_fsmo_init: failed to search the domain object: %d:%s", - ret, ldb_strerror(ret)); + "pdc_fsmo_init: failed to search the domain object: %d:%s: %s", + ret, ldb_strerror(ret), ldb_errstring(ldb)); talloc_free(mem_ctx); return ret; } diff --git a/source4/dsdb/samdb/ldb_modules/schema_load.c b/source4/dsdb/samdb/ldb_modules/schema_load.c index c72911fe89..6c11df21ce 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_load.c +++ b/source4/dsdb/samdb/ldb_modules/schema_load.c @@ -181,8 +181,8 @@ static int schema_load_init(struct ldb_module *module) ret = dsdb_set_schema(ldb, schema); if (ret != LDB_SUCCESS) { ldb_debug_set(ldb, LDB_DEBUG_FATAL, - "schema_load_init: dsdb_set_schema() failed: %d:%s", - ret, ldb_strerror(ret)); + "schema_load_init: dsdb_set_schema() failed: %d:%s: %s", + ret, ldb_strerror(ret), ldb_errstring(ldb)); talloc_free(mem_ctx); return ret; } @@ -240,8 +240,8 @@ static int schema_load_extended(struct ldb_module *module, struct ldb_request *r ret = dsdb_set_schema(ldb, schema); if (ret != LDB_SUCCESS) { ldb_debug_set(ldb, LDB_DEBUG_FATAL, - "schema_load_extended: dsdb_set_schema() failed: %d:%s", - ret, ldb_strerror(ret)); + "schema_load_extended: dsdb_set_schema() failed: %d:%s: %s", + ret, ldb_strerror(ret), ldb_errstring(ldb)); talloc_free(mem_ctx); return ret; } -- cgit From fdf12a607d4da368bcbb8d4379b6ea38cbfdbce6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 10:11:10 +1100 Subject: s4-ldb: improve error handling in indexing code When we get an indexing failure we want a clear error message --- source4/lib/ldb/ldb_tdb/ldb_index.c | 36 ++++++++++++++++++++++++++++++++---- source4/lib/ldb/ldb_tdb/ldb_tdb.c | 3 ++- 2 files changed, 34 insertions(+), 5 deletions(-) (limited to 'source4') diff --git a/source4/lib/ldb/ldb_tdb/ldb_index.c b/source4/lib/ldb/ldb_tdb/ldb_index.c index 52f9f00c58..01d0d6ce34 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_index.c +++ b/source4/lib/ldb/ldb_tdb/ldb_index.c @@ -1104,6 +1104,8 @@ static int ltdb_index_add1(struct ldb_module *module, const char *dn, if (list->count > 0 && a->flags & LDB_ATTR_FLAG_UNIQUE_INDEX) { talloc_free(list); + ldb_asprintf_errstring(ldb, __location__ ": unique index violation on %s in %s", + el->name, dn); return LDB_ERR_ENTRY_ALREADY_EXISTS; } @@ -1168,6 +1170,10 @@ static int ltdb_index_add_all(struct ldb_module *module, const char *dn, } ret = ltdb_index_add_el(module, dn, &elements[i]); if (ret != LDB_SUCCESS) { + struct ldb_context *ldb = ldb_module_get_ctx(module); + ldb_asprintf_errstring(ldb, + __location__ ": Failed to re-index %s in %s - %s", + elements[i].name, dn, ldb_errstring(ldb)); return ret; } } @@ -1446,13 +1452,19 @@ static int delete_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, vo return 0; } +struct ltdb_reindex_context { + struct ldb_module *module; + int error; +}; + /* traversal function that adds @INDEX records during a re index */ static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *state) { struct ldb_context *ldb; - struct ldb_module *module = (struct ldb_module *)state; + struct ltdb_reindex_context *ctx = (struct ltdb_reindex_context *)state; + struct ldb_module *module = ctx->module; struct ldb_message *msg; const char *dn = NULL; int ret; @@ -1511,9 +1523,13 @@ static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void * ret = ltdb_index_add_all(module, dn, msg->elements, msg->num_elements); - talloc_free(msg); + if (ret != LDB_SUCCESS) { + ctx->error = ret; + talloc_free(msg); + return -1; + } - if (ret != LDB_SUCCESS) return -1; + talloc_free(msg); return 0; } @@ -1525,6 +1541,7 @@ int ltdb_reindex(struct ldb_module *module) { struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module), struct ltdb_private); int ret; + struct ltdb_reindex_context ctx; if (ltdb_cache_reload(module) != 0) { return LDB_ERR_OPERATIONS_ERROR; @@ -1543,11 +1560,22 @@ int ltdb_reindex(struct ldb_module *module) return LDB_SUCCESS; } + ctx.module = module; + ctx.error = 0; + /* now traverse adding any indexes for normal LDB records */ - ret = tdb_traverse(ltdb->tdb, re_index, module); + ret = tdb_traverse(ltdb->tdb, re_index, &ctx); if (ret == -1) { + struct ldb_context *ldb = ldb_module_get_ctx(module); + ldb_asprintf_errstring(ldb, "reindexing traverse failed: %s", ldb_errstring(ldb)); return LDB_ERR_OPERATIONS_ERROR; } + if (ctx.error != LDB_SUCCESS) { + struct ldb_context *ldb = ldb_module_get_ctx(module); + ldb_asprintf_errstring(ldb, "reindexing failed: %s", ldb_errstring(ldb)); + return ctx.error; + } + return LDB_SUCCESS; } diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.c b/source4/lib/ldb/ldb_tdb/ldb_tdb.c index a146b96b20..b8b4d399ef 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb.c +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.c @@ -230,7 +230,8 @@ static int ltdb_modified(struct ldb_module *module, struct ldb_dn *dn) } /* If the modify was to @OPTIONS, reload the cache */ - if (ldb_dn_is_special(dn) && + if (ret == LDB_SUCCESS && + ldb_dn_is_special(dn) && (ldb_dn_check_special(dn, LTDB_OPTIONS)) ) { ret = ltdb_cache_reload(module); } -- cgit From 42f0bdae6952af7e1005b6bf9b4a3c6ecc42d62d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 10:11:30 +1100 Subject: s4-provision: RID 1000 is consumed by the machine account --- source4/setup/provision.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index eb7bd02db6..93fa0bf322 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -431,7 +431,7 @@ dn: CN=RID Manager$,CN=System,${DOMAINDN} objectClass: top objectClass: rIDManager systemFlags: -1946157056 -rIDAvailablePool: 1000-1073741823 +rIDAvailablePool: 1001-1073741823 isCriticalSystemObject: TRUE dn: CN=RpcServices,CN=System,${DOMAINDN} -- cgit From 1f25d0a5add1812723dfb93da28bbb80dc5d6757 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 10:12:24 +1100 Subject: s4-provision: re-open sam.ldb after creating the schema This enables the full schema during the rest of the provision, which means indexing is enabled (along with index error checking, such as duplicate SIDs) --- source4/scripting/python/samba/provision.py | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source4') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index bb47d2bd5c..0d50789b77 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -946,6 +946,15 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, setup_add_ldif(samdb, setup_path("aggregate_schema.ldif"), {"SCHEMADN": names.schemadn}) + message("Reopening sam.ldb with new schema"); + samdb.transaction_commit() + samdb = Ldb(session_info=session_info, + credentials=provision_backend.credentials, lp=lp) + samdb.connect(path) + samdb.transaction_start() + if serverrole == "domain controller": + samdb.set_invocation_id(invocationid) + message("Setting up sam.ldb configuration data") setup_add_ldif(samdb, setup_path("provision_configuration.ldif"), { "CONFIGDN": names.configdn, -- cgit From 9672a3d1cc17dd800403a9987602403b8c6e757f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 10:18:30 +1100 Subject: s4-devel: a useful script to setup bin/ and st/ as tmpfs filesystems this makes building and testing s4 as a developer much faster, if you have enough memory! --- source4/scripting/devel/tmpfs.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100755 source4/scripting/devel/tmpfs.sh (limited to 'source4') diff --git a/source4/scripting/devel/tmpfs.sh b/source4/scripting/devel/tmpfs.sh new file mode 100755 index 0000000000..5604f68dd7 --- /dev/null +++ b/source4/scripting/devel/tmpfs.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +# This sets up bin/ and st/ as tmpfs filesystems, which saves a lot of +# time waiting on the disk! + +rm -rf bin st +mkdir -p bin st || exit 1 +sudo mount -t tmpfs /dev/null bin || exit 1 +sudo chown $USER bin || exit 1 +echo "tmpfs setup for bin/" +sudo mount -t tmpfs /dev/null st || exit 1 +sudo chown $USER st || exit 1 +echo "tmpfs setup for st/" -- cgit From f7756c87bb8bd1eba8d7f92cfbc797db42d3de4a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 10:22:26 +1100 Subject: s4-partition: don't ignore errors from other modules if we get an error code from a lower module, we don't want to ignore it just because something also succeeded --- source4/dsdb/samdb/ldb_modules/partition.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 01ae0a10a7..b879bc4106 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -39,7 +39,6 @@ struct part_request { struct partition_context { struct ldb_module *module; struct ldb_request *req; - bool got_success; struct part_request *part_req; int num_requests; @@ -160,7 +159,7 @@ static int partition_req_callback(struct ldb_request *req, } } - if (ares->error != LDB_SUCCESS && !ac->got_success) { + if (ares->error != LDB_SUCCESS) { return ldb_module_done(ac->req, ares->controls, ares->response, ares->error); } @@ -182,9 +181,6 @@ static int partition_req_callback(struct ldb_request *req, return ldb_module_send_entry(ac->req, ares->message, ares->controls); case LDB_REPLY_DONE: - if (ares->error == LDB_SUCCESS) { - ac->got_success = true; - } if (ac->req->operation == LDB_EXTENDED) { /* FIXME: check for ares->response, replmd does not fill it ! */ if (ares->response) { @@ -205,7 +201,7 @@ static int partition_req_callback(struct ldb_request *req, /* this was the last one, call callback */ return ldb_module_done(ac->req, ares->controls, ares->response, - ac->got_success?LDB_SUCCESS:ares->error); + ares->error); } /* not the last, now call the next one */ -- cgit From a7b3891fb5e20fd3a5b9cc9df37d70693836c0e0 Mon Sep 17 00:00:00 2001 From: Kamen Mazdrashki Date: Wed, 6 Jan 2010 23:16:12 +0200 Subject: s4/dsdb_schema: GET_UINT32_DS() macro to use supplied default value instead of 0 --- source4/dsdb/schema/schema_init.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index ccdf97cf2d..87599a9223 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -945,7 +945,7 @@ static struct drsuapi_DsReplicaAttribute *dsdb_find_object_attr_name(struct dsdb } \ } while (0) -#define GET_UINT32_DS(s, r, attr, p, elem) do { \ +#define GET_UINT32_DS(s, r, attr, p, elem, def_val) do { \ struct drsuapi_DsReplicaAttribute *_a; \ _a = dsdb_find_object_attr_name(s, r, attr, NULL); \ if (_a && _a->value_ctr.num_values >= 1 \ @@ -953,7 +953,7 @@ static struct drsuapi_DsReplicaAttribute *dsdb_find_object_attr_name(struct dsdb && _a->value_ctr.values[0].blob->length == 4) { \ (p)->elem = IVAL(_a->value_ctr.values[0].blob->data,0);\ } else { \ - (p)->elem = 0; \ + (p)->elem = def_val; \ } \ } while (0) @@ -1011,7 +1011,7 @@ WERROR dsdb_attribute_from_drsuapi(struct ldb_context *ldb, GET_STRING_DS(schema, r, "name", mem_ctx, attr, cn, true); GET_STRING_DS(schema, r, "lDAPDisplayName", mem_ctx, attr, lDAPDisplayName, true); - GET_UINT32_DS(schema, r, "attributeID", attr, attributeID_id); + GET_UINT32_DS(schema, r, "attributeID", attr, attributeID_id, 0xFFFFFFFF); status = dsdb_schema_pfm_oid_from_attid(schema->prefixmap, attr->attributeID_id, mem_ctx, &attr->attributeID_oid); if (!W_ERROR_IS_OK(status)) { @@ -1021,18 +1021,18 @@ WERROR dsdb_attribute_from_drsuapi(struct ldb_context *ldb, return status; } GET_GUID_DS(schema, r, "schemaIDGUID", mem_ctx, attr, schemaIDGUID); - GET_UINT32_DS(schema, r, "mAPIID", attr, mAPIID); + GET_UINT32_DS(schema, r, "mAPIID", attr, mAPIID, 0); GET_GUID_DS(schema, r, "attributeSecurityGUID", mem_ctx, attr, attributeSecurityGUID); attr->objectGUID = r->identifier->guid; - GET_UINT32_DS(schema, r, "searchFlags", attr, searchFlags); - GET_UINT32_DS(schema, r, "systemFlags", attr, systemFlags); + GET_UINT32_DS(schema, r, "searchFlags", attr, searchFlags, 0); + GET_UINT32_DS(schema, r, "systemFlags", attr, systemFlags, 0); GET_BOOL_DS(schema, r, "isMemberOfPartialAttributeSet", attr, isMemberOfPartialAttributeSet, false); - GET_UINT32_DS(schema, r, "linkID", attr, linkID); + GET_UINT32_DS(schema, r, "linkID", attr, linkID, 0); - GET_UINT32_DS(schema, r, "attributeSyntax", attr, attributeSyntax_id); + GET_UINT32_DS(schema, r, "attributeSyntax", attr, attributeSyntax_id, 0xFFFFFFFF); status = dsdb_schema_pfm_oid_from_attid(schema->prefixmap, attr->attributeSyntax_id, mem_ctx, &attr->attributeSyntax_oid); if (!W_ERROR_IS_OK(status)) { @@ -1041,7 +1041,7 @@ WERROR dsdb_attribute_from_drsuapi(struct ldb_context *ldb, win_errstr(status))); return status; } - GET_UINT32_DS(schema, r, "oMSyntax", attr, oMSyntax); + GET_UINT32_DS(schema, r, "oMSyntax", attr, oMSyntax, 0); GET_BLOB_DS(schema, r, "oMObjectClass", mem_ctx, attr, oMObjectClass); GET_BOOL_DS(schema, r, "isSingleValued", attr, isSingleValued, true); @@ -1049,7 +1049,7 @@ WERROR dsdb_attribute_from_drsuapi(struct ldb_context *ldb, GET_UINT32_PTR_DS(schema, r, "rangeUpper", attr, rangeUpper); GET_BOOL_DS(schema, r, "extendedCharsAllowed", attr, extendedCharsAllowed, false); - GET_UINT32_DS(schema, r, "schemaFlagsEx", attr, schemaFlagsEx); + GET_UINT32_DS(schema, r, "schemaFlagsEx", attr, schemaFlagsEx, 0); GET_BLOB_DS(schema, r, "msDs-Schema-Extensions", mem_ctx, attr, msDs_Schema_Extensions); GET_BOOL_DS(schema, r, "showInAdvancedViewOnly", attr, showInAdvancedViewOnly, false); @@ -1084,7 +1084,7 @@ WERROR dsdb_class_from_drsuapi(struct ldb_context *ldb, GET_STRING_DS(schema, r, "name", mem_ctx, obj, cn, true); GET_STRING_DS(schema, r, "lDAPDisplayName", mem_ctx, obj, lDAPDisplayName, true); - GET_UINT32_DS(schema, r, "governsID", obj, governsID_id); + GET_UINT32_DS(schema, r, "governsID", obj, governsID_id, 0xFFFFFFFF); status = dsdb_schema_pfm_oid_from_attid(schema->prefixmap, obj->governsID_id, mem_ctx, &obj->governsID_oid); if (!W_ERROR_IS_OK(status)) { @@ -1097,7 +1097,7 @@ WERROR dsdb_class_from_drsuapi(struct ldb_context *ldb, obj->objectGUID = r->identifier->guid; - GET_UINT32_DS(schema, r, "objectClassCategory", obj, objectClassCategory); + GET_UINT32_DS(schema, r, "objectClassCategory", obj, objectClassCategory, 0); GET_STRING_DS(schema, r, "rDNAttID", mem_ctx, obj, rDNAttID, false); attr = dsdb_find_object_attr_name(schema, r, "defaultObjectCategory", NULL); @@ -1114,7 +1114,7 @@ WERROR dsdb_class_from_drsuapi(struct ldb_context *ldb, } obj->defaultObjectCategory = (char *)blob.data; - GET_UINT32_DS(schema, r, "subClassOf", obj, subClassOf_id); + GET_UINT32_DS(schema, r, "subClassOf", obj, subClassOf_id, 0); GET_UINT32_LIST_DS(schema, r, "systemAuxiliaryClass", mem_ctx, obj, systemAuxiliaryClass_ids); GET_UINT32_LIST_DS(schema, r, "auxiliaryClass", mem_ctx, obj, auxiliaryClass_ids); @@ -1129,7 +1129,7 @@ WERROR dsdb_class_from_drsuapi(struct ldb_context *ldb, GET_STRING_DS(schema, r, "defaultSecurityDescriptor", mem_ctx, obj, defaultSecurityDescriptor, false); - GET_UINT32_DS(schema, r, "schemaFlagsEx", obj, schemaFlagsEx); + GET_UINT32_DS(schema, r, "schemaFlagsEx", obj, schemaFlagsEx, 0); GET_BLOB_DS(schema, r, "msDs-Schema-Extensions", mem_ctx, obj, msDs_Schema_Extensions); GET_BOOL_DS(schema, r, "showInAdvancedViewOnly", obj, showInAdvancedViewOnly, false); -- cgit From a44ae10c77b1eb2276b8c098a245b5b4df4607dd Mon Sep 17 00:00:00 2001 From: Kamen Mazdrashki Date: Thu, 7 Jan 2010 02:46:25 +0200 Subject: s4/dsdb_schema: fetch msDS-IntId value during SCHEMA replication --- source4/dsdb/schema/schema.h | 1 + source4/dsdb/schema/schema_init.c | 4 ++++ 2 files changed, 5 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/schema/schema.h b/source4/dsdb/schema/schema.h index 186f5d5ddb..1a40c45b21 100644 --- a/source4/dsdb/schema/schema.h +++ b/source4/dsdb/schema/schema.h @@ -62,6 +62,7 @@ struct dsdb_attribute { uint32_t attributeID_id; struct GUID schemaIDGUID; uint32_t mAPIID; + uint32_t msDS_IntId; struct GUID attributeSecurityGUID; struct GUID objectGUID; diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 87599a9223..48da80c7f1 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -833,6 +833,7 @@ static const struct { { "mayContain", "1.2.840.113556.1.2.25" }, { "defaultSecurityDescriptor", "1.2.840.113556.1.4.224" }, { "defaultHidingValue", "1.2.840.113556.1.4.518" }, + { "msDS-IntId", "1.2.840.113556.1.4.1716" }, }; static struct drsuapi_DsReplicaAttribute *dsdb_find_object_attr_name(struct dsdb_schema *schema, @@ -1020,6 +1021,9 @@ WERROR dsdb_attribute_from_drsuapi(struct ldb_context *ldb, win_errstr(status))); return status; } + /* fetch msDS-IntId to be used in resolving ATTRTYP values */ + GET_UINT32_DS(schema, r, "msDS-IntId", attr, msDS_IntId, 0); + GET_GUID_DS(schema, r, "schemaIDGUID", mem_ctx, attr, schemaIDGUID); GET_UINT32_DS(schema, r, "mAPIID", attr, mAPIID, 0); -- cgit From 9871f52bd318b492e6e6ebb525789d7dbc6eac65 Mon Sep 17 00:00:00 2001 From: Kamen Mazdrashki Date: Thu, 7 Jan 2010 02:47:25 +0200 Subject: s4/dsdb_schema: use msDS-IntId value for attribute look-up --- source4/dsdb/schema/schema_query.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/schema/schema_query.c b/source4/dsdb/schema/schema_query.c index df17787f38..907c671257 100644 --- a/source4/dsdb/schema/schema_query.c +++ b/source4/dsdb/schema/schema_query.c @@ -55,6 +55,15 @@ const struct dsdb_attribute *dsdb_attribute_by_attributeID_id(const struct dsdb_ */ if (id == 0xFFFFFFFF) return NULL; + /* check for msDS-IntId type attribute */ + if (dsdb_pfm_get_attid_type(id) == dsdb_attid_type_intid) { + for (c = schema->attributes; c; c = c->next) { + if (c->msDS_IntId == id) { + return c; + } + } + } + BINARY_ARRAY_SEARCH_P(schema->attributes_by_attributeID_id, schema->num_attributes, attributeID_id, id, uint32_cmp, c); return c; -- cgit From 73838b353aadd221f011e42c1225bcd5cc07dc9d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 12:19:42 +1100 Subject: s4-libnet: better error messages in libnet_vampire.c --- source4/libnet/libnet_vampire.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/libnet/libnet_vampire.c b/source4/libnet/libnet_vampire.c index fa7e0bf179..37a9d7e72d 100644 --- a/source4/libnet/libnet_vampire.c +++ b/source4/libnet/libnet_vampire.c @@ -720,7 +720,7 @@ NTSTATUS libnet_Vampire(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, printf("mark ROOTDSE with isSynchronized=TRUE\n"); ldb_ret = ldb_modify(s->ldb, msg); if (ldb_ret != LDB_SUCCESS) { - printf("ldb_modify() failed: %d\n", ldb_ret); + printf("ldb_modify() failed: %d : %s\n", ldb_ret, ldb_errstring(s->ldb)); talloc_free(s); return NT_STATUS_INTERNAL_DB_ERROR; } @@ -730,7 +730,7 @@ NTSTATUS libnet_Vampire(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, triggers the writing of the linked attribute backlinks. */ if (ldb_transaction_prepare_commit(s->ldb) != LDB_SUCCESS) { - printf("Failed to prepare_commit vampire transaction\n"); + printf("Failed to prepare_commit vampire transaction: %s\n", ldb_errstring(s->ldb)); return NT_STATUS_INTERNAL_DB_ERROR; } -- cgit From 6247a135c68b592d99a8c1594aebe5ca7e716d7c Mon Sep 17 00:00:00 2001 From: Kamen Mazdrashki Date: Thu, 7 Jan 2010 04:01:14 +0200 Subject: s4/schema: Do not assign msDS-IntId value if LDB_CONTROL_RELAX_OID is passed This way msDS-IntId should not be assigned during provisioning, which is how Windows works --- source4/dsdb/samdb/ldb_modules/schema_data.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/schema_data.c b/source4/dsdb/samdb/ldb_modules/schema_data.c index 2e99113953..8125a46cbb 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_data.c +++ b/source4/dsdb/samdb/ldb_modules/schema_data.c @@ -290,6 +290,11 @@ static int schema_data_add(struct ldb_module *module, struct ldb_request *req) } } + /* bypass further processing if CONTROL_RELAX is set */ + if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID)) { + return ldb_next_request(module, req); + } + /* generate and add msDS-IntId attr value */ if (attributeID && (dsdb_functional_level(ldb) >= DS_DOMAIN_FUNCTION_2003) -- cgit From 25238110dfc0826c2e533a543d1ca44e1f9e058c Mon Sep 17 00:00:00 2001 From: Kamen Mazdrashki Date: Thu, 7 Jan 2010 05:08:49 +0200 Subject: Revert "s4-schema: Set ATTID in schema cache from "msDS-IntId"" This reverts commit 4e8ad284f5813413fdec8426f11e24570d22549b. --- source4/dsdb/schema/schema_init.c | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 48da80c7f1..77e4d3590d 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -558,19 +558,14 @@ WERROR dsdb_attribute_from_ldb(struct ldb_context *ldb, /* set an invalid value */ attr->attributeID_id = 0xFFFFFFFF; } else { - /* check if msDS-IntId element is set */ - attr->attributeID_id = samdb_result_uint(msg, "msDS-IntId", 0xFFFFFFFF); - if (attr->attributeID_id == 0xFFFFFFFF) { - /* msDS-IntId is not set, make */ - status = dsdb_schema_pfm_make_attid(schema->prefixmap, - attr->attributeID_oid, - &attr->attributeID_id); - if (!W_ERROR_IS_OK(status)) { - DEBUG(0,("%s: '%s': unable to map attributeID %s: %s\n", - __location__, attr->lDAPDisplayName, attr->attributeID_oid, - win_errstr(status))); - return status; - } + status = dsdb_schema_pfm_make_attid(schema->prefixmap, + attr->attributeID_oid, + &attr->attributeID_id); + if (!W_ERROR_IS_OK(status)) { + DEBUG(0,("%s: '%s': unable to map attributeID %s: %s\n", + __location__, attr->lDAPDisplayName, attr->attributeID_oid, + win_errstr(status))); + return status; } } GET_GUID_LDB(msg, "schemaIDGUID", attr, schemaIDGUID); -- cgit From 3352e5d7bab3822249bbda685dbf7010ebac2681 Mon Sep 17 00:00:00 2001 From: Kamen Mazdrashki Date: Thu, 7 Jan 2010 06:04:35 +0200 Subject: s4/dsdb_schema: Load msDS-IntId value separately when loading from LDB This way we have consistent behavior when loading from DRSUAPI and from LDB. --- source4/dsdb/schema/schema_init.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 77e4d3590d..99d41069b7 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -568,6 +568,9 @@ WERROR dsdb_attribute_from_ldb(struct ldb_context *ldb, return status; } } + /* fetch msDS-IntId to be used in resolving ATTRTYP values */ + GET_UINT32_LDB(msg, "msDS-IntId", attr, msDS_IntId); + GET_GUID_LDB(msg, "schemaIDGUID", attr, schemaIDGUID); GET_UINT32_LDB(msg, "mAPIID", attr, mAPIID); -- cgit From cd65ce8a18b9ea9a8ce2338bc02c1b3e8ee10225 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 17:27:03 +1100 Subject: s4-schema: make ldb_val to string comparison safer with nul termination Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/schema/schema_query.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/dsdb/schema/schema_query.c b/source4/dsdb/schema/schema_query.c index 907c671257..75d9716070 100644 --- a/source4/dsdb/schema/schema_query.c +++ b/source4/dsdb/schema/schema_query.c @@ -39,7 +39,14 @@ static int strcasecmp_with_ldb_val(const struct ldb_val *target, const char *str { int ret = strncasecmp((const char *)target->data, str, target->length); if (ret == 0) { - return (target->length - strlen(str)); + size_t len = strlen(str); + if (target->length > len) { + if (target->data[len] == 0) { + return 0; + } + return 1; + } + return (target->length - len); } return ret; } -- cgit From f7517e62569b108a79dfba10a6f06ad92c996413 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 17:27:46 +1100 Subject: s4-schema: added dsdb_attribute_by_lDAPDisplayName_ldb_val Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/schema/schema_query.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/schema/schema_query.c b/source4/dsdb/schema/schema_query.c index 75d9716070..4e11e50c17 100644 --- a/source4/dsdb/schema/schema_query.c +++ b/source4/dsdb/schema/schema_query.c @@ -100,6 +100,18 @@ const struct dsdb_attribute *dsdb_attribute_by_lDAPDisplayName(const struct dsdb return c; } +const struct dsdb_attribute *dsdb_attribute_by_lDAPDisplayName_ldb_val(const struct dsdb_schema *schema, + const struct ldb_val *name) +{ + struct dsdb_attribute *a; + + if (!name) return NULL; + + BINARY_ARRAY_SEARCH_P(schema->attributes_by_lDAPDisplayName, + schema->num_attributes, lDAPDisplayName, name, strcasecmp_with_ldb_val, a); + return a; +} + const struct dsdb_attribute *dsdb_attribute_by_linkID(const struct dsdb_schema *schema, int linkID) { -- cgit From f6cf895951f24a28efb1a2859e066f5568e189b1 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 17:29:40 +1100 Subject: s4-schema: added generic attributeID conversion functions When we get one we haven't seen before, we can work out the right type automatically in most cases. Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/schema/schema_syntax.c | 180 +++++++++++++++++++++++------------- 1 file changed, 117 insertions(+), 63 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c index de52b9c628..48c2031024 100644 --- a/source4/dsdb/schema/schema_syntax.c +++ b/source4/dsdb/schema/schema_syntax.c @@ -576,6 +576,57 @@ static WERROR dsdb_syntax_DATA_BLOB_ldb_to_drsuapi(struct ldb_context *ldb, return WERR_OK; } +static WERROR _dsdb_syntax_auto_OID_drsuapi_to_ldb(struct ldb_context *ldb, + const struct dsdb_schema *schema, + const struct dsdb_attribute *attr, + const struct drsuapi_DsReplicaAttribute *in, + TALLOC_CTX *mem_ctx, + struct ldb_message_element *out) +{ + uint32_t i; + + out->flags = 0; + out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName); + W_ERROR_HAVE_NO_MEMORY(out->name); + + out->num_values = in->value_ctr.num_values; + out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values); + W_ERROR_HAVE_NO_MEMORY(out->values); + + for (i=0; i < out->num_values; i++) { + uint32_t v; + const struct dsdb_class *c; + const struct dsdb_attribute *a; + const char *str = NULL; + + if (in->value_ctr.values[i].blob == NULL) { + return WERR_FOOBAR; + } + + if (in->value_ctr.values[i].blob->length != 4) { + return WERR_FOOBAR; + } + + v = IVAL(in->value_ctr.values[i].blob->data, 0); + + if ((c = dsdb_class_by_governsID_id(schema, v))) { + str = talloc_strdup(out->values, c->lDAPDisplayName); + } else if ((a = dsdb_attribute_by_attributeID_id(schema, v))) { + str = talloc_strdup(out->values, a->lDAPDisplayName); + } else { + WERROR werr; + werr = dsdb_schema_pfm_oid_from_attid(schema->prefixmap, v, out->values, &str); + W_ERROR_NOT_OK_RETURN(werr); + } + W_ERROR_HAVE_NO_MEMORY(str); + + /* the values need to be reversed */ + out->values[out->num_values - (i + 1)] = data_blob_string_const(str); + } + + return WERR_OK; +} + static WERROR _dsdb_syntax_OID_obj_drsuapi_to_ldb(struct ldb_context *ldb, const struct dsdb_schema *schema, const struct dsdb_attribute *attr, @@ -711,6 +762,60 @@ static WERROR _dsdb_syntax_OID_oid_drsuapi_to_ldb(struct ldb_context *ldb, return WERR_OK; } +static WERROR _dsdb_syntax_auto_OID_ldb_to_drsuapi(struct ldb_context *ldb, + const struct dsdb_schema *schema, + const struct dsdb_attribute *attr, + const struct ldb_message_element *in, + TALLOC_CTX *mem_ctx, + struct drsuapi_DsReplicaAttribute *out) +{ + uint32_t i; + DATA_BLOB *blobs; + + out->attid= attr->attributeID_id; + out->value_ctr.num_values= in->num_values; + out->value_ctr.values= talloc_array(mem_ctx, + struct drsuapi_DsAttributeValue, + in->num_values); + W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values); + + blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values); + W_ERROR_HAVE_NO_MEMORY(blobs); + + for (i=0; i < in->num_values; i++) { + const struct dsdb_class *obj_class; + const struct dsdb_attribute *obj_attr; + struct ldb_val *v; + + out->value_ctr.values[i].blob= &blobs[i]; + + blobs[i] = data_blob_talloc(blobs, NULL, 4); + W_ERROR_HAVE_NO_MEMORY(blobs[i].data); + + /* in DRS windows puts the classes in the opposite + order to the order used in ldap */ + v = &in->values[(in->num_values-1)-i]; + + if ((obj_class = dsdb_class_by_lDAPDisplayName_ldb_val(schema, v))) { + SIVAL(blobs[i].data, 0, obj_class->governsID_id); + } else if ((obj_attr = dsdb_attribute_by_lDAPDisplayName_ldb_val(schema, v))) { + SIVAL(blobs[i].data, 0, obj_attr->attributeID_id); + } else { + uint32_t attid; + WERROR werr; + werr = dsdb_schema_pfm_make_attid(schema->prefixmap, + (const char *)v->data, + &attid); + W_ERROR_NOT_OK_RETURN(werr); + SIVAL(blobs[i].data, 0, attid); + } + + } + + + return WERR_OK; +} + static WERROR _dsdb_syntax_OID_obj_ldb_to_drsuapi(struct ldb_context *ldb, const struct dsdb_schema *schema, const struct dsdb_attribute *attr, @@ -839,18 +944,19 @@ static WERROR dsdb_syntax_OID_drsuapi_to_ldb(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_message_element *out) { - uint32_t i; - switch (attr->attributeID_id) { case DRSUAPI_ATTRIBUTE_objectClass: case DRSUAPI_ATTRIBUTE_subClassOf: case DRSUAPI_ATTRIBUTE_auxiliaryClass: + case DRSUAPI_ATTRIBUTE_systemAuxiliaryClass: case DRSUAPI_ATTRIBUTE_systemPossSuperiors: case DRSUAPI_ATTRIBUTE_possSuperiors: return _dsdb_syntax_OID_obj_drsuapi_to_ldb(ldb, schema, attr, in, mem_ctx, out); case DRSUAPI_ATTRIBUTE_systemMustContain: case DRSUAPI_ATTRIBUTE_systemMayContain: case DRSUAPI_ATTRIBUTE_mustContain: + case DRSUAPI_ATTRIBUTE_rDNAttId: + case DRSUAPI_ATTRIBUTE_transportAddressAttribute: case DRSUAPI_ATTRIBUTE_mayContain: return _dsdb_syntax_OID_attr_drsuapi_to_ldb(ldb, schema, attr, in, mem_ctx, out); case DRSUAPI_ATTRIBUTE_governsID: @@ -859,41 +965,9 @@ static WERROR dsdb_syntax_OID_drsuapi_to_ldb(struct ldb_context *ldb, return _dsdb_syntax_OID_oid_drsuapi_to_ldb(ldb, schema, attr, in, mem_ctx, out); } - out->flags = 0; - out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName); - W_ERROR_HAVE_NO_MEMORY(out->name); - - out->num_values = in->value_ctr.num_values; - out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values); - W_ERROR_HAVE_NO_MEMORY(out->values); - - for (i=0; i < out->num_values; i++) { - uint32_t v; - const char *name; - char *str; - - if (in->value_ctr.values[i].blob == NULL) { - return WERR_FOOBAR; - } - - if (in->value_ctr.values[i].blob->length != 4) { - return WERR_FOOBAR; - } - - v = IVAL(in->value_ctr.values[i].blob->data, 0); - - name = dsdb_lDAPDisplayName_by_id(schema, v); - if (!name) { - return WERR_FOOBAR; - } - - str = talloc_strdup(out->values, name); - W_ERROR_HAVE_NO_MEMORY(str); - - out->values[i] = data_blob_string_const(str); - } - - return WERR_OK; + DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n", + attr->lDAPDisplayName)); + return _dsdb_syntax_auto_OID_drsuapi_to_ldb(ldb, schema, attr, in, mem_ctx, out); } static WERROR dsdb_syntax_OID_ldb_to_drsuapi(struct ldb_context *ldb, @@ -903,9 +977,6 @@ static WERROR dsdb_syntax_OID_ldb_to_drsuapi(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct drsuapi_DsReplicaAttribute *out) { - uint32_t i; - DATA_BLOB *blobs; - if (attr->attributeID_id == 0xFFFFFFFF) { return WERR_FOOBAR; } @@ -914,12 +985,15 @@ static WERROR dsdb_syntax_OID_ldb_to_drsuapi(struct ldb_context *ldb, case DRSUAPI_ATTRIBUTE_objectClass: case DRSUAPI_ATTRIBUTE_subClassOf: case DRSUAPI_ATTRIBUTE_auxiliaryClass: + case DRSUAPI_ATTRIBUTE_systemAuxiliaryClass: case DRSUAPI_ATTRIBUTE_systemPossSuperiors: case DRSUAPI_ATTRIBUTE_possSuperiors: return _dsdb_syntax_OID_obj_ldb_to_drsuapi(ldb, schema, attr, in, mem_ctx, out); case DRSUAPI_ATTRIBUTE_systemMustContain: case DRSUAPI_ATTRIBUTE_systemMayContain: case DRSUAPI_ATTRIBUTE_mustContain: + case DRSUAPI_ATTRIBUTE_rDNAttId: + case DRSUAPI_ATTRIBUTE_transportAddressAttribute: case DRSUAPI_ATTRIBUTE_mayContain: return _dsdb_syntax_OID_attr_ldb_to_drsuapi(ldb, schema, attr, in, mem_ctx, out); case DRSUAPI_ATTRIBUTE_governsID: @@ -928,30 +1002,10 @@ static WERROR dsdb_syntax_OID_ldb_to_drsuapi(struct ldb_context *ldb, return _dsdb_syntax_OID_oid_ldb_to_drsuapi(ldb, schema, attr, in, mem_ctx, out); } - out->attid = attr->attributeID_id; - out->value_ctr.num_values = in->num_values; - out->value_ctr.values = talloc_array(mem_ctx, - struct drsuapi_DsAttributeValue, - in->num_values); - W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values); - - blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values); - W_ERROR_HAVE_NO_MEMORY(blobs); + DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n", + attr->lDAPDisplayName)); - for (i=0; i < in->num_values; i++) { - uint32_t v; - - out->value_ctr.values[i].blob = &blobs[i]; - - blobs[i] = data_blob_talloc(blobs, NULL, 4); - W_ERROR_HAVE_NO_MEMORY(blobs[i].data); - - v = strtol((const char *)in->values[i].data, NULL, 10); - - SIVAL(blobs[i].data, 0, v); - } - - return WERR_OK; + return _dsdb_syntax_auto_OID_ldb_to_drsuapi(ldb, schema, attr, in, mem_ctx, out); } static WERROR dsdb_syntax_UNICODE_drsuapi_to_ldb(struct ldb_context *ldb, -- cgit From a7fffe8da0464b25d587e5148207e1a67b930505 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 17:31:23 +1100 Subject: s4-provision: do a self join for all server types We need a machine account so the RID allocation code can work. It seems better to use the same code paths for a domain controller and standalone server to avoid testing headaches with little used code. --- source4/scripting/python/samba/provision.py | 39 +++++++++++++---------------- 1 file changed, 17 insertions(+), 22 deletions(-) (limited to 'source4') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 0d50789b77..a71b561a86 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -893,10 +893,7 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, samdb.set_opaque_integer("domainControllerFunctionality", domainControllerFunctionality) samdb.set_domain_sid(str(domainsid)) - if serverrole == "domain controller": - samdb.set_invocation_id(invocationid) - # NOTE: the invocationid for standalone and member server - # cases is setup in the sambd_dsdb module init function + samdb.set_invocation_id(invocationid) message("Adding DomainDN: %s" % names.domaindn) @@ -952,8 +949,7 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, credentials=provision_backend.credentials, lp=lp) samdb.connect(path) samdb.transaction_start() - if serverrole == "domain controller": - samdb.set_invocation_id(invocationid) + samdb.set_invocation_id(invocationid) message("Setting up sam.ldb configuration data") setup_add_ldif(samdb, setup_path("provision_configuration.ldif"), { @@ -1013,21 +1009,20 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, "KRBTGTPASS_B64": b64encode(krbtgtpass), }) - if serverrole == "domain controller": - message("Setting up self join") - setup_self_join(samdb, names=names, invocationid=invocationid, - dnspass=dnspass, - machinepass=machinepass, - domainsid=domainsid, policyguid=policyguid, - policyguid_dc=policyguid_dc, - setup_path=setup_path, - domainControllerFunctionality=domainControllerFunctionality, - ntdsguid=ntdsguid) - - ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn) - names.ntdsguid = samdb.searchone(basedn=ntds_dn, - attribute="objectGUID", expression="", scope=SCOPE_BASE) - assert isinstance(names.ntdsguid, str) + message("Setting up self join") + setup_self_join(samdb, names=names, invocationid=invocationid, + dnspass=dnspass, + machinepass=machinepass, + domainsid=domainsid, policyguid=policyguid, + policyguid_dc=policyguid_dc, + setup_path=setup_path, + domainControllerFunctionality=domainControllerFunctionality, + ntdsguid=ntdsguid) + + ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn) + names.ntdsguid = samdb.searchone(basedn=ntds_dn, + attribute="objectGUID", expression="", scope=SCOPE_BASE) + assert isinstance(names.ntdsguid, str) except: samdb.transaction_cancel() @@ -1146,7 +1141,7 @@ def provision(setup_dir, message, session_info, serverrole = lp.get("server role") assert serverrole in ("domain controller", "member server", "standalone") - if invocationid is None and serverrole == "domain controller": + if invocationid is None: invocationid = str(uuid.uuid4()) if not os.path.exists(paths.private_dir): -- cgit From 5f36f0352e92243aa9f801d69ddc4c4152dfecbc Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 17:32:13 +1100 Subject: s4-dsdb: no longer need special invocationID handling for standalone servers They now work the same way as a DC --- source4/dsdb/samdb/ldb_modules/samba_dsdb.c | 77 +---------------------------- 1 file changed, 1 insertion(+), 76 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c index a461a94806..44526128f1 100644 --- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c +++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c @@ -138,53 +138,6 @@ static int prepare_modules_line(struct ldb_context *ldb, -/* - initialise the invocationID for a standalone server - */ -static int initialise_invocation_id(struct ldb_module *module, struct GUID *guid) -{ - struct ldb_message *msg; - struct ldb_context *ldb = ldb_module_get_ctx(module); - int ret; - - *guid = GUID_random(); - - msg = ldb_msg_new(module); - if (msg == NULL) { - ldb_module_oom(module); - return LDB_ERR_OPERATIONS_ERROR; - } - msg->dn = ldb_dn_new(msg, ldb, "@SAMBA_DSDB"); - if (!msg->dn) { - ldb_module_oom(module); - talloc_free(msg); - return LDB_ERR_OPERATIONS_ERROR; - } - ret = dsdb_msg_add_guid(msg, guid, "invocationID"); - if (ret != LDB_SUCCESS) { - ldb_module_oom(module); - talloc_free(msg); - return ret; - } - msg->elements[0].flags = LDB_FLAG_MOD_ADD; - - ret = ldb_modify(ldb, msg); - if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(ldb, "Failed to setup standalone invocationID - %s", - ldb_errstring(ldb)); - talloc_free(msg); - return ret; - } - - DEBUG(1,("Initialised standalone invocationID to %s\n", - GUID_string(msg, guid))); - - talloc_free(msg); - - return LDB_SUCCESS; -} - - static int samba_dsdb_init(struct ldb_module *module) { struct ldb_context *ldb = ldb_module_get_ctx(module); @@ -258,7 +211,7 @@ static int samba_dsdb_init(struct ldb_module *module) static const char *openldap_backend_modules[] = { "entryuuid", "paged_searches", NULL }; - static const char *samba_dsdb_attrs[] = { "backendType", "serverRole", "invocationID", NULL }; + static const char *samba_dsdb_attrs[] = { "backendType", "serverRole", NULL }; const char *backendType, *serverRole; if (!tmp_ctx) { @@ -293,34 +246,6 @@ static int samba_dsdb_init(struct ldb_module *module) return ret; } - if (strcmp(serverRole, "standalone") == 0 || - strcmp(serverRole, "member server") == 0) { - struct GUID *guid; - - guid = talloc(module, struct GUID); - if (!guid) { - ldb_module_oom(module); - return LDB_ERR_OPERATIONS_ERROR; - } - - *guid = samdb_result_guid(res->msgs[0], "invocationID"); - if (GUID_all_zero(guid)) { - ret = initialise_invocation_id(module, guid); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return ret; - } - } - - /* cache the domain_sid in the ldb. See the matching - * code in samdb_ntds_invocation_id() */ - ret = ldb_set_opaque(ldb, "cache.invocation_id", guid); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return ret; - } - } - backend_modules = NULL; if (strcasecmp(backendType, "ldb") == 0) { extended_dn_module = extended_dn_module_ldb; -- cgit From 308a4798b8b6acc7f74ce678a7c04f536a3e4737 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 18:15:34 +1100 Subject: s4-dsdb: added DSDB_FLAG_TOP_MODULE This is used when you want the dsdb_module_*() functions to go to the top of the stack. --- source4/dsdb/samdb/ldb_modules/util.c | 8 ++++++++ source4/dsdb/samdb/ldb_modules/util.h | 1 + 2 files changed, 9 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c index 12972eb185..b4f81978d3 100644 --- a/source4/dsdb/samdb/ldb_modules/util.c +++ b/source4/dsdb/samdb/ldb_modules/util.c @@ -214,6 +214,8 @@ int dsdb_module_search(struct ldb_module *module, if (dsdb_flags & DSDB_FLAG_OWN_MODULE) { const struct ldb_module_ops *ops = ldb_module_get_ops(module); ret = ops->search(module, req); + } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) { + ret = ldb_request(ldb_module_get_ctx(module), req); } else { ret = ldb_next_request(module, req); } @@ -332,6 +334,8 @@ int dsdb_module_modify(struct ldb_module *module, if (dsdb_flags & DSDB_FLAG_OWN_MODULE) { const struct ldb_module_ops *ops = ldb_module_get_ops(module); ret = ops->modify(module, mod_req); + } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) { + ret = ldb_request(ldb_module_get_ctx(module), mod_req); } else { ret = ldb_next_request(module, mod_req); } @@ -380,6 +384,8 @@ int dsdb_module_rename(struct ldb_module *module, if (dsdb_flags & DSDB_FLAG_OWN_MODULE) { const struct ldb_module_ops *ops = ldb_module_get_ops(module); ret = ops->rename(module, req); + } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) { + ret = ldb_request(ldb_module_get_ctx(module), req); } else { ret = ldb_next_request(module, req); } @@ -425,6 +431,8 @@ int dsdb_module_add(struct ldb_module *module, if (dsdb_flags & DSDB_FLAG_OWN_MODULE) { const struct ldb_module_ops *ops = ldb_module_get_ops(module); ret = ops->add(module, req); + } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) { + ret = ldb_request(ldb_module_get_ctx(module), req); } else { ret = ldb_next_request(module, req); } diff --git a/source4/dsdb/samdb/ldb_modules/util.h b/source4/dsdb/samdb/ldb_modules/util.h index add39e110a..608d2c26cb 100644 --- a/source4/dsdb/samdb/ldb_modules/util.h +++ b/source4/dsdb/samdb/ldb_modules/util.h @@ -32,3 +32,4 @@ struct dsdb_attribute; #define DSDB_SEARCH_SHOW_EXTENDED_DN 0x0010 #define DSDB_MODIFY_RELAX 0x0020 #define DSDB_FLAG_OWN_MODULE 0x0040 +#define DSDB_FLAG_TOP_MODULE 0x0080 -- cgit From a65823e33c8fab39ea6dde752662c527bcbf818b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 18:16:14 +1100 Subject: s4-dsdb: ensure we will in all the attributes for RID Set We need to go to the top of the module stack so that all the extra attributes get filled in --- source4/dsdb/samdb/ldb_modules/ridalloc.c | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/ridalloc.c b/source4/dsdb/samdb/ldb_modules/ridalloc.c index 2d0753f393..07b3739f8e 100644 --- a/source4/dsdb/samdb/ldb_modules/ridalloc.c +++ b/source4/dsdb/samdb/ldb_modules/ridalloc.c @@ -175,26 +175,11 @@ static int ridalloc_create_rid_set_ntds(struct ldb_module *module, TALLOC_CTX *m msg = ldb_msg_new(tmp_ctx); msg->dn = rid_set_dn; - ret = ldb_msg_add_string(msg, "objectClass", "top"); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return ret; - } ret = ldb_msg_add_string(msg, "objectClass", "rIDSet"); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); return ret; } - ret = ldb_msg_add_string(msg, "cn", "RID Set"); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return ret; - } - ret = ldb_msg_add_string(msg, "name", "RID Set"); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return ret; - } ret = ldb_msg_add_fmt(msg, "rIDAllocationPool", "%llu", (unsigned long long)dc_pool); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); @@ -218,7 +203,10 @@ static int ridalloc_create_rid_set_ntds(struct ldb_module *module, TALLOC_CTX *m return ret; } - ret = dsdb_module_add(module, msg, 0); + /* we need this to go all the way to the top of the module + * stack, as we need all the extra attributes added (including + * complex ones like ntsecuritydescriptor) */ + ret = dsdb_module_add(module, msg, DSDB_FLAG_TOP_MODULE | DSDB_MODIFY_RELAX); if (ret != LDB_SUCCESS) { ldb_asprintf_errstring(ldb, "Failed to add RID Set %s - %s", ldb_dn_get_linearized(msg->dn), -- cgit From 2d10f3a84197a20fa7a6ff8305a69ac57ddd44e3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 18:38:16 +1100 Subject: s4-dsdb: poke the RID Manager when completely out of RIDs too --- source4/dsdb/samdb/ldb_modules/ridalloc.c | 79 ++++++++++++++++--------------- 1 file changed, 41 insertions(+), 38 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/ridalloc.c b/source4/dsdb/samdb/ldb_modules/ridalloc.c index 07b3739f8e..a64062fcdc 100644 --- a/source4/dsdb/samdb/ldb_modules/ridalloc.c +++ b/source4/dsdb/samdb/ldb_modules/ridalloc.c @@ -55,6 +55,45 @@ */ +/* + make a IRPC call to the drepl task to ask it to get the RID + Manager to give us another RID pool. + + This function just sends the message to the drepl task then + returns immediately. It should be called well before we + completely run out of RIDs + */ +static void ridalloc_poke_rid_manager(struct ldb_module *module) +{ + struct messaging_context *msg; + struct server_id *server; + struct ldb_context *ldb = ldb_module_get_ctx(module); + struct loadparm_context *lp_ctx = ldb_get_opaque(ldb, "loadparm"); + TALLOC_CTX *tmp_ctx = talloc_new(module); + + msg = messaging_client_init(tmp_ctx, lp_messaging_path(tmp_ctx, lp_ctx), + lp_iconv_convenience(lp_ctx), + ldb_get_event_context(ldb)); + if (!msg) { + DEBUG(3,(__location__ ": Failed to create messaging context\n")); + talloc_free(tmp_ctx); + return; + } + + server = irpc_servers_byname(msg, msg, "dreplsrv"); + if (!server) { + /* this means the drepl service is not running */ + talloc_free(tmp_ctx); + return; + } + + messaging_send(msg, server[0], MSG_DREPL_ALLOCATE_RID, NULL); + + /* we don't care if the message got through */ + talloc_free(tmp_ctx); +} + + /* allocate a new range of RIDs in the RID Manager object */ @@ -272,6 +311,7 @@ static int ridalloc_create_own_rid_set(struct ldb_module *module, TALLOC_CTX *me } if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), fsmo_role_dn) != 0) { + ridalloc_poke_rid_manager(module); ldb_asprintf_errstring(ldb, "Remote RID Set allocation needs refresh"); talloc_free(tmp_ctx); return LDB_ERR_UNWILLING_TO_PERFORM; @@ -338,44 +378,6 @@ static int ridalloc_refresh_rid_set_ntds(struct ldb_module *module, } -/* - make a IRPC call to the drepl task to ask it to get the RID - Manager to give us another RID pool. - - This function just sends the message to the drepl task then - returns immediately. It should be called well before we - completely run out of RIDs - */ -static void ridalloc_poke_rid_manager(struct ldb_module *module) -{ - struct messaging_context *msg; - struct server_id *server; - struct ldb_context *ldb = ldb_module_get_ctx(module); - struct loadparm_context *lp_ctx = ldb_get_opaque(ldb, "loadparm"); - TALLOC_CTX *tmp_ctx = talloc_new(module); - - msg = messaging_client_init(tmp_ctx, lp_messaging_path(tmp_ctx, lp_ctx), - lp_iconv_convenience(lp_ctx), - ldb_get_event_context(ldb)); - if (!msg) { - DEBUG(3,(__location__ ": Failed to create messaging context\n")); - talloc_free(tmp_ctx); - return; - } - - server = irpc_servers_byname(msg, msg, "dreplsrv"); - if (!server) { - /* this means the drepl service is not running */ - talloc_free(tmp_ctx); - return; - } - - messaging_send(msg, server[0], MSG_DREPL_ALLOCATE_RID, NULL); - - /* we don't care if the message got through */ - talloc_free(tmp_ctx); -} - /* get a new RID pool for ourselves also returns the first rid for the new pool @@ -406,6 +408,7 @@ static int ridalloc_refresh_own_pool(struct ldb_module *module, uint64_t *new_po } if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), fsmo_role_dn) != 0) { + ridalloc_poke_rid_manager(module); ldb_asprintf_errstring(ldb, "Remote RID Set allocation needs refresh"); talloc_free(tmp_ctx); return LDB_ERR_UNWILLING_TO_PERFORM; -- cgit From 58032533620dc89dd093f55dabe003ec743f8dff Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 18:38:39 +1100 Subject: s4-drs: we need to wrap extended operations in transactions --- source4/rpc_server/drsuapi/getncchanges.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) (limited to 'source4') diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index 64588f3a5d..b9ba6473a5 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -588,16 +588,16 @@ static WERROR getncchanges_rid_alloc(struct drsuapi_bind_state *b_state, /* work out who is the RID Manager */ ret = samdb_rid_manager_dn(ldb, mem_ctx, &rid_manager_dn); if (ret != LDB_SUCCESS) { - DEBUG(0, (__location__ ": Failed to find RID Manager object - %s", ldb_errstring(ldb))); + DEBUG(0, (__location__ ": Failed to find RID Manager object - %s\n", ldb_errstring(ldb))); return WERR_DS_DRA_INTERNAL_ERROR; } req_dn = ldb_dn_new(ldb, mem_ctx, req8->naming_context->dn); if (!req_dn || !ldb_dn_validate(req_dn) || - ldb_dn_compare(samdb_ntds_settings_dn(ldb), rid_manager_dn) != 0) { + ldb_dn_compare(req_dn, rid_manager_dn) != 0) { /* that isn't the RID Manager DN */ - DEBUG(0,(__location__ ": RID Alloc request for wrong DN %s", + DEBUG(0,(__location__ ": RID Alloc request for wrong DN %s\n", req8->naming_context->dn)); ctr6->extended_ret = DRSUAPI_EXOP_ERR_MISMATCH; return WERR_OK; @@ -606,14 +606,14 @@ static WERROR getncchanges_rid_alloc(struct drsuapi_bind_state *b_state, /* find the DN of the RID Manager */ ret = samdb_reference_dn(ldb, mem_ctx, rid_manager_dn, "fSMORoleOwner", &fsmo_role_dn); if (ret != LDB_SUCCESS) { - DEBUG(0,(__location__ ": Failed to find fSMORoleOwner in RID Manager object - %s", + DEBUG(0,(__location__ ": Failed to find fSMORoleOwner in RID Manager object - %s\n", ldb_errstring(ldb))); return WERR_DS_DRA_INTERNAL_ERROR; } if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), fsmo_role_dn) != 0) { /* we're not the RID Manager - go away */ - DEBUG(0,(__location__ ": RID Alloc request when not RID Manager")); + DEBUG(0,(__location__ ": RID Alloc request when not RID Manager\n")); ctr6->extended_ret = DRSUAPI_EXOP_ERR_FSMO_NOT_OWNER; return WERR_OK; } @@ -624,12 +624,28 @@ static WERROR getncchanges_rid_alloc(struct drsuapi_bind_state *b_state, exop->fsmo_info = req8->fsmo_info; exop->destination_dsa_guid = req8->destination_dsa_guid; + ret = ldb_transaction_start(ldb); + if (ret != LDB_SUCCESS) { + DEBUG(0,(__location__ ": Failed transaction start - %s\n", + ldb_errstring(ldb))); + return WERR_DS_DRA_INTERNAL_ERROR; + } + ret = ldb_extended(ldb, DSDB_EXTENDED_ALLOCATE_RID_POOL, exop, &ext_res); if (ret != LDB_SUCCESS) { DEBUG(0,(__location__ ": Failed extended allocation RID pool operation - %s\n", ldb_errstring(ldb))); + ldb_transaction_cancel(ldb); return WERR_DS_DRA_INTERNAL_ERROR; } + + ret = ldb_transaction_commit(ldb); + if (ret != LDB_SUCCESS) { + DEBUG(0,(__location__ ": Failed transaction commit - %s\n", + ldb_errstring(ldb))); + return WERR_DS_DRA_INTERNAL_ERROR; + } + talloc_free(ext_res); base_dn = samdb_base_dn(ldb); -- cgit From 278d2f75baaaab1bb30910f0fd332731b4292a06 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 19:12:45 +1100 Subject: s4-smbd: setup the default event contexts for other process models --- source4/smbd/process_prefork.c | 8 +++++++- source4/smbd/process_standard.c | 6 ++++++ 2 files changed, 13 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/smbd/process_prefork.c b/source4/smbd/process_prefork.c index f890a528d5..721856bb46 100644 --- a/source4/smbd/process_prefork.c +++ b/source4/smbd/process_prefork.c @@ -114,6 +114,9 @@ static void prefork_new_task(struct tevent_context *ev, /* This is now the child code. We need a completely new event_context to work with */ ev2 = s4_event_context_init(NULL); + /* setup this as the default context */ + s4_event_context_set_default(ev2); + /* the service has given us a private pointer that encapsulates the context it needs for this new connection - everything else will be freed */ @@ -171,7 +174,10 @@ static void prefork_new_task(struct tevent_context *ev, /* But we need a events system to handle reaping children */ ev_parent = s4_event_context_init(NULL); - + + /* setup this as the default context */ + s4_event_context_set_default(ev_parent); + /* TODO: Handle some events... */ /* we can't return to the top level here, as that event context is gone, diff --git a/source4/smbd/process_standard.c b/source4/smbd/process_standard.c index ab5ad5760c..145cbc0a2b 100644 --- a/source4/smbd/process_standard.c +++ b/source4/smbd/process_standard.c @@ -108,6 +108,9 @@ static void standard_accept_connection(struct tevent_context *ev, /* This is now the child code. We need a completely new event_context to work with */ ev2 = s4_event_context_init(NULL); + /* setup this as the default context */ + s4_event_context_set_default(ev2); + /* the service has given us a private pointer that encapsulates the context it needs for this new connection - everything else will be freed */ @@ -179,6 +182,9 @@ static void standard_new_task(struct tevent_context *ev, /* This is now the child code. We need a completely new event_context to work with */ ev2 = s4_event_context_init(NULL); + /* setup this as the default context */ + s4_event_context_set_default(ev2); + /* the service has given us a private pointer that encapsulates the context it needs for this new connection - everything else will be freed */ -- cgit From 501dd4a3b51635fd215d6e397b64f264911c7250 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 30 Dec 2009 17:11:51 +0100 Subject: s4:dsdb/repl: convert dreplsrv_op_pull_source_send/recv to tevent_req metze Signed-off-by: Andrew Tridgell --- source4/dsdb/repl/drepl_out_helpers.c | 322 +++++++++++++++++++--------------- source4/dsdb/repl/drepl_out_pull.c | 33 ++-- source4/dsdb/repl/drepl_service.h | 2 - 3 files changed, 199 insertions(+), 158 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c index 4aa0e86b48..5666a660ad 100644 --- a/source4/dsdb/repl/drepl_out_helpers.c +++ b/source4/dsdb/repl/drepl_out_helpers.c @@ -202,81 +202,83 @@ NTSTATUS dreplsrv_out_drsuapi_recv(struct tevent_req *req) } struct dreplsrv_op_pull_source_state { - struct composite_context *creq; - struct dreplsrv_out_operation *op; - - struct dreplsrv_drsuapi_connection *drsuapi; - - bool have_all; - - uint32_t ctr_level; - struct drsuapi_DsGetNCChangesCtr1 *ctr1; - struct drsuapi_DsGetNCChangesCtr6 *ctr6; }; static void dreplsrv_op_pull_source_connect_done(struct tevent_req *subreq); -struct composite_context *dreplsrv_op_pull_source_send(struct dreplsrv_out_operation *op) +struct tevent_req *dreplsrv_op_pull_source_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct dreplsrv_out_operation *op) { - struct composite_context *c; - struct dreplsrv_op_pull_source_state *st; + struct tevent_req *req; + struct dreplsrv_op_pull_source_state *state; struct tevent_req *subreq; - c = composite_create(op, op->service->task->event_ctx); - if (c == NULL) return NULL; - - st = talloc_zero(c, struct dreplsrv_op_pull_source_state); - if (composite_nomem(st, c)) return c; + req = tevent_req_create(mem_ctx, &state, + struct dreplsrv_op_pull_source_state); + if (req == NULL) { + return NULL; + } - st->creq = c; - st->op = op; + state->op = op; - subreq = dreplsrv_out_drsuapi_send(st, - op->service->task->event_ctx, - op->source_dsa->conn); - if (composite_nomem(subreq, c)) return c; - tevent_req_set_callback(subreq, dreplsrv_op_pull_source_connect_done, st); + subreq = dreplsrv_out_drsuapi_send(state, ev, op->source_dsa->conn); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, dreplsrv_op_pull_source_connect_done, req); - return c; + return req; } -static void dreplsrv_op_pull_source_get_changes_send(struct dreplsrv_op_pull_source_state *st); +static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req); static void dreplsrv_op_pull_source_connect_done(struct tevent_req *subreq) { - struct dreplsrv_op_pull_source_state *st = tevent_req_callback_data(subreq, - struct dreplsrv_op_pull_source_state); - struct composite_context *c = st->creq; + struct tevent_req *req = tevent_req_callback_data(subreq, + struct tevent_req); + NTSTATUS status; - c->status = dreplsrv_out_drsuapi_recv(subreq); + status = dreplsrv_out_drsuapi_recv(subreq); TALLOC_FREE(subreq); - if (!composite_is_ok(c)) return; + if (tevent_req_nterror(req, status)) { + return; + } - dreplsrv_op_pull_source_get_changes_send(st); + dreplsrv_op_pull_source_get_changes_trigger(req); } -static void dreplsrv_op_pull_source_get_changes_recv(struct rpc_request *req); +static void dreplsrv_op_pull_source_get_changes_done(struct rpc_request *rreq); -static void dreplsrv_op_pull_source_get_changes_send(struct dreplsrv_op_pull_source_state *st) +static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req) { - struct composite_context *c = st->creq; - struct repsFromTo1 *rf1 = st->op->source_dsa->repsFrom1; - struct dreplsrv_service *service = st->op->service; - struct dreplsrv_partition *partition = st->op->source_dsa->partition; - struct dreplsrv_drsuapi_connection *drsuapi = st->op->source_dsa->conn->drsuapi; - struct rpc_request *req; + struct dreplsrv_op_pull_source_state *state = tevent_req_data(req, + struct dreplsrv_op_pull_source_state); + struct repsFromTo1 *rf1 = state->op->source_dsa->repsFrom1; + struct dreplsrv_service *service = state->op->service; + struct dreplsrv_partition *partition = state->op->source_dsa->partition; + struct dreplsrv_drsuapi_connection *drsuapi = state->op->source_dsa->conn->drsuapi; + struct rpc_request *rreq; struct drsuapi_DsGetNCChanges *r; - r = talloc(st, struct drsuapi_DsGetNCChanges); - if (composite_nomem(r, c)) return; + r = talloc(state, struct drsuapi_DsGetNCChanges); + if (tevent_req_nomem(r, req)) { + return; + } r->out.level_out = talloc(r, int32_t); - if (composite_nomem(r->out.level_out, c)) return; + if (tevent_req_nomem(r->out.level_out, req)) { + return; + } r->in.req = talloc(r, union drsuapi_DsGetNCChangesRequest); - if (composite_nomem(r->in.req, c)) return; + if (tevent_req_nomem(r->in.req, req)) { + return; + } r->out.ctr = talloc(r, union drsuapi_DsGetNCChangesCtr); - if (composite_nomem(r->out.ctr, c)) return; + if (tevent_req_nomem(r->out.ctr, req)) { + return; + } r->in.bind_handle = &drsuapi->bind_handle; if (drsuapi->remote_info28.supported_extensions & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8) { @@ -289,8 +291,8 @@ static void dreplsrv_op_pull_source_get_changes_send(struct dreplsrv_op_pull_sou r->in.req->req8.replica_flags = rf1->replica_flags; r->in.req->req8.max_object_count = 133; r->in.req->req8.max_ndr_size = 1336811; - r->in.req->req8.extended_op = st->op->extended_op; - r->in.req->req8.fsmo_info = st->op->fsmo_info; + r->in.req->req8.extended_op = state->op->extended_op; + r->in.req->req8.fsmo_info = state->op->fsmo_info; r->in.req->req8.partial_attribute_set = NULL; r->in.req->req8.partial_attribute_set_ex= NULL; r->in.req->req8.mapping_ctr.num_mappings= 0; @@ -305,36 +307,42 @@ static void dreplsrv_op_pull_source_get_changes_send(struct dreplsrv_op_pull_sou r->in.req->req5.replica_flags = rf1->replica_flags; r->in.req->req5.max_object_count = 133; r->in.req->req5.max_ndr_size = 1336770; - r->in.req->req5.extended_op = st->op->extended_op; - r->in.req->req5.fsmo_info = st->op->fsmo_info; + r->in.req->req5.extended_op = state->op->extended_op; + r->in.req->req5.fsmo_info = state->op->fsmo_info; } - req = dcerpc_drsuapi_DsGetNCChanges_send(drsuapi->pipe, r, r); - composite_continue_rpc(c, req, dreplsrv_op_pull_source_get_changes_recv, st); + rreq = dcerpc_drsuapi_DsGetNCChanges_send(drsuapi->pipe, r, r); + if (tevent_req_nomem(rreq, req)) { + return; + } + composite_continue_rpc(NULL, rreq, dreplsrv_op_pull_source_get_changes_done, req); } -static void dreplsrv_op_pull_source_apply_changes_send(struct dreplsrv_op_pull_source_state *st, - struct drsuapi_DsGetNCChanges *r, - uint32_t ctr_level, - struct drsuapi_DsGetNCChangesCtr1 *ctr1, - struct drsuapi_DsGetNCChangesCtr6 *ctr6); +static void dreplsrv_op_pull_source_apply_changes_trigger(struct tevent_req *req, + struct drsuapi_DsGetNCChanges *r, + uint32_t ctr_level, + struct drsuapi_DsGetNCChangesCtr1 *ctr1, + struct drsuapi_DsGetNCChangesCtr6 *ctr6); -static void dreplsrv_op_pull_source_get_changes_recv(struct rpc_request *req) +static void dreplsrv_op_pull_source_get_changes_done(struct rpc_request *rreq) { - struct dreplsrv_op_pull_source_state *st = talloc_get_type(req->async.private_data, - struct dreplsrv_op_pull_source_state); - struct composite_context *c = st->creq; - struct drsuapi_DsGetNCChanges *r = talloc_get_type(req->ndr.struct_ptr, + struct tevent_req *req = talloc_get_type(rreq->async.private_data, + struct tevent_req); + NTSTATUS status; + struct drsuapi_DsGetNCChanges *r = talloc_get_type(rreq->ndr.struct_ptr, struct drsuapi_DsGetNCChanges); uint32_t ctr_level = 0; struct drsuapi_DsGetNCChangesCtr1 *ctr1 = NULL; struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL; - c->status = dcerpc_ndr_request_recv(req); - if (!composite_is_ok(c)) return; + status = dcerpc_ndr_request_recv(rreq); + if (tevent_req_nterror(req, status)) { + return; + } if (!W_ERROR_IS_OK(r->out.result)) { - composite_error(c, werror_to_ntstatus(r->out.result)); + status = werror_to_ntstatus(r->out.result); + tevent_req_nterror(req, status); return; } @@ -361,38 +369,42 @@ static void dreplsrv_op_pull_source_get_changes_recv(struct rpc_request *req) ctr_level = 6; ctr6 = &r->out.ctr->ctr7.ctr.xpress6.ts->ctr6; } else { - composite_error(c, werror_to_ntstatus(WERR_BAD_NET_RESP)); + status = werror_to_ntstatus(WERR_BAD_NET_RESP); + tevent_req_nterror(req, status); return; } if (!ctr1 && !ctr6) { - composite_error(c, werror_to_ntstatus(WERR_BAD_NET_RESP)); + status = werror_to_ntstatus(WERR_BAD_NET_RESP); + tevent_req_nterror(req, status); return; } if (ctr_level == 6) { if (!W_ERROR_IS_OK(ctr6->drs_error)) { - composite_error(c, werror_to_ntstatus(ctr6->drs_error)); + status = werror_to_ntstatus(ctr6->drs_error); + tevent_req_nterror(req, status); return; } } - dreplsrv_op_pull_source_apply_changes_send(st, r, ctr_level, ctr1, ctr6); + dreplsrv_op_pull_source_apply_changes_trigger(req, r, ctr_level, ctr1, ctr6); } -static void dreplsrv_update_refs_send(struct dreplsrv_op_pull_source_state *st); +static void dreplsrv_update_refs_trigger(struct tevent_req *req); -static void dreplsrv_op_pull_source_apply_changes_send(struct dreplsrv_op_pull_source_state *st, - struct drsuapi_DsGetNCChanges *r, - uint32_t ctr_level, - struct drsuapi_DsGetNCChangesCtr1 *ctr1, - struct drsuapi_DsGetNCChangesCtr6 *ctr6) +static void dreplsrv_op_pull_source_apply_changes_trigger(struct tevent_req *req, + struct drsuapi_DsGetNCChanges *r, + uint32_t ctr_level, + struct drsuapi_DsGetNCChangesCtr1 *ctr1, + struct drsuapi_DsGetNCChangesCtr6 *ctr6) { - struct composite_context *c = st->creq; - struct repsFromTo1 rf1 = *st->op->source_dsa->repsFrom1; - struct dreplsrv_service *service = st->op->service; - struct dreplsrv_partition *partition = st->op->source_dsa->partition; - struct dreplsrv_drsuapi_connection *drsuapi = st->op->source_dsa->conn->drsuapi; + struct dreplsrv_op_pull_source_state *state = tevent_req_data(req, + struct dreplsrv_op_pull_source_state); + struct repsFromTo1 rf1 = *state->op->source_dsa->repsFrom1; + struct dreplsrv_service *service = state->op->service; + struct dreplsrv_partition *partition = state->op->source_dsa->partition; + struct dreplsrv_drsuapi_connection *drsuapi = state->op->source_dsa->conn->drsuapi; const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr; uint32_t object_count; struct drsuapi_DsReplicaObjectListItemEx *first_object; @@ -402,6 +414,7 @@ static void dreplsrv_op_pull_source_apply_changes_send(struct dreplsrv_op_pull_s struct dsdb_extended_replicated_objects *objects; bool more_data = false; WERROR status; + NTSTATUS nt_status; switch (ctr_level) { case 1: @@ -425,7 +438,8 @@ static void dreplsrv_op_pull_source_apply_changes_send(struct dreplsrv_op_pull_s more_data = ctr6->more_data; break; default: - composite_error(c, werror_to_ntstatus(WERR_BAD_NET_RESP)); + nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP); + tevent_req_nterror(req, nt_status); return; } @@ -439,32 +453,39 @@ static void dreplsrv_op_pull_source_apply_changes_send(struct dreplsrv_op_pull_s &rf1, uptodateness_vector, &drsuapi->gensec_skey, - st, &objects); + state, &objects); if (!W_ERROR_IS_OK(status)) { - DEBUG(0,("Failed to convert objects: %s\n", win_errstr(status))); - composite_error(c, werror_to_ntstatus(status)); + nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP); + DEBUG(0,("Failed to convert objects: %s/%s\n", + win_errstr(status), nt_errstr(nt_status))); + tevent_req_nterror(req, nt_status); return; } status = dsdb_extended_replicated_objects_commit(service->samdb, objects, - &st->op->source_dsa->notify_uSN); + &state->op->source_dsa->notify_uSN); talloc_free(objects); if (!W_ERROR_IS_OK(status)) { - DEBUG(0,("Failed to commit objects: %s\n", win_errstr(status))); - composite_error(c, werror_to_ntstatus(status)); + nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP); + DEBUG(0,("Failed to commit objects: %s/%s\n", + win_errstr(status), nt_errstr(nt_status))); + tevent_req_nterror(req, nt_status); return; } /* if it applied fine, we need to update the highwatermark */ - *st->op->source_dsa->repsFrom1 = rf1; + *state->op->source_dsa->repsFrom1 = rf1; /* * TODO: update our uptodatevector! */ + /* we don't need this maybe very large structure anymore */ + TALLOC_FREE(r); + if (more_data) { - dreplsrv_op_pull_source_get_changes_send(st); + dreplsrv_op_pull_source_get_changes_trigger(req); return; } @@ -473,43 +494,89 @@ static void dreplsrv_op_pull_source_apply_changes_send(struct dreplsrv_op_pull_s we join the domain, but they quickly expire. We do it here so we can use the already established DRSUAPI pipe */ - dreplsrv_update_refs_send(st); + dreplsrv_update_refs_trigger(req); } -WERROR dreplsrv_op_pull_source_recv(struct composite_context *c) +static void dreplsrv_update_refs_done(struct rpc_request *rreq); + +/* + send a UpdateRefs request to refresh our repsTo record on the server + */ +static void dreplsrv_update_refs_trigger(struct tevent_req *req) { - NTSTATUS status; + struct dreplsrv_op_pull_source_state *state = tevent_req_data(req, + struct dreplsrv_op_pull_source_state); + struct dreplsrv_service *service = state->op->service; + struct dreplsrv_partition *partition = state->op->source_dsa->partition; + struct dreplsrv_drsuapi_connection *drsuapi = state->op->source_dsa->conn->drsuapi; + struct rpc_request *rreq; + struct drsuapi_DsReplicaUpdateRefs *r; + char *ntds_guid_str; + char *ntds_dns_name; + + r = talloc(state, struct drsuapi_DsReplicaUpdateRefs); + if (tevent_req_nomem(r, req)) { + return; + } + + ntds_guid_str = GUID_string(r, &service->ntds_guid); + if (tevent_req_nomem(ntds_guid_str, req)) { + return; + } + + ntds_dns_name = talloc_asprintf(r, "%s._msdcs.%s", + ntds_guid_str, + lp_dnsdomain(service->task->lp_ctx)); + if (tevent_req_nomem(ntds_dns_name, req)) { + return; + } - status = composite_wait(c); + r->in.bind_handle = &drsuapi->bind_handle; + r->in.level = 1; + r->in.req.req1.naming_context = &partition->nc; + r->in.req.req1.dest_dsa_dns_name = ntds_dns_name; + r->in.req.req1.dest_dsa_guid = service->ntds_guid; + r->in.req.req1.options = + DRSUAPI_DS_REPLICA_UPDATE_ADD_REFERENCE | + DRSUAPI_DS_REPLICA_UPDATE_DELETE_REFERENCE; + if (!samdb_rodc(service->task->lp_ctx)) { + r->in.req.req1.options |= DRSUAPI_DS_REPLICA_UPDATE_WRITEABLE; + } - talloc_free(c); - return ntstatus_to_werror(status); + rreq = dcerpc_drsuapi_DsReplicaUpdateRefs_send(drsuapi->pipe, r, r); + if (tevent_req_nomem(rreq, req)) { + return; + } + composite_continue_rpc(NULL, rreq, dreplsrv_update_refs_done, req); } /* receive a UpdateRefs reply */ -static void dreplsrv_update_refs_recv(struct rpc_request *req) +static void dreplsrv_update_refs_done(struct rpc_request *rreq) { - struct dreplsrv_op_pull_source_state *st = talloc_get_type(req->async.private_data, - struct dreplsrv_op_pull_source_state); - struct composite_context *c = st->creq; - struct drsuapi_DsReplicaUpdateRefs *r = talloc_get_type(req->ndr.struct_ptr, + struct tevent_req *req = talloc_get_type(rreq->async.private_data, + struct tevent_req); + struct drsuapi_DsReplicaUpdateRefs *r = talloc_get_type(rreq->ndr.struct_ptr, struct drsuapi_DsReplicaUpdateRefs); + NTSTATUS status; - c->status = dcerpc_ndr_request_recv(req); - if (!composite_is_ok(c)) { + status = dcerpc_ndr_request_recv(rreq); + if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("UpdateRefs failed with %s\n", - nt_errstr(c->status))); + nt_errstr(status))); + tevent_req_nterror(req, status); return; } if (!W_ERROR_IS_OK(r->out.result)) { - DEBUG(0,("UpdateRefs failed with %s for %s %s\n", + status = werror_to_ntstatus(r->out.result); + DEBUG(0,("UpdateRefs failed with %s/%s for %s %s\n", win_errstr(r->out.result), + nt_errstr(status), r->in.req.req1.dest_dsa_dns_name, r->in.req.req1.naming_context->dn)); - composite_error(c, werror_to_ntstatus(r->out.result)); + tevent_req_nterror(req, status); return; } @@ -517,46 +584,19 @@ static void dreplsrv_update_refs_recv(struct rpc_request *req) r->in.req.req1.dest_dsa_dns_name, r->in.req.req1.naming_context->dn)); - composite_done(c); + tevent_req_done(req); } -/* - send a UpdateRefs request to refresh our repsTo record on the server - */ -static void dreplsrv_update_refs_send(struct dreplsrv_op_pull_source_state *st) +WERROR dreplsrv_op_pull_source_recv(struct tevent_req *req) { - struct composite_context *c = st->creq; - struct dreplsrv_service *service = st->op->service; - struct dreplsrv_partition *partition = st->op->source_dsa->partition; - struct dreplsrv_drsuapi_connection *drsuapi = st->op->source_dsa->conn->drsuapi; - struct rpc_request *req; - struct drsuapi_DsReplicaUpdateRefs *r; - char *ntds_guid_str; - char *ntds_dns_name; - - r = talloc(st, struct drsuapi_DsReplicaUpdateRefs); - if (composite_nomem(r, c)) return; - - ntds_guid_str = GUID_string(r, &service->ntds_guid); - if (composite_nomem(ntds_guid_str, c)) return; - - ntds_dns_name = talloc_asprintf(r, "%s._msdcs.%s", - ntds_guid_str, - lp_dnsdomain(service->task->lp_ctx)); - if (composite_nomem(ntds_dns_name, c)) return; + NTSTATUS status; - r->in.bind_handle = &drsuapi->bind_handle; - r->in.level = 1; - r->in.req.req1.naming_context = &partition->nc; - r->in.req.req1.dest_dsa_dns_name = ntds_dns_name; - r->in.req.req1.dest_dsa_guid = service->ntds_guid; - r->in.req.req1.options = - DRSUAPI_DS_REPLICA_UPDATE_ADD_REFERENCE | - DRSUAPI_DS_REPLICA_UPDATE_DELETE_REFERENCE; - if (!samdb_rodc(service->task->lp_ctx)) { - r->in.req.req1.options |= DRSUAPI_DS_REPLICA_UPDATE_WRITEABLE; + if (tevent_req_is_nterror(req, &status)) { + tevent_req_received(req); + return ntstatus_to_werror(status); } - req = dcerpc_drsuapi_DsReplicaUpdateRefs_send(drsuapi->pipe, r, r); - composite_continue_rpc(c, req, dreplsrv_update_refs_recv, st); + tevent_req_received(req); + return WERR_OK; } + diff --git a/source4/dsdb/repl/drepl_out_pull.c b/source4/dsdb/repl/drepl_out_pull.c index 8a33006d06..c2ea7e6974 100644 --- a/source4/dsdb/repl/drepl_out_pull.c +++ b/source4/dsdb/repl/drepl_out_pull.c @@ -99,8 +99,10 @@ WERROR dreplsrv_schedule_partition_pull_by_guid(struct dreplsrv_service *s, TALL return WERR_NOT_FOUND; } -static void dreplsrv_pending_op_callback(struct dreplsrv_out_operation *op) +static void dreplsrv_pending_op_callback(struct tevent_req *subreq) { + struct dreplsrv_out_operation *op = tevent_req_callback_data(subreq, + struct dreplsrv_out_operation); struct repsFromTo1 *rf = op->source_dsa->repsFrom1; struct dreplsrv_service *s = op->service; time_t t; @@ -109,7 +111,8 @@ static void dreplsrv_pending_op_callback(struct dreplsrv_out_operation *op) t = time(NULL); unix_to_nt_time(&now, t); - rf->result_last_attempt = dreplsrv_op_pull_source_recv(op->creq); + rf->result_last_attempt = dreplsrv_op_pull_source_recv(subreq); + TALLOC_FREE(subreq); if (W_ERROR_IS_OK(rf->result_last_attempt)) { rf->consecutive_sync_failures = 0; rf->last_success = now; @@ -135,18 +138,12 @@ done: dreplsrv_notify_run_ops(s); } -static void dreplsrv_pending_op_callback_creq(struct composite_context *creq) -{ - struct dreplsrv_out_operation *op = talloc_get_type(creq->async.private_data, - struct dreplsrv_out_operation); - dreplsrv_pending_op_callback(op); -} - void dreplsrv_run_pending_ops(struct dreplsrv_service *s) { struct dreplsrv_out_operation *op; time_t t; NTTIME now; + struct tevent_req *subreq; if (s->ops.current || s->ops.n_current) { /* if there's still one running, we're done */ @@ -167,12 +164,18 @@ void dreplsrv_run_pending_ops(struct dreplsrv_service *s) op->source_dsa->repsFrom1->last_attempt = now; - op->creq = dreplsrv_op_pull_source_send(op); - if (!op->creq) { - dreplsrv_pending_op_callback(op); + subreq = dreplsrv_op_pull_source_send(op, s->task->event_ctx, op); + if (!subreq) { + struct repsFromTo1 *rf = op->source_dsa->repsFrom1; + + rf->result_last_attempt = WERR_NOMEM; + rf->consecutive_sync_failures++; + + DEBUG(1,("dreplsrv_op_pull_source(%s/%s) failures[%u]\n", + win_errstr(rf->result_last_attempt), + nt_errstr(werror_to_ntstatus(rf->result_last_attempt)), + rf->consecutive_sync_failures)); return; } - - op->creq->async.fn = dreplsrv_pending_op_callback_creq; - op->creq->async.private_data = op; + tevent_req_set_callback(subreq, dreplsrv_pending_op_callback, op); } diff --git a/source4/dsdb/repl/drepl_service.h b/source4/dsdb/repl/drepl_service.h index b9e8640ae9..0a0d721d5c 100644 --- a/source4/dsdb/repl/drepl_service.h +++ b/source4/dsdb/repl/drepl_service.h @@ -109,8 +109,6 @@ struct dreplsrv_out_operation { struct dreplsrv_partition_source_dsa *source_dsa; - struct composite_context *creq; - enum drsuapi_DsExtendedOperation extended_op; uint64_t fsmo_info; dreplsrv_fsmo_callback_t callback; -- cgit From 59f314d321bb276ebdf2da3017b6a5d3b79d13e2 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 21:28:03 +1100 Subject: s4-scripting: we need to use a base search for the NTDS GUID now we have nTDSConnections structures we can get more than 1 reply --- source4/scripting/bin/setup_dns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/scripting/bin/setup_dns.sh b/source4/scripting/bin/setup_dns.sh index f20ad145c1..de4485fc07 100755 --- a/source4/scripting/bin/setup_dns.sh +++ b/source4/scripting/bin/setup_dns.sh @@ -16,7 +16,7 @@ RSUFFIX=$(echo $DOMAIN | sed s/[\.]/,DC=/g) PRIVATEDIR=$(bin/testparm --section-name=global --parameter-name='private dir' --suppress-prompt 2> /dev/null) } -OBJECTGUID=$(bin/ldbsearch -H "$PRIVATEDIR/sam.ldb" -b "CN=NTDS Settings,CN=$HOSTNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=$RSUFFIX" objectguid|grep ^objectGUID| cut -d: -f2) +OBJECTGUID=$(bin/ldbsearch -s base -H "$PRIVATEDIR/sam.ldb" -b "CN=NTDS Settings,CN=$HOSTNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=$RSUFFIX" objectguid|grep ^objectGUID| cut -d: -f2) echo "Found objectGUID $OBJECTGUID" -- cgit From 5d6032eb4b3e77240d2eccf7c644d1a30da89c78 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 09:00:15 +1100 Subject: s4-partition: fixed selection of partitions on exact match When a search is on the root of a partition on the global catalog, don't search partitions above that one. --- source4/dsdb/samdb/ldb_modules/partition.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index b879bc4106..59e7fab393 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -524,9 +524,7 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) */ if (ldb_dn_compare(data->partitions[i]->ctrl->dn, req->op.search.base) == 0) { match = true; - if (req->op.search.scope == LDB_SCOPE_BASE) { - stop = true; - } + stop = true; } if (!match && (ldb_dn_compare_base(req->op.search.base, data->partitions[i]->ctrl->dn) == 0 && -- cgit From d22a9e5d3bee44ac59922a2a602ad235bf450d5d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 09:28:38 +1100 Subject: s4-dsdb: squash some unknown structure warnings --- source4/dsdb/samdb/ldb_modules/util.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/util.h b/source4/dsdb/samdb/ldb_modules/util.h index 608d2c26cb..53ed9bd48e 100644 --- a/source4/dsdb/samdb/ldb_modules/util.h +++ b/source4/dsdb/samdb/ldb_modules/util.h @@ -19,9 +19,11 @@ along with this program. If not, see . */ -struct dsdb_schema; /* predeclare schema struct */ +/* predeclare some structures used by utility functions */ +struct dsdb_schema; struct GUID; struct dsdb_attribute; +struct dsdb_fsmo_extended_op; #include "dsdb/samdb/ldb_modules/util_proto.h" -- cgit From f118f54ee783a97ed2bc5415213f3145710e0b4c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 09:29:01 +1100 Subject: s4-dsdb: added dsdb_module_am_system() better than each module inventing their own --- source4/dsdb/samdb/ldb_modules/util.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c index b4f81978d3..46252cb279 100644 --- a/source4/dsdb/samdb/ldb_modules/util.c +++ b/source4/dsdb/samdb/ldb_modules/util.c @@ -26,6 +26,7 @@ #include "dsdb/samdb/ldb_modules/util.h" #include "dsdb/samdb/samdb.h" #include "util.h" +#include "libcli/security/security.h" /* add a set of controls to a ldb_request structure based on a set of @@ -629,3 +630,11 @@ int dsdb_module_set_integer(struct ldb_module *module, struct ldb_dn *dn, talloc_free(msg); return ret; } + +bool dsdb_module_am_system(struct ldb_module *module) +{ + struct ldb_context *ldb = ldb_module_get_ctx(module); + struct auth_session_info *session_info + = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo"); + return security_session_user_level(session_info) == SECURITY_SYSTEM; +} -- cgit From 595fad2b34b6f67b130344bc741ff0ddffb0db4f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 09:29:32 +1100 Subject: s4-dsdb: allow specification of a SID if we are system needed for samba3sam test --- source4/dsdb/samdb/ldb_modules/samldb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 79bfc0a15c..edaf7251b8 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -901,7 +901,8 @@ static int samldb_fill_object(struct samldb_ctx *ac, const char *type) /* don't allow objectSID to be specified without the RELAX control */ ac->sid = samdb_result_dom_sid(ac, ac->msg, "objectSid"); - if (ac->sid && !ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) { + if (ac->sid && !ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID) && + !dsdb_module_am_system(ac->module)) { ldb_asprintf_errstring(ldb, "No SID may be specified in user/group creation for %s", ldb_dn_get_linearized(ac->msg->dn)); return LDB_ERR_UNWILLING_TO_PERFORM; -- cgit From baa8793a94a05bd5fde0f2770d9a16959e01b60b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 09:30:31 +1100 Subject: s4-dsdb: use dsdb_module_am_system() in acl module --- source4/dsdb/samdb/ldb_modules/acl.c | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index a3298362f3..aa66ec0d68 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -53,7 +53,7 @@ struct acl_private { struct acl_context { struct ldb_module *module; struct ldb_request *req; - enum security_user_level user_type; + bool am_system; bool allowedAttributes; bool allowedAttributesEffective; bool allowedChildClasses; @@ -70,14 +70,6 @@ bool is_root_base_dn(struct ldb_context *ldb, struct ldb_dn *dn_to_check) return (result==0); } -static enum security_user_level what_is_user(struct ldb_module *module) -{ - struct ldb_context *ldb = ldb_module_get_ctx(module); - struct auth_session_info *session_info - = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo"); - return security_session_user_level(session_info); -} - static struct security_token *acl_user_token(struct ldb_module *module) { struct ldb_context *ldb = ldb_module_get_ctx(module); @@ -450,7 +442,7 @@ static int acl_allowedAttributes(struct ldb_module *module, struct ldb_control *as_system = ldb_request_get_control(ac->req, LDB_CONTROL_AS_SYSTEM_OID); ldb_msg_remove_attr(msg, "allowedAttributesEffective"); - if (ac->user_type == SECURITY_SYSTEM || as_system) { + if (ac->am_system || as_system) { for (i=0; attr_list && attr_list[i]; i++) { ldb_msg_add_string(msg, "allowedAttributesEffective", attr_list[i]); } @@ -566,7 +558,7 @@ static int acl_childClassesEffective(struct ldb_module *module, struct dom_sid *sid = NULL; int i, j, ret; - if (ac->user_type == SECURITY_SYSTEM || as_system) { + if (ac->am_system || as_system) { return acl_childClasses(module, sd_msg, msg, "allowedChildClassesEffective"); } @@ -650,7 +642,7 @@ static int acl_sDRightsEffective(struct ldb_module *module, if (ret != LDB_SUCCESS) { return ret; } - if (ac->user_type == SECURITY_SYSTEM || as_system) { + if (ac->am_system || as_system) { flags = SECINFO_OWNER | SECINFO_GROUP | SECINFO_SACL | SECINFO_DACL; } else { @@ -707,7 +699,7 @@ static int acl_add(struct ldb_module *module, struct ldb_request *req) struct object_tree *new_node = NULL; struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID); - if (what_is_user(module) == SECURITY_SYSTEM || as_system) { + if (dsdb_module_am_system(module) || as_system) { return ldb_next_request(module, req); } @@ -773,7 +765,7 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req) { DEBUG(10, ("ldb:acl_modify: %s\n", req->op.mod.message->elements[0].name)); } - if (what_is_user(module) == SECURITY_SYSTEM || as_system) { + if (dsdb_module_am_system(module) || as_system) { return ldb_next_request(module, req); } if (ldb_dn_is_special(req->op.mod.message->dn)) { @@ -901,7 +893,7 @@ static int acl_delete(struct ldb_module *module, struct ldb_request *req) struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID); DEBUG(10, ("ldb:acl_delete: %s\n", ldb_dn_get_linearized(req->op.del.dn))); - if (what_is_user(module) == SECURITY_SYSTEM || as_system) { + if (dsdb_module_am_system(module) || as_system) { return ldb_next_request(module, req); } @@ -955,7 +947,7 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req) }; DEBUG(10, ("ldb:acl_rename: %s\n", ldb_dn_get_linearized(req->op.rename.olddn))); - if (what_is_user(module) == SECURITY_SYSTEM || as_system) { + if (dsdb_module_am_system(module) || as_system) { return ldb_next_request(module, req); } if (ldb_dn_is_special(req->op.rename.olddn)) { @@ -1135,7 +1127,7 @@ static int acl_search_callback(struct ldb_request *req, struct ldb_reply *ares) } } if (data && data->password_attrs) { - if (ac->user_type != SECURITY_SYSTEM) { + if (!ac->am_system) { for (i = 0; data->password_attrs[i]; i++) { ldb_msg_remove_attr(ares->message, data->password_attrs[i]); } @@ -1173,7 +1165,7 @@ static int acl_search(struct ldb_module *module, struct ldb_request *req) ac->module = module; ac->req = req; - ac->user_type = what_is_user(module); + ac->am_system = dsdb_module_am_system(module); ac->allowedAttributes = ldb_attr_in_list(req->op.search.attrs, "allowedAttributes"); ac->allowedAttributesEffective = ldb_attr_in_list(req->op.search.attrs, "allowedAttributesEffective"); ac->allowedChildClasses = ldb_attr_in_list(req->op.search.attrs, "allowedChildClasses"); @@ -1183,7 +1175,7 @@ static int acl_search(struct ldb_module *module, struct ldb_request *req) /* replace any attributes in the parse tree that are private, so we don't allow a search for 'userPassword=penguin', just as we would not allow that attribute to be returned */ - if (ac->user_type != SECURITY_SYSTEM) { + if (ac->am_system) { /* FIXME: We should copy the tree and keep the original unmodified. */ /* remove password attributes */ if (data && data->password_attrs) { -- cgit From 8b8bb15a54a80b8a568f9da955a33ff8336168ee Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 09:30:59 +1100 Subject: s4-dsdb: fixed const misuse in acl module --- source4/dsdb/samdb/ldb_modules/acl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index aa66ec0d68..a779821107 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -35,10 +35,10 @@ #include "ldb_module.h" #include "auth/auth.h" #include "libcli/security/security.h" -#include "librpc/gen_ndr/ndr_security.h" #include "dsdb/samdb/samdb.h" #include "librpc/gen_ndr/ndr_security.h" #include "param/param.h" +#include "dsdb/samdb/ldb_modules/util.h" struct extended_access_check_attribute { const char *oa_name; @@ -301,7 +301,7 @@ static int acl_check_access_on_attribute(struct ldb_module *module, struct security_descriptor *sd, struct dom_sid *rp_sid, uint32_t access, - struct dsdb_attribute *attr) + const struct dsdb_attribute *attr) { int ret; NTSTATUS status; @@ -362,7 +362,7 @@ static int acl_check_access_on_class(struct ldb_module *module, uint32_t access_granted; struct object_tree *root = NULL; struct object_tree *new_node = NULL; - struct GUID *guid; + const struct GUID *guid; const struct dsdb_schema *schema = dsdb_get_schema(ldb); TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); struct security_token *token = acl_user_token(module); @@ -460,7 +460,7 @@ static int acl_allowedAttributes(struct ldb_module *module, return ret; } for (i=0; attr_list && attr_list[i]; i++) { - struct dsdb_attribute *attr = dsdb_attribute_by_lDAPDisplayName(schema, + const struct dsdb_attribute *attr = dsdb_attribute_by_lDAPDisplayName(schema, attr_list[i]); if (!attr) { return LDB_ERR_OPERATIONS_ERROR; -- cgit From 43a815c67ac7b7406b047b488393fa42617a5884 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 09:31:23 +1100 Subject: s4-samba3samtest: use system credentials for creating users --- source4/dsdb/samdb/ldb_modules/tests/samba3sam.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py index 2478043eb4..a46afb1a72 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py +++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py @@ -29,6 +29,7 @@ from samba import Ldb, substitute_var from samba.tests import LdbTestCase, TestCaseInTempDir, cmdline_loadparm import samba.dcerpc.security import samba.ndr +from samba.auth import system_session datadir = os.path.join(os.path.dirname(__file__), "../../../../../testdata/samba3") @@ -75,7 +76,7 @@ class MapBaseTestCase(TestCaseInTempDir): """Simple helper class that contains data for a specific SAM connection.""" def __init__(self, basedn, dn): - self.db = Ldb(lp=cmdline_loadparm) + self.db = Ldb(lp=cmdline_loadparm, session_info=system_session()) self.basedn = basedn self.basedn_casefold = ldb.Dn(self.db, basedn).get_casefold() self.substvars = {"BASEDN": self.basedn} @@ -124,13 +125,13 @@ class Samba3SamTestCase(MapBaseTestCase): def setUp(self): super(Samba3SamTestCase, self).setUp() - ldb = Ldb(self.ldburl, lp=cmdline_loadparm) + ldb = Ldb(self.ldburl, lp=cmdline_loadparm, session_info=system_session()) self.samba3.setup_data("samba3.ldif") ldif = read_datafile("provision_samba3sam.ldif") ldb.add_ldif(self.samba4.subst(ldif)) self.setup_modules(ldb, self.samba3, self.samba4) del ldb - self.ldb = Ldb(self.ldburl, lp=cmdline_loadparm) + self.ldb = Ldb(self.ldburl, lp=cmdline_loadparm, session_info=system_session()) def test_search_non_mapped(self): """Looking up by non-mapped attribute""" @@ -291,12 +292,12 @@ class MapTestCase(MapBaseTestCase): def setUp(self): super(MapTestCase, self).setUp() - ldb = Ldb(self.ldburl, lp=cmdline_loadparm) + ldb = Ldb(self.ldburl, lp=cmdline_loadparm, session_info=system_session()) ldif = read_datafile("provision_samba3sam.ldif") ldb.add_ldif(self.samba4.subst(ldif)) self.setup_modules(ldb, self.samba3, self.samba4) del ldb - self.ldb = Ldb(self.ldburl, lp=cmdline_loadparm) + self.ldb = Ldb(self.ldburl, lp=cmdline_loadparm, session_info=system_session()) def test_map_search(self): """Running search tests on mapped data.""" -- cgit From 81c0b01585c93472a14e3027a6da0b6d65a2ed7c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 10:00:35 +1100 Subject: s4-secdesc: fixed the sec_descriptor.py test The test was using a "changetype: add" to try and add a member to a group, where it should use a "changetype: modify" with a "add: member" Also fixed the recovery when the test fails part way through (delete the test users at the start as well as the end) Nadya, please check! --- source4/lib/ldb/tests/python/sec_descriptor.py | 116 ++++++++++++++++--------- 1 file changed, 74 insertions(+), 42 deletions(-) (limited to 'source4') diff --git a/source4/lib/ldb/tests/python/sec_descriptor.py b/source4/lib/ldb/tests/python/sec_descriptor.py index e420cec3bd..4589178a42 100755 --- a/source4/lib/ldb/tests/python/sec_descriptor.py +++ b/source4/lib/ldb/tests/python/sec_descriptor.py @@ -285,8 +285,30 @@ userAccountControl: %s""" % userAccountControl class OwnerGroupDescriptorTests(DescriptorTests): + def deleteAll(self): + if self.SAMBA: + self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser1")) + self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser2")) + self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser3")) + self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser4")) + self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser5")) + self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser6")) + self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser7")) + self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser8")) + # DOMAIN + self.delete_force(self.ldb_admin, self.get_users_domain_dn("test_domain_group1")) + self.delete_force(self.ldb_admin, "CN=test_domain_user1,OU=test_domain_ou1," + self.base_dn) + self.delete_force(self.ldb_admin, "OU=test_domain_ou2,OU=test_domain_ou1," + self.base_dn) + self.delete_force(self.ldb_admin, "OU=test_domain_ou1," + self.base_dn) + # SCHEMA + # CONFIGURATION + self.delete_force(self.ldb_admin, "CN=test-specifier1,CN=test-container1,CN=DisplaySpecifiers," \ + + self.configuration_dn) + self.delete_force(self.ldb_admin, "CN=test-container1,CN=DisplaySpecifiers," + self.configuration_dn) + def setUp(self): DescriptorTests.setUp(self) + self.deleteAll() if self.SAMBA: ### Create users # User 1 @@ -295,7 +317,8 @@ class OwnerGroupDescriptorTests(DescriptorTests): self.enable_account(user_dn) ldif = """ dn: CN=Enterprise Admins,CN=Users,""" + self.base_dn + """ -changetype: add +changetype: modify +add: member member: """ + user_dn self.ldb_admin.modify_ldif(ldif) # User 2 @@ -304,7 +327,8 @@ member: """ + user_dn self.enable_account(user_dn) ldif = """ dn: CN=Domain Admins,CN=Users,""" + self.base_dn + """ -changetype: add +changetype: modify +add: member member: """ + user_dn self.ldb_admin.modify_ldif(ldif) # User 3 @@ -313,7 +337,8 @@ member: """ + user_dn self.enable_account(user_dn) ldif = """ dn: CN=Schema Admins,CN=Users,""" + self.base_dn + """ -changetype: add +changetype: modify +add: member member: """ + user_dn self.ldb_admin.modify_ldif(ldif) # User 4 @@ -326,11 +351,13 @@ member: """ + user_dn self.enable_account(user_dn) ldif = """ dn: CN=Enterprise Admins,CN=Users,""" + self.base_dn + """ -changetype: add +changetype: modify +add: member member: """ + user_dn + """ dn: CN=Domain Admins,CN=Users,""" + self.base_dn + """ -changetype: add +changetype: modify +add: member member: """ + user_dn self.ldb_admin.modify_ldif(ldif) # User 6 @@ -339,15 +366,18 @@ member: """ + user_dn self.enable_account(user_dn) ldif = """ dn: CN=Enterprise Admins,CN=Users,""" + self.base_dn + """ -changetype: add +changetype: modify +add: member member: """ + user_dn + """ dn: CN=Domain Admins,CN=Users,""" + self.base_dn + """ -changetype: add +changetype: modify +add: member member: """ + user_dn + """ dn: CN=Schema Admins,CN=Users,""" + self.base_dn + """ -changetype: add +changetype: modify +add: member member: """ + user_dn self.ldb_admin.modify_ldif(ldif) # User 7 @@ -356,11 +386,13 @@ member: """ + user_dn self.enable_account(user_dn) ldif = """ dn: CN=Domain Admins,CN=Users,""" + self.base_dn + """ -changetype: add +changetype: modify +add: member member: """ + user_dn + """ dn: CN=Schema Admins,CN=Users,""" + self.base_dn + """ -changetype: add +changetype: modify +add: member member: """ + user_dn self.ldb_admin.modify_ldif(ldif) # User 8 @@ -369,11 +401,13 @@ member: """ + user_dn self.enable_account(user_dn) ldif = """ dn: CN=Enterprise Admins,CN=Users,""" + self.base_dn + """ -changetype: add +changetype: modify +add: member member: """ + user_dn + """ dn: CN=Schema Admins,CN=Users,""" + self.base_dn + """ -changetype: add +changetype: modify +add: member member: """ + user_dn self.ldb_admin.modify_ldif(ldif) self.results = { @@ -490,25 +524,7 @@ member: """ + user_dn self.DS_BEHAVIOR = "ds_behavior_win2008" def tearDown(self): - if self.SAMBA: - self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser1")) - self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser2")) - self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser3")) - self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser4")) - self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser5")) - self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser6")) - self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser7")) - self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser8")) - # DOMAIN - self.delete_force(self.ldb_admin, self.get_users_domain_dn("test_domain_group1")) - self.delete_force(self.ldb_admin, "CN=test_domain_user1,OU=test_domain_ou1," + self.base_dn) - self.delete_force(self.ldb_admin, "OU=test_domain_ou2,OU=test_domain_ou1," + self.base_dn) - self.delete_force(self.ldb_admin, "OU=test_domain_ou1," + self.base_dn) - # SCHEMA - # CONFIGURATION - self.delete_force(self.ldb_admin, "CN=test-specifier1,CN=test-container1,CN=DisplaySpecifiers," \ - + self.configuration_dn) - self.delete_force(self.ldb_admin, "CN=test-container1,CN=DisplaySpecifiers," + self.configuration_dn) + self.deleteAll() def check_user_belongs(self, user_dn, groups=[]): """ Test wether user is member of the expected group(s) """ @@ -1414,12 +1430,16 @@ member: """ + user_dn class DaclDescriptorTests(DescriptorTests): + def deleteAll(self): + self.delete_force(self.ldb_admin, "CN=test_inherit_group,OU=test_inherit_ou," + self.base_dn) + self.delete_force(self.ldb_admin, "OU=test_inherit_ou," + self.base_dn) + def setUp(self): DescriptorTests.setUp(self) + self.deleteAll() def tearDown(self): - self.delete_force(self.ldb_admin, "CN=test_inherit_group,OU=test_inherit_ou," + self.base_dn) - self.delete_force(self.ldb_admin, "OU=test_inherit_ou," + self.base_dn) + self.deleteAll() def create_clean_ou(self, object_dn): """ Base repeating setup for unittests to follow """ @@ -1686,12 +1706,16 @@ class DaclDescriptorTests(DescriptorTests): class SdFlagsDescriptorTests(DescriptorTests): + def deleteAll(self): + self.delete_force(self.ldb_admin, "OU=test_sdflags_ou," + self.base_dn) + def setUp(self): DescriptorTests.setUp(self) self.test_descr = "O:AUG:AUD:(D;;CC;;;LG)S:(OU;;WP;;;AU)" + self.deleteAll() def tearDown(self): - self.delete_force(self.ldb_admin, "OU=test_sdflags_ou," + self.base_dn) + self.deleteAll() def test_301(self): """ Modify a descriptor with OWNER_SECURITY_INFORMATION set. @@ -1841,8 +1865,16 @@ class SdFlagsDescriptorTests(DescriptorTests): class RightsAttributesTests(DescriptorTests): + def deleteAll(self): + if self.SAMBA: + self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser_attr")) + self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser_attr2")) + + self.delete_force(self.ldb_admin, "OU=test_domain_ou1," + self.base_dn) + def setUp(self): DescriptorTests.setUp(self) + self.deleteAll() if self.SAMBA: ### Create users # User 1 @@ -1855,17 +1887,13 @@ class RightsAttributesTests(DescriptorTests): self.enable_account(user_dn) ldif = """ dn: CN=Domain Admins,CN=Users,""" + self.base_dn + """ -changetype: add +changetype: modify +add: member member: """ + user_dn self.ldb_admin.modify_ldif(ldif) def tearDown(self): - - if self.SAMBA: - self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser_attr")) - self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser_attr2")) - - self.delete_force(self.ldb_admin, "OU=test_domain_ou1," + self.base_dn) + self.deleteAll() def test_sDRightsEffective(self): object_dn = "OU=test_domain_ou1," + self.base_dn @@ -1964,7 +1992,11 @@ member: """ + user_dn self.assertTrue("managedBy" in res[0]["allowedAttributesEffective"]) if not "://" in host: - host = "ldap://%s" % host + if os.path.isfile(host): + host = "tdb://%s" % host + else: + host = "ldap://%s" % host + ldb = Ldb(host, credentials=creds, session_info=system_session(), lp=lp, options=["modules:paged_searches"]) runner = SubunitTestRunner() -- cgit From 66f161dee13fc027ea0253abdf40dfb7dc4bffa3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 10:03:51 +1100 Subject: s4-acl: fixed acl.py test to use correct ldif same problem as sec_descriptor.py --- source4/lib/ldb/tests/python/acl.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/lib/ldb/tests/python/acl.py b/source4/lib/ldb/tests/python/acl.py index 4544f60736..909adc5129 100755 --- a/source4/lib/ldb/tests/python/acl.py +++ b/source4/lib/ldb/tests/python/acl.py @@ -164,7 +164,8 @@ replace: nTSecurityDescriptor """ ldif = """ dn: """ + group_dn + """ -changetype: add +changetype: modify +add: member member: """ + member_dn _ldb.modify_ldif(ldif) -- cgit From dd61336165396f8aaccde1320de26bae789fb324 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 12:14:39 +1100 Subject: s4-dsdb: added a samba3sid module This module allocates SIDs using the Samba3 algorithm, for use with the samba3sam module. Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/config.mk | 15 ++- source4/dsdb/samdb/ldb_modules/samba3sid.c | 194 +++++++++++++++++++++++++++++ 2 files changed, 208 insertions(+), 1 deletion(-) create mode 100644 source4/dsdb/samdb/ldb_modules/samba3sid.c (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 7dfe58451f..f9f1714358 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -137,12 +137,25 @@ SUBSYSTEM = LIBLDB INIT_FUNCTION = LDB_MODULE(samba3sam) PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBLDB SMBPASSWD \ NSS_WRAPPER LIBSECURITY NDR_SECURITY -# End MODULE ldb_samldb +# End MODULE ldb_samba3sam ################################################ ldb_samba3sam_OBJ_FILES = \ $(dsdbsrcdir)/samdb/ldb_modules/samba3sam.o +################################################ +# Start MODULE ldb_samba3sid +[MODULE::ldb_samba3sid] +SUBSYSTEM = LIBLDB +INIT_FUNCTION = LDB_MODULE(samba3sid) +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBLDB SMBPASSWD \ + NSS_WRAPPER LIBSECURITY NDR_SECURITY +# End MODULE ldb_samba3sid +################################################ + +ldb_samba3sid_OBJ_FILES = \ + $(dsdbsrcdir)/samdb/ldb_modules/samba3sid.o + ################################################ # Start MODULE ldb_simple_ldap_map [MODULE::ldb_simple_ldap_map] diff --git a/source4/dsdb/samdb/ldb_modules/samba3sid.c b/source4/dsdb/samdb/ldb_modules/samba3sid.c new file mode 100644 index 0000000000..6ea5742e6d --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/samba3sid.c @@ -0,0 +1,194 @@ +/* + samba3sid module + + Copyright (C) Andrew Bartlett 2010 + Copyright (C) Andrew Tridgell 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/* + add objectSID to users and groups using samba3 nextRid method + */ + +#include "includes.h" +#include "libcli/ldap/ldap_ndr.h" +#include "ldb_module.h" +#include "dsdb/samdb/samdb.h" +#include "dsdb/samdb/ldb_modules/util.h" +#include "libcli/security/security.h" +#include "librpc/gen_ndr/ndr_security.h" +#include "../lib/util/util_ldb.h" +#include "ldb_wrap.h" +#include "param/param.h" + +/* + RID algorithm from pdb_ldap.c in source3/passdb/ + (loosely based on Volkers code) + */ +static int samba3sid_next_sid(struct ldb_module *module, + TALLOC_CTX *mem_ctx, char **sid) +{ + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + struct ldb_result *res; + const char *attrs[] = { "sambaNextRid", "sambaNextUserRid", + "sambaNextGroupRid", "sambaSID", NULL }; + int ret; + struct ldb_context *ldb = ldb_module_get_ctx(module); + int sambaNextRid, sambaNextGroupRid, sambaNextUserRid; + struct ldb_message *msg; + uint32_t rid; + const char *sambaSID; + + ret = dsdb_module_search(module, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE, + attrs, DSDB_SEARCH_SEARCH_ALL_PARTITIONS, + "(&(objectClass=sambaDomain)(sambaDomainName=%s))", + lp_sam_name(ldb_get_opaque(ldb, "loadparm"))); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, + __location__ + ": Failed to find domain object - %s", + ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + if (res->count != 1) { + ldb_asprintf_errstring(ldb, + __location__ + ": Expected exactly 1 domain object - got %u", + res->count); + talloc_free(tmp_ctx); + return ret; + } + msg = res->msgs[0]; + + sambaNextRid = ldb_msg_find_attr_as_uint(msg, "sambaNextRid", -1); + sambaNextUserRid = ldb_msg_find_attr_as_uint(msg, "sambaNextUserRid", -1); + sambaNextGroupRid = ldb_msg_find_attr_as_uint(msg, "sambaNextGroupRid", -1); + sambaSID = ldb_msg_find_attr_as_string(msg, "sambaSID", NULL); + + if (sambaSID == NULL) { + ldb_asprintf_errstring(ldb, + __location__ + ": No sambaSID in %s", + ldb_dn_get_linearized(msg->dn)); + talloc_free(tmp_ctx); + return ret; + } + + /* choose the highest of the 3 - see pdb_ldap.c for an + * explanation */ + rid = sambaNextRid; + if (sambaNextUserRid > rid) { + rid = sambaNextUserRid; + } + if (sambaNextGroupRid > rid) { + rid = sambaNextGroupRid; + } + if (rid == -1) { + ldb_asprintf_errstring(ldb, + __location__ + ": No sambaNextRid in %s", + ldb_dn_get_linearized(msg->dn)); + talloc_free(tmp_ctx); + return ret; + } + + (*sid) = talloc_asprintf(tmp_ctx, "%s-%u", sambaSID, rid); + if (!*sid) { + ldb_module_oom(module); + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = dsdb_module_constrainted_update_integer(module, msg->dn, + "sambaNextRid", + sambaNextRid, rid+1); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, + __location__ + ": Failed to update sambaNextRid - %s", + ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + + talloc_steal(mem_ctx, *sid); + talloc_free(tmp_ctx); + return LDB_SUCCESS; +} + + + +/* add */ +static int samba3sid_add(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_context *ldb; + int ret; + const struct ldb_message *msg = req->op.add.message; + struct ldb_message *new_msg; + char *sid; + struct ldb_request *new_req; + + ldb = ldb_module_get_ctx(module); + + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.add.message->dn)) { + return ldb_next_request(module, req); + } + + if (!samdb_find_attribute(ldb, msg, "objectclass", "posixAccount") && + !samdb_find_attribute(ldb, msg, "objectclass", "posixGroup")) { + /* its not a user or a group */ + return ldb_next_request(module, req); + } + + if (ldb_msg_find_element(msg, "sambaSID")) { + /* a SID was supplied */ + return ldb_next_request(module, req); + } + + new_msg = ldb_msg_copy_shallow(req, req->op.add.message); + if (!new_msg) { + ldb_module_oom(module); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = samba3sid_next_sid(module, new_msg, &sid); + if (ret != LDB_SUCCESS) { + return ret; + } + + ret = ldb_msg_add_steal_string(new_msg, "sambaSID", sid); + if (ret != LDB_SUCCESS) { + return ret; + } + + ret = ldb_build_add_req(&new_req, ldb, req, + new_msg, + req->controls, + req, dsdb_next_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; + } + + return ldb_next_request(module, new_req); +} + +_PUBLIC_ const struct ldb_module_ops ldb_samba3sid_module_ops = { + .name = "samba3sid", + .add = samba3sid_add, +}; + -- cgit From d6f92db456162571e7d9273afe371103da72e6b0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 12:15:01 +1100 Subject: s4-samba3sam: use samba3sid module Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/tests/samba3sam.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py index a46afb1a72..8d4047b0b8 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py +++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py @@ -30,6 +30,7 @@ from samba.tests import LdbTestCase, TestCaseInTempDir, cmdline_loadparm import samba.dcerpc.security import samba.ndr from samba.auth import system_session +from samba import param datadir = os.path.join(os.path.dirname(__file__), "../../../../../testdata/samba3") @@ -50,7 +51,7 @@ class MapBaseTestCase(TestCaseInTempDir): "@TO": "sambaDomainName=TESTS," + s3.basedn}) ldb.add({"dn": "@MODULES", - "@LIST": "rootdse,paged_results,server_sort,asq,samldb,password_hash,operational,objectguid,rdn_name,samba3sam,partition"}) + "@LIST": "rootdse,paged_results,server_sort,asq,samldb,password_hash,operational,objectguid,rdn_name,samba3sam,samba3sid,partition"}) ldb.add({"dn": "@PARTITION", "partition": ["%s" % (s4.basedn_casefold), @@ -59,6 +60,7 @@ class MapBaseTestCase(TestCaseInTempDir): "modules": "*:"}) def setUp(self): + cmdline_loadparm.set("sid generator", "backend") super(MapBaseTestCase, self).setUp() def make_dn(basedn, rdn): -- cgit From f68c43e80338921be8145f8b3a3b391a941715a2 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 12:45:29 +1100 Subject: s4-samba3sid: the sambaNextRid attribute is actually the previous RID Not well named .... though same mistake that MS made with rIDNextRid --- source4/dsdb/samdb/ldb_modules/samba3sid.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/samba3sid.c b/source4/dsdb/samdb/ldb_modules/samba3sid.c index 6ea5742e6d..bb4b58be3f 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sid.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sid.c @@ -48,7 +48,7 @@ static int samba3sid_next_sid(struct ldb_module *module, struct ldb_context *ldb = ldb_module_get_ctx(module); int sambaNextRid, sambaNextGroupRid, sambaNextUserRid; struct ldb_message *msg; - uint32_t rid; + int rid; const char *sambaSID; ret = dsdb_module_search(module, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE, @@ -105,7 +105,10 @@ static int samba3sid_next_sid(struct ldb_module *module, return ret; } - (*sid) = talloc_asprintf(tmp_ctx, "%s-%u", sambaSID, rid); + /* sambaNextRid is actually the previous RID .... */ + rid += 1; + + (*sid) = talloc_asprintf(tmp_ctx, "%s-%d", sambaSID, rid); if (!*sid) { ldb_module_oom(module); talloc_free(tmp_ctx); @@ -114,7 +117,7 @@ static int samba3sid_next_sid(struct ldb_module *module, ret = dsdb_module_constrainted_update_integer(module, msg->dn, "sambaNextRid", - sambaNextRid, rid+1); + sambaNextRid, rid); if (ret != LDB_SUCCESS) { ldb_asprintf_errstring(ldb, __location__ -- cgit From 9aed0993624ecd42ad68b3b080668fa07a9bc1b9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 12:45:49 +1100 Subject: s4-samba3samtest: force workgroup so the domain is right the samba3sid backend looks at lp_sam_name() which is based on the workgroup --- source4/dsdb/samdb/ldb_modules/tests/samba3sam.py | 1 + 1 file changed, 1 insertion(+) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py index 8d4047b0b8..78b7eca077 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py +++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py @@ -61,6 +61,7 @@ class MapBaseTestCase(TestCaseInTempDir): def setUp(self): cmdline_loadparm.set("sid generator", "backend") + cmdline_loadparm.set("workgroup", "TESTS") super(MapBaseTestCase, self).setUp() def make_dn(basedn, rdn): -- cgit From dde2b66341d5addbb80a239b8ccab58af1f3fc24 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 12:54:42 +1100 Subject: s4-samba3sid: fixed error returns when res->count != 1 and oom --- source4/dsdb/samdb/ldb_modules/samba3sid.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/samba3sid.c b/source4/dsdb/samdb/ldb_modules/samba3sid.c index bb4b58be3f..76848eb258 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sid.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sid.c @@ -69,7 +69,7 @@ static int samba3sid_next_sid(struct ldb_module *module, ": Expected exactly 1 domain object - got %u", res->count); talloc_free(tmp_ctx); - return ret; + return LDB_ERR_OPERATIONS_ERROR; } msg = res->msgs[0]; @@ -84,7 +84,7 @@ static int samba3sid_next_sid(struct ldb_module *module, ": No sambaSID in %s", ldb_dn_get_linearized(msg->dn)); talloc_free(tmp_ctx); - return ret; + return LDB_ERR_OPERATIONS_ERROR; } /* choose the highest of the 3 - see pdb_ldap.c for an @@ -102,7 +102,7 @@ static int samba3sid_next_sid(struct ldb_module *module, ": No sambaNextRid in %s", ldb_dn_get_linearized(msg->dn)); talloc_free(tmp_ctx); - return ret; + return LDB_ERR_OPERATIONS_ERROR; } /* sambaNextRid is actually the previous RID .... */ -- cgit From 5ccf8ae37385bd401910e7c31c63fad43dcc89ae Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 12:55:21 +1100 Subject: s4-samba3samtest: we need to force netbios name as well needed for when run in CLIENT context --- source4/dsdb/samdb/ldb_modules/tests/samba3sam.py | 1 + 1 file changed, 1 insertion(+) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py index 78b7eca077..cc1a86ed4a 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py +++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py @@ -62,6 +62,7 @@ class MapBaseTestCase(TestCaseInTempDir): def setUp(self): cmdline_loadparm.set("sid generator", "backend") cmdline_loadparm.set("workgroup", "TESTS") + cmdline_loadparm.set("netbios name", "TESTS") super(MapBaseTestCase, self).setUp() def make_dn(basedn, rdn): -- cgit From 9d296e6776c96401f2285602f939256d9cbe7c48 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 16:56:01 +1100 Subject: s4-provision: added W2K8-R2 schema as provided by WSPP --- .../ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt | 15996 +++++++++++++++++++ .../ad-schema/MS-AD_Schema_2K8_R2_Classes.txt | 3533 ++++ 2 files changed, 19529 insertions(+) create mode 100644 source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt create mode 100644 source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt (limited to 'source4') diff --git a/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt b/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt new file mode 100644 index 0000000000..6917c7078c --- /dev/null +++ b/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt @@ -0,0 +1,15996 @@ +#Intellectual Property Rights Notice for Protocol Documentation +#• Copyrights. This protocol documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the protocols, and may distribute portions of it in your implementations of the protocols or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the protocol documentation. +#• No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. +#• Patents. Microsoft has patents that may cover your implementations of the protocols. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, the protocols may be covered by Microsoft’s Open Specification Promise (available here: http://www.microsoft.com/interop/osp). If you would prefer a written license, or if the protocols are not covered by the OSP, patent licenses are available by contacting protocol@microsoft.com. +#• Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights. +#Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise. +#Tools. This protocol documentation is intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it. A protocol specification does not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. +# + + +cn: Account-Expires +ldapDisplayName: accountExpires +attributeId: 1.2.840.113556.1.4.159 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf967915-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Account-Name-History +ldapDisplayName: accountNameHistory +attributeId: 1.2.840.113556.1.4.1307 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 031952ec-3b72-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Aggregate-Token-Rate-Per-User +ldapDisplayName: aCSAggregateTokenRatePerUser +attributeId: 1.2.840.113556.1.4.760 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 7f56127d-5301-11d1-a9c5-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Allocable-RSVP-Bandwidth +ldapDisplayName: aCSAllocableRSVPBandwidth +attributeId: 1.2.840.113556.1.4.766 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 7f561283-5301-11d1-a9c5-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Cache-Timeout +ldapDisplayName: aCSCacheTimeout +attributeId: 1.2.840.113556.1.4.779 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 1cb355a1-56d0-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Direction +ldapDisplayName: aCSDirection +attributeId: 1.2.840.113556.1.4.757 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 7f56127a-5301-11d1-a9c5-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-DSBM-DeadTime +ldapDisplayName: aCSDSBMDeadTime +attributeId: 1.2.840.113556.1.4.778 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 1cb355a0-56d0-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-DSBM-Priority +ldapDisplayName: aCSDSBMPriority +attributeId: 1.2.840.113556.1.4.776 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 1cb3559e-56d0-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-DSBM-Refresh +ldapDisplayName: aCSDSBMRefresh +attributeId: 1.2.840.113556.1.4.777 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 1cb3559f-56d0-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Enable-ACS-Service +ldapDisplayName: aCSEnableACSService +attributeId: 1.2.840.113556.1.4.770 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 7f561287-5301-11d1-a9c5-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Enable-RSVP-Accounting +ldapDisplayName: aCSEnableRSVPAccounting +attributeId: 1.2.840.113556.1.4.899 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: f072230e-aef5-11d1-bdcf-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Enable-RSVP-Message-Logging +ldapDisplayName: aCSEnableRSVPMessageLogging +attributeId: 1.2.840.113556.1.4.768 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 7f561285-5301-11d1-a9c5-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Event-Log-Level +ldapDisplayName: aCSEventLogLevel +attributeId: 1.2.840.113556.1.4.769 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 7f561286-5301-11d1-a9c5-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Identity-Name +ldapDisplayName: aCSIdentityName +attributeId: 1.2.840.113556.1.4.784 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: dab029b6-ddf7-11d1-90a5-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Max-Aggregate-Peak-Rate-Per-User +ldapDisplayName: aCSMaxAggregatePeakRatePerUser +attributeId: 1.2.840.113556.1.4.897 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: f072230c-aef5-11d1-bdcf-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Max-Duration-Per-Flow +ldapDisplayName: aCSMaxDurationPerFlow +attributeId: 1.2.840.113556.1.4.761 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 7f56127e-5301-11d1-a9c5-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Maximum-SDU-Size +ldapDisplayName: aCSMaximumSDUSize +attributeId: 1.2.840.113556.1.4.1314 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 87a2d8f9-3b90-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Max-No-Of-Account-Files +ldapDisplayName: aCSMaxNoOfAccountFiles +attributeId: 1.2.840.113556.1.4.901 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: f0722310-aef5-11d1-bdcf-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Max-No-Of-Log-Files +ldapDisplayName: aCSMaxNoOfLogFiles +attributeId: 1.2.840.113556.1.4.774 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 1cb3559c-56d0-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Max-Peak-Bandwidth +ldapDisplayName: aCSMaxPeakBandwidth +attributeId: 1.2.840.113556.1.4.767 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 7f561284-5301-11d1-a9c5-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Max-Peak-Bandwidth-Per-Flow +ldapDisplayName: aCSMaxPeakBandwidthPerFlow +attributeId: 1.2.840.113556.1.4.759 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 7f56127c-5301-11d1-a9c5-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Max-Size-Of-RSVP-Account-File +ldapDisplayName: aCSMaxSizeOfRSVPAccountFile +attributeId: 1.2.840.113556.1.4.902 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: f0722311-aef5-11d1-bdcf-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Max-Size-Of-RSVP-Log-File +ldapDisplayName: aCSMaxSizeOfRSVPLogFile +attributeId: 1.2.840.113556.1.4.775 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 1cb3559d-56d0-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Max-Token-Bucket-Per-Flow +ldapDisplayName: aCSMaxTokenBucketPerFlow +attributeId: 1.2.840.113556.1.4.1313 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 81f6e0df-3b90-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Max-Token-Rate-Per-Flow +ldapDisplayName: aCSMaxTokenRatePerFlow +attributeId: 1.2.840.113556.1.4.758 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 7f56127b-5301-11d1-a9c5-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Minimum-Delay-Variation +ldapDisplayName: aCSMinimumDelayVariation +attributeId: 1.2.840.113556.1.4.1317 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 9c65329b-3b90-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Minimum-Latency +ldapDisplayName: aCSMinimumLatency +attributeId: 1.2.840.113556.1.4.1316 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 9517fefb-3b90-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Minimum-Policed-Size +ldapDisplayName: aCSMinimumPolicedSize +attributeId: 1.2.840.113556.1.4.1315 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 8d0e7195-3b90-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Non-Reserved-Max-SDU-Size +ldapDisplayName: aCSNonReservedMaxSDUSize +attributeId: 1.2.840.113556.1.4.1320 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: aec2cfe3-3b90-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Non-Reserved-Min-Policed-Size +ldapDisplayName: aCSNonReservedMinPolicedSize +attributeId: 1.2.840.113556.1.4.1321 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: b6873917-3b90-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Non-Reserved-Peak-Rate +ldapDisplayName: aCSNonReservedPeakRate +attributeId: 1.2.840.113556.1.4.1318 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: a331a73f-3b90-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Non-Reserved-Token-Size +ldapDisplayName: aCSNonReservedTokenSize +attributeId: 1.2.840.113556.1.4.1319 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: a916d7c9-3b90-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Non-Reserved-Tx-Limit +ldapDisplayName: aCSNonReservedTxLimit +attributeId: 1.2.840.113556.1.4.780 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 1cb355a2-56d0-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Non-Reserved-Tx-Size +ldapDisplayName: aCSNonReservedTxSize +attributeId: 1.2.840.113556.1.4.898 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: f072230d-aef5-11d1-bdcf-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Permission-Bits +ldapDisplayName: aCSPermissionBits +attributeId: 1.2.840.113556.1.4.765 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 7f561282-5301-11d1-a9c5-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Policy-Name +ldapDisplayName: aCSPolicyName +attributeId: 1.2.840.113556.1.4.772 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 1cb3559a-56d0-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Priority +ldapDisplayName: aCSPriority +attributeId: 1.2.840.113556.1.4.764 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 7f561281-5301-11d1-a9c5-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-RSVP-Account-Files-Location +ldapDisplayName: aCSRSVPAccountFilesLocation +attributeId: 1.2.840.113556.1.4.900 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: f072230f-aef5-11d1-bdcf-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-RSVP-Log-Files-Location +ldapDisplayName: aCSRSVPLogFilesLocation +attributeId: 1.2.840.113556.1.4.773 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 1cb3559b-56d0-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Server-List +ldapDisplayName: aCSServerList +attributeId: 1.2.840.113556.1.4.1312 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 7cbd59a5-3b90-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Service-Type +ldapDisplayName: aCSServiceType +attributeId: 1.2.840.113556.1.4.762 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 7f56127f-5301-11d1-a9c5-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Time-Of-Day +ldapDisplayName: aCSTimeOfDay +attributeId: 1.2.840.113556.1.4.756 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 7f561279-5301-11d1-a9c5-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Total-No-Of-Flows +ldapDisplayName: aCSTotalNoOfFlows +attributeId: 1.2.840.113556.1.4.763 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 7f561280-5301-11d1-a9c5-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Additional-Information +ldapDisplayName: notes +attributeId: 1.2.840.113556.1.4.265 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 6d05fb41-246b-11d0-a9c8-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 32768 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Additional-Trusted-Service-Names +ldapDisplayName: additionalTrustedServiceNames +attributeId: 1.2.840.113556.1.4.889 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 032160be-9824-11d1-aec0-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Address +ldapDisplayName: streetAddress +attributeId: 1.2.840.113556.1.2.256 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: f0f8ff84-1191-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 1024 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 14889 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Address-Book-Roots +ldapDisplayName: addressBookRoots +attributeId: 1.2.840.113556.1.4.1244 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: f70b6e48-06f4-11d2-aa53-00c04fd7d83a +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Address-Book-Roots2 +ldapDisplayName: addressBookRoots2 +attributeId: 1.2.840.113556.1.4.2046 +attributeSyntax: 2.5.5.1 +linkID: 2122 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 508ca374-a511-4e4e-9f4f-856f61a6b7e4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Address-Entry-Display-Table +ldapDisplayName: addressEntryDisplayTable +attributeId: 1.2.840.113556.1.2.324 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 5fd42461-1262-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 32768 +mapiID: 32791 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Address-Entry-Display-Table-MSDOS +ldapDisplayName: addressEntryDisplayTableMSDOS +attributeId: 1.2.840.113556.1.2.400 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 5fd42462-1262-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 32768 +mapiID: 32839 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Address-Home +ldapDisplayName: homePostalAddress +attributeId: 1.2.840.113556.1.2.617 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 16775781-47f3-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 4096 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 14941 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Address-Syntax +ldapDisplayName: addressSyntax +attributeId: 1.2.840.113556.1.2.255 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 5fd42463-1262-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 4096 +mapiID: 32792 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Address-Type +ldapDisplayName: addressType +attributeId: 1.2.840.113556.1.2.350 +attributeSyntax: 2.5.5.4 +omSyntax: 20 +isSingleValued: TRUE +schemaIdGuid: 5fd42464-1262-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 32 +mapiID: 32840 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Admin-Context-Menu +ldapDisplayName: adminContextMenu +attributeId: 1.2.840.113556.1.4.614 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 553fd038-f32e-11d0-b0bc-00c04fd8dca6 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Admin-Count +ldapDisplayName: adminCount +attributeId: 1.2.840.113556.1.4.150 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967918-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Admin-Description +ldapDisplayName: adminDescription +attributeId: 1.2.840.113556.1.2.226 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967919-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 1024 +attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +mapiID: 32842 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Admin-Display-Name +ldapDisplayName: adminDisplayName +attributeId: 1.2.840.113556.1.2.194 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf96791a-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 256 +mapiID: 32843 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Admin-Multiselect-Property-Pages +ldapDisplayName: adminMultiselectPropertyPages +attributeId: 1.2.840.113556.1.4.1690 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 18f9b67d-5ac6-4b3b-97db-d0a406afb7ba +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Admin-Property-Pages +ldapDisplayName: adminPropertyPages +attributeId: 1.2.840.113556.1.4.562 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 52458038-ca6a-11d0-afff-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Allowed-Attributes +ldapDisplayName: allowedAttributes +attributeId: 1.2.840.113556.1.4.913 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: FALSE +schemaIdGuid: 9a7ad940-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +searchFlags: 0 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Allowed-Attributes-Effective +ldapDisplayName: allowedAttributesEffective +attributeId: 1.2.840.113556.1.4.914 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: FALSE +schemaIdGuid: 9a7ad941-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +searchFlags: 0 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Allowed-Child-Classes +ldapDisplayName: allowedChildClasses +attributeId: 1.2.840.113556.1.4.911 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: FALSE +schemaIdGuid: 9a7ad942-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +searchFlags: 0 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Allowed-Child-Classes-Effective +ldapDisplayName: allowedChildClassesEffective +attributeId: 1.2.840.113556.1.4.912 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: FALSE +schemaIdGuid: 9a7ad943-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +searchFlags: 0 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Alt-Security-Identities +ldapDisplayName: altSecurityIdentities +attributeId: 1.2.840.113556.1.4.867 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 00fbf30c-91fe-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: fATTINDEX +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ANR +ldapDisplayName: aNR +attributeId: 1.2.840.113556.1.4.1208 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 45b01500-c419-11d1-bbc9-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Application-Name +ldapDisplayName: applicationName +attributeId: 1.2.840.113556.1.4.218 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: dd712226-10e4-11d0-a05f-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 64 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Applies-To +ldapDisplayName: appliesTo +attributeId: 1.2.840.113556.1.4.341 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 8297931d-86d3-11d0-afda-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 36 +rangeUpper: 36 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: App-Schema-Version +ldapDisplayName: appSchemaVersion +attributeId: 1.2.840.113556.1.4.848 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 96a7dd65-9118-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Asset-Number +ldapDisplayName: assetNumber +attributeId: 1.2.840.113556.1.4.283 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: ba305f75-47e3-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Assistant +ldapDisplayName: assistant +attributeId: 1.2.840.113556.1.4.652 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 0296c11c-40da-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +searchFlags: fCOPY +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: associatedDomain +ldapDisplayName: associatedDomain +attributeId: 0.9.2342.19200300.100.1.37 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: 3320fc38-c379-4c17-a510-1bdf6133c5da +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 256 + +cn: associatedName +ldapDisplayName: associatedName +attributeId: 0.9.2342.19200300.100.1.38 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: f7fbfc45-85ab-42a4-a435-780e62f7858b +systemOnly: FALSE +searchFlags: 0 + +cn: Assoc-NT-Account +ldapDisplayName: assocNTAccount +attributeId: 1.2.840.113556.1.4.1213 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 398f63c0-ca60-11d1-bbd1-0000f81f10c0 +systemOnly: FALSE +searchFlags: 0 + +cn: attributeCertificateAttribute +ldapDisplayName: attributeCertificateAttribute +attributeId: 2.5.4.58 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: fa4693bb-7bc2-4cb9-81a8-c99c43b7905e +systemOnly: FALSE +searchFlags: 0 + +cn: Attribute-Display-Names +ldapDisplayName: attributeDisplayNames +attributeId: 1.2.840.113556.1.4.748 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: cb843f80-48d9-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Attribute-ID +ldapDisplayName: attributeID +attributeId: 1.2.840.113556.1.2.30 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: TRUE +schemaIdGuid: bf967922-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags:fPRESERVEONDELETE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Attribute-Security-GUID +ldapDisplayName: attributeSecurityGUID +attributeId: 1.2.840.113556.1.4.149 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf967924-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 16 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Attribute-Syntax +ldapDisplayName: attributeSyntax +attributeId: 1.2.840.113556.1.2.32 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: TRUE +schemaIdGuid: bf967925-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags:fPRESERVEONDELETE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Attribute-Types +ldapDisplayName: attributeTypes +attributeId: 2.5.21.5 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 9a7ad944-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: audio +ldapDisplayName: audio +attributeId: 0.9.2342.19200300.100.1.55 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: d0e1d224-e1a0-42ce-a2da-793ba5244f35 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 250000 +showInAdvancedViewOnly: FALSE + +cn: Auditing-Policy +ldapDisplayName: auditingPolicy +attributeId: 1.2.840.113556.1.4.202 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 6da8a4fe-0e52-11d0-a286-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Authentication-Options +ldapDisplayName: authenticationOptions +attributeId: 1.2.840.113556.1.4.11 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967928-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Authority-Revocation-List +ldapDisplayName: authorityRevocationList +attributeId: 2.5.4.38 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 1677578d-47f3-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 10485760 +mapiID: 32806 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Auxiliary-Class +ldapDisplayName: auxiliaryClass +attributeId: 1.2.840.113556.1.2.351 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: FALSE +schemaIdGuid: bf96792c-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Bad-Password-Time +ldapDisplayName: badPasswordTime +attributeId: 1.2.840.113556.1.4.49 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf96792d-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Bad-Pwd-Count +ldapDisplayName: badPwdCount +attributeId: 1.2.840.113556.1.4.12 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf96792e-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Birth-Location +ldapDisplayName: birthLocation +attributeId: 1.2.840.113556.1.4.332 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 1f0075f9-7e40-11d0-afd6-00c04fd930c9 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 32 +rangeUpper: 32 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: BootFile +ldapDisplayName: bootFile +attributeId: 1.3.6.1.1.1.1.24 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: e3f3cb4e-0f20-42eb-9703-d2ff26e52667 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 10240 + +cn: BootParameter +ldapDisplayName: bootParameter +attributeId: 1.3.6.1.1.1.1.23 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: d72a0750-8c7c-416e-8714-e65f11e908be +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 10240 + +cn: Bridgehead-Server-List-BL +ldapDisplayName: bridgeheadServerListBL +attributeId: 1.2.840.113556.1.4.820 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: d50c2cdb-8951-11d1-aebc-0000f80367c1 +systemOnly: TRUE +searchFlags: 0 +linkID: 99 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Bridgehead-Transport-List +ldapDisplayName: bridgeheadTransportList +attributeId: 1.2.840.113556.1.4.819 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: d50c2cda-8951-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +linkID: 98 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: buildingName +ldapDisplayName: buildingName +attributeId: 0.9.2342.19200300.100.1.48 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: f87fa54b-b2c5-4fd7-88c0-daccb21d93c5 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 256 + +cn: Builtin-Creation-Time +ldapDisplayName: builtinCreationTime +attributeId: 1.2.840.113556.1.4.13 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf96792f-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Builtin-Modified-Count +ldapDisplayName: builtinModifiedCount +attributeId: 1.2.840.113556.1.4.14 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf967930-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Business-Category +ldapDisplayName: businessCategory +attributeId: 2.5.4.15 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: bf967931-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 128 +mapiID: 32855 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Bytes-Per-Minute +ldapDisplayName: bytesPerMinute +attributeId: 1.2.840.113556.1.4.284 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: ba305f76-47e3-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: CA-Certificate +ldapDisplayName: cACertificate +attributeId: 2.5.4.37 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: bf967932-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 32768 +mapiID: 32771 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: CA-Certificate-DN +ldapDisplayName: cACertificateDN +attributeId: 1.2.840.113556.1.4.697 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 963d2740-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: CA-Connect +ldapDisplayName: cAConnect +attributeId: 1.2.840.113556.1.4.687 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 963d2735-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Canonical-Name +ldapDisplayName: canonicalName +attributeId: 1.2.840.113556.1.4.916 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 9a7ad945-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Can-Upgrade-Script +ldapDisplayName: canUpgradeScript +attributeId: 1.2.840.113556.1.4.815 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: d9e18314-8939-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: carLicense +ldapDisplayName: carLicense +attributeId: 2.16.840.1.113730.3.1.1 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: d4159c92-957d-4a87-8a67-8d2934e01649 +systemOnly: FALSE +searchFlags: 0 +showInAdvancedViewOnly: FALSE + +cn: Catalogs +ldapDisplayName: catalogs +attributeId: 1.2.840.113556.1.4.675 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 7bfdcb81-4807-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Categories +ldapDisplayName: categories +attributeId: 1.2.840.113556.1.4.672 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 7bfdcb7e-4807-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 36 +rangeUpper: 36 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Category-Id +ldapDisplayName: categoryId +attributeId: 1.2.840.113556.1.4.322 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 7d6c0e94-7e20-11d0-afd6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 16 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: CA-Usages +ldapDisplayName: cAUsages +attributeId: 1.2.840.113556.1.4.690 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 963d2738-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: CA-WEB-URL +ldapDisplayName: cAWEBURL +attributeId: 1.2.840.113556.1.4.688 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 963d2736-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Certificate-Authority-Object +ldapDisplayName: certificateAuthorityObject +attributeId: 1.2.840.113556.1.4.684 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 963d2732-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Certificate-Revocation-List +ldapDisplayName: certificateRevocationList +attributeId: 2.5.4.39 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 1677579f-47f3-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 10485760 +mapiID: 32790 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Certificate-Templates +ldapDisplayName: certificateTemplates +attributeId: 1.2.840.113556.1.4.823 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 2a39c5b1-8960-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Class-Display-Name +ldapDisplayName: classDisplayName +attributeId: 1.2.840.113556.1.4.610 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 548e1c22-dea6-11d0-b010-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Code-Page +ldapDisplayName: codePage +attributeId: 1.2.840.113556.1.4.16 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967938-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +rangeLower: 0 +rangeUpper: 65535 +attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: COM-ClassID +ldapDisplayName: cOMClassID +attributeId: 1.2.840.113556.1.4.19 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: bf96793b-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fATTINDEX +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: COM-CLSID +ldapDisplayName: cOMCLSID +attributeId: 1.2.840.113556.1.4.249 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 281416d9-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 36 +rangeUpper: 36 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: COM-InterfaceID +ldapDisplayName: cOMInterfaceID +attributeId: 1.2.840.113556.1.4.20 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: bf96793c-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 36 +rangeUpper: 36 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Comment +ldapDisplayName: info +attributeId: 1.2.840.113556.1.2.81 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf96793e-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 1024 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 12292 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Common-Name +ldapDisplayName: cn +attributeId: 2.5.4.3 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf96793f-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 14863 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: COM-Other-Prog-Id +ldapDisplayName: cOMOtherProgId +attributeId: 1.2.840.113556.1.4.253 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 281416dd-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Company +ldapDisplayName: company +attributeId: 1.2.840.113556.1.2.146 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: f0f8ff88-1191-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: fCOPY +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 14870 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: COM-ProgID +ldapDisplayName: cOMProgID +attributeId: 1.2.840.113556.1.4.21 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: bf96793d-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: COM-Treat-As-Class-Id +ldapDisplayName: cOMTreatAsClassId +attributeId: 1.2.840.113556.1.4.251 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 281416db-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 36 +rangeUpper: 36 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: COM-Typelib-Id +ldapDisplayName: cOMTypelibId +attributeId: 1.2.840.113556.1.4.254 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 281416de-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 36 +rangeUpper: 36 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: COM-Unique-LIBID +ldapDisplayName: cOMUniqueLIBID +attributeId: 1.2.840.113556.1.4.250 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 281416da-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 36 +rangeUpper: 36 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Content-Indexing-Allowed +ldapDisplayName: contentIndexingAllowed +attributeId: 1.2.840.113556.1.4.24 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: bf967943-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Context-Menu +ldapDisplayName: contextMenu +attributeId: 1.2.840.113556.1.4.499 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 4d8601ee-ac85-11d0-afe3-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Control-Access-Rights +ldapDisplayName: controlAccessRights +attributeId: 1.2.840.113556.1.4.200 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 6da8a4fc-0e52-11d0-a286-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 16 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Cost +ldapDisplayName: cost +attributeId: 1.2.840.113556.1.2.135 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967944-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +mapiID: 32872 +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Country-Code +ldapDisplayName: countryCode +attributeId: 1.2.840.113556.1.4.25 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 5fd42471-1262-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: fCOPY +rangeLower: 0 +rangeUpper: 65535 +attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Country-Name +ldapDisplayName: c +attributeId: 2.5.4.6 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967945-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +rangeLower: 1 +rangeUpper: 3 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 32873 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Create-Dialog +ldapDisplayName: createDialog +attributeId: 1.2.840.113556.1.4.810 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 2b09958a-8931-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Create-Time-Stamp +ldapDisplayName: createTimeStamp +attributeId: 2.5.18.1 +attributeSyntax: 2.5.5.11 +omSyntax: 24 +isSingleValued: TRUE +schemaIdGuid: 2df90d73-009f-11d2-aa4c-00c04fd7d83a +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Create-Wizard-Ext +ldapDisplayName: createWizardExt +attributeId: 1.2.840.113556.1.4.812 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 2b09958b-8931-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Creation-Time +ldapDisplayName: creationTime +attributeId: 1.2.840.113556.1.4.26 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf967946-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Creation-Wizard +ldapDisplayName: creationWizard +attributeId: 1.2.840.113556.1.4.498 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 4d8601ed-ac85-11d0-afe3-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Creator +ldapDisplayName: creator +attributeId: 1.2.840.113556.1.4.679 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 7bfdcb85-4807-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: CRL-Object +ldapDisplayName: cRLObject +attributeId: 1.2.840.113556.1.4.689 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 963d2737-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: CRL-Partitioned-Revocation-List +ldapDisplayName: cRLPartitionedRevocationList +attributeId: 1.2.840.113556.1.4.683 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 963d2731-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 10485760 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Cross-Certificate-Pair +ldapDisplayName: crossCertificatePair +attributeId: 2.5.4.40 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 167757b2-47f3-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 32768 +mapiID: 32805 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Current-Location +ldapDisplayName: currentLocation +attributeId: 1.2.840.113556.1.4.335 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 1f0075fc-7e40-11d0-afd6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 32 +rangeUpper: 32 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Current-Parent-CA +ldapDisplayName: currentParentCA +attributeId: 1.2.840.113556.1.4.696 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 963d273f-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Current-Value +ldapDisplayName: currentValue +attributeId: 1.2.840.113556.1.4.27 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf967947-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Curr-Machine-Id +ldapDisplayName: currMachineId +attributeId: 1.2.840.113556.1.4.337 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 1f0075fe-7e40-11d0-afd6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 16 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: DBCS-Pwd +ldapDisplayName: dBCSPwd +attributeId: 1.2.840.113556.1.4.55 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf96799c-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Default-Class-Store +ldapDisplayName: defaultClassStore +attributeId: 1.2.840.113556.1.4.213 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: bf967948-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Default-Group +ldapDisplayName: defaultGroup +attributeId: 1.2.840.113556.1.4.480 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 720bc4e2-a54a-11d0-afdf-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Default-Hiding-Value +ldapDisplayName: defaultHidingValue +attributeId: 1.2.840.113556.1.4.518 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: b7b13116-b82e-11d0-afee-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Default-Local-Policy-Object +ldapDisplayName: defaultLocalPolicyObject +attributeId: 1.2.840.113556.1.4.57 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: bf96799f-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Default-Object-Category +ldapDisplayName: defaultObjectCategory +attributeId: 1.2.840.113556.1.4.783 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 26d97367-6070-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Default-Priority +ldapDisplayName: defaultPriority +attributeId: 1.2.840.113556.1.4.232 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 281416c8-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Default-Security-Descriptor +ldapDisplayName: defaultSecurityDescriptor +attributeId: 1.2.840.113556.1.4.224 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 807a6d30-1669-11d0-a064-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Delta-Revocation-List +ldapDisplayName: deltaRevocationList +attributeId: 2.5.4.53 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 167757b5-47f3-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 10485760 +mapiID: 35910 + +cn: Department +ldapDisplayName: department +attributeId: 1.2.840.113556.1.2.141 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf96794f-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 14872 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: departmentNumber +ldapDisplayName: departmentNumber +attributeId: 2.16.840.1.113730.3.1.2 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: be9ef6ee-cbc7-4f22-b27b-96967e7ee585 +systemOnly: FALSE +searchFlags: 0 +showInAdvancedViewOnly: FALSE + +cn: Description +ldapDisplayName: description +attributeId: 2.5.4.13 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: bf967950-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 1024 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 32879 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Desktop-Profile +ldapDisplayName: desktopProfile +attributeId: 1.2.840.113556.1.4.346 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: eea65906-8ac6-11d0-afda-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Destination-Indicator +ldapDisplayName: destinationIndicator +attributeId: 2.5.4.27 +attributeSyntax: 2.5.5.5 +omSyntax: 19 +isSingleValued: FALSE +schemaIdGuid: bf967951-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 128 +mapiID: 32880 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: dhcp-Classes +ldapDisplayName: dhcpClasses +attributeId: 1.2.840.113556.1.4.715 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 963d2750-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: dhcp-Flags +ldapDisplayName: dhcpFlags +attributeId: 1.2.840.113556.1.4.700 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 963d2741-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: dhcp-Identification +ldapDisplayName: dhcpIdentification +attributeId: 1.2.840.113556.1.4.701 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 963d2742-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: dhcp-Mask +ldapDisplayName: dhcpMask +attributeId: 1.2.840.113556.1.4.706 +attributeSyntax: 2.5.5.5 +omSyntax: 19 +isSingleValued: FALSE +schemaIdGuid: 963d2747-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: dhcp-MaxKey +ldapDisplayName: dhcpMaxKey +attributeId: 1.2.840.113556.1.4.719 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 963d2754-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: dhcp-Obj-Description +ldapDisplayName: dhcpObjDescription +attributeId: 1.2.840.113556.1.4.703 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 963d2744-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: dhcp-Obj-Name +ldapDisplayName: dhcpObjName +attributeId: 1.2.840.113556.1.4.702 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 963d2743-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: dhcp-Options +ldapDisplayName: dhcpOptions +attributeId: 1.2.840.113556.1.4.714 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 963d274f-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: dhcp-Properties +ldapDisplayName: dhcpProperties +attributeId: 1.2.840.113556.1.4.718 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 963d2753-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: dhcp-Ranges +ldapDisplayName: dhcpRanges +attributeId: 1.2.840.113556.1.4.707 +attributeSyntax: 2.5.5.5 +omSyntax: 19 +isSingleValued: FALSE +schemaIdGuid: 963d2748-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: dhcp-Reservations +ldapDisplayName: dhcpReservations +attributeId: 1.2.840.113556.1.4.709 +attributeSyntax: 2.5.5.5 +omSyntax: 19 +isSingleValued: FALSE +schemaIdGuid: 963d274a-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: dhcp-Servers +ldapDisplayName: dhcpServers +attributeId: 1.2.840.113556.1.4.704 +attributeSyntax: 2.5.5.5 +omSyntax: 19 +isSingleValued: FALSE +schemaIdGuid: 963d2745-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +extendedCharsAllowed: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: dhcp-Sites +ldapDisplayName: dhcpSites +attributeId: 1.2.840.113556.1.4.708 +attributeSyntax: 2.5.5.5 +omSyntax: 19 +isSingleValued: FALSE +schemaIdGuid: 963d2749-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: dhcp-State +ldapDisplayName: dhcpState +attributeId: 1.2.840.113556.1.4.717 +attributeSyntax: 2.5.5.5 +omSyntax: 19 +isSingleValued: FALSE +schemaIdGuid: 963d2752-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: dhcp-Subnets +ldapDisplayName: dhcpSubnets +attributeId: 1.2.840.113556.1.4.705 +attributeSyntax: 2.5.5.5 +omSyntax: 19 +isSingleValued: FALSE +schemaIdGuid: 963d2746-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: dhcp-Type +ldapDisplayName: dhcpType +attributeId: 1.2.840.113556.1.4.699 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 963d273b-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: fATTINDEX +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: dhcp-Unique-Key +ldapDisplayName: dhcpUniqueKey +attributeId: 1.2.840.113556.1.4.698 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 963d273a-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: dhcp-Update-Time +ldapDisplayName: dhcpUpdateTime +attributeId: 1.2.840.113556.1.4.720 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 963d2755-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Display-Name +ldapDisplayName: displayName +attributeId: 1.2.840.113556.1.2.13 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967953-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fANR | fATTINDEX +rangeLower: 0 +rangeUpper: 256 +attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Display-Name-Printable +ldapDisplayName: displayNamePrintable +attributeId: 1.2.840.113556.1.2.353 +attributeSyntax: 2.5.5.5 +omSyntax: 19 +isSingleValued: TRUE +schemaIdGuid: bf967954-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 256 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 14847 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: DIT-Content-Rules +ldapDisplayName: dITContentRules +attributeId: 2.5.21.2 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 9a7ad946-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Division +ldapDisplayName: division +attributeId: 1.2.840.113556.1.4.261 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: fe6136a0-2073-11d0-a9c2-00aa006c33ed +systemOnly: FALSE +searchFlags: fCOPY +rangeLower: 0 +rangeUpper: 256 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: DMD-Location +ldapDisplayName: dMDLocation +attributeId: 1.2.840.113556.1.2.36 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: f0f8ff8b-1191-11d0-a060-00aa006c33ed +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: DMD-Name +ldapDisplayName: dmdName +attributeId: 1.2.840.113556.1.2.598 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 167757b9-47f3-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 1024 +mapiID: 35926 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: DN-Reference-Update +ldapDisplayName: dNReferenceUpdate +attributeId: 1.2.840.113556.1.4.1242 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 2df90d86-009f-11d2-aa4c-00c04fd7d83a +systemOnly: TRUE +searchFlags:fPRESERVEONDELETE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Dns-Allow-Dynamic +ldapDisplayName: dnsAllowDynamic +attributeId: 1.2.840.113556.1.4.378 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: e0fa1e65-9b45-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Dns-Allow-XFR +ldapDisplayName: dnsAllowXFR +attributeId: 1.2.840.113556.1.4.379 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: e0fa1e66-9b45-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: DNS-Host-Name +ldapDisplayName: dNSHostName +attributeId: 1.2.840.113556.1.4.619 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 72e39547-7b18-11d1-adef-00c04fd8d5cd +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 2048 +attributeSecurityGuid: 72e39547-7b18-11d1-adef-00c04fd8d5cd +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Dns-Notify-Secondaries +ldapDisplayName: dnsNotifySecondaries +attributeId: 1.2.840.113556.1.4.381 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: FALSE +schemaIdGuid: e0fa1e68-9b45-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: DNS-Property +ldapDisplayName: dNSProperty +attributeId: 1.2.840.113556.1.4.1306 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 675a15fe-3b70-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Dns-Record +ldapDisplayName: dnsRecord +attributeId: 1.2.840.113556.1.4.382 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: e0fa1e69-9b45-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Dns-Root +ldapDisplayName: dnsRoot +attributeId: 1.2.840.113556.1.4.28 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: bf967959-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 1 +rangeUpper: 255 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Dns-Secure-Secondaries +ldapDisplayName: dnsSecureSecondaries +attributeId: 1.2.840.113556.1.4.380 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: FALSE +schemaIdGuid: e0fa1e67-9b45-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: DNS-Tombstoned +ldapDisplayName: dNSTombstoned +attributeId: 1.2.840.113556.1.4.1414 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: d5eb2eb7-be4e-463b-a214-634a44d7392e +systemOnly: FALSE +searchFlags: fATTINDEX +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: documentAuthor +ldapDisplayName: documentAuthor +attributeId: 0.9.2342.19200300.100.1.14 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: f18a8e19-af5f-4478-b096-6f35c27eb83f +systemOnly: FALSE +searchFlags: 0 + +cn: documentIdentifier +ldapDisplayName: documentIdentifier +attributeId: 0.9.2342.19200300.100.1.11 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 0b21ce82-ff63-46d9-90fb-c8b9f24e97b9 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 256 + +cn: documentLocation +ldapDisplayName: documentLocation +attributeId: 0.9.2342.19200300.100.1.15 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: b958b14e-ac6d-4ec4-8892-be70b69f7281 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 256 + +cn: documentPublisher +ldapDisplayName: documentPublisher +attributeId: 0.9.2342.19200300.100.1.56 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 170f09d7-eb69-448a-9a30-f1afecfd32d7 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 256 + +cn: documentTitle +ldapDisplayName: documentTitle +attributeId: 0.9.2342.19200300.100.1.12 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: de265a9c-ff2c-47b9-91dc-6e6fe2c43062 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 256 + +cn: documentVersion +ldapDisplayName: documentVersion +attributeId: 0.9.2342.19200300.100.1.13 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 94b3a8a9-d613-4cec-9aad-5fbcc1046b43 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 256 + +cn: Domain-Certificate-Authorities +ldapDisplayName: domainCAs +attributeId: 1.2.840.113556.1.4.668 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 7bfdcb7a-4807-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Domain-Component +ldapDisplayName: dc +attributeId: 0.9.2342.19200300.100.1.25 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 19195a55-6da0-11d0-afd3-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 255 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Domain-Cross-Ref +ldapDisplayName: domainCrossRef +attributeId: 1.2.840.113556.1.4.472 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: b000ea7b-a086-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Domain-ID +ldapDisplayName: domainID +attributeId: 1.2.840.113556.1.4.686 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 963d2734-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Domain-Identifier +ldapDisplayName: domainIdentifier +attributeId: 1.2.840.113556.1.4.755 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 7f561278-5301-11d1-a9c5-0000f80367c1 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Domain-Policy-Object +ldapDisplayName: domainPolicyObject +attributeId: 1.2.840.113556.1.4.32 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: bf96795d-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Domain-Policy-Reference +ldapDisplayName: domainPolicyReference +attributeId: 1.2.840.113556.1.4.422 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 80a67e2a-9f22-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: a29b89fe-c7e8-11d0-9bae-00c04fd92ef5 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Domain-Replica +ldapDisplayName: domainReplica +attributeId: 1.2.840.113556.1.4.158 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf96795e-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 +attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Domain-Wide-Policy +ldapDisplayName: domainWidePolicy +attributeId: 1.2.840.113556.1.4.421 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 80a67e29-9f22-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: drink +ldapDisplayName: drink +attributeId: 0.9.2342.19200300.100.1.5 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 1a1aa5b5-262e-4df6-af04-2cf6b0d80048 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 256 + +cn: Driver-Name +ldapDisplayName: driverName +attributeId: 1.2.840.113556.1.4.229 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 281416c5-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Driver-Version +ldapDisplayName: driverVersion +attributeId: 1.2.840.113556.1.4.276 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: ba305f6e-47e3-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: DSA-Signature +ldapDisplayName: dSASignature +attributeId: 1.2.840.113556.1.2.74 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 167757bc-47f3-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +mapiID: 32887 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: DS-Core-Propagation-Data +ldapDisplayName: dSCorePropagationData +attributeId: 1.2.840.113556.1.4.1357 +attributeSyntax: 2.5.5.11 +omSyntax: 24 +isSingleValued: FALSE +schemaIdGuid: d167aa4b-8b08-11d2-9939-0000f87a57d4 +systemOnly: TRUE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: DS-Heuristics +ldapDisplayName: dSHeuristics +attributeId: 1.2.840.113556.1.2.212 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: f0f8ff86-1191-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: DS-UI-Admin-Maximum +ldapDisplayName: dSUIAdminMaximum +attributeId: 1.2.840.113556.1.4.1344 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: ee8d0ae0-6f91-11d2-9905-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: DS-UI-Admin-Notification +ldapDisplayName: dSUIAdminNotification +attributeId: 1.2.840.113556.1.4.1343 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: f6ea0a94-6f91-11d2-9905-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: DS-UI-Shell-Maximum +ldapDisplayName: dSUIShellMaximum +attributeId: 1.2.840.113556.1.4.1345 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: fcca766a-6f91-11d2-9905-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Dynamic-LDAP-Server +ldapDisplayName: dynamicLDAPServer +attributeId: 1.2.840.113556.1.4.537 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 52458021-ca6a-11d0-afff-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: EFSPolicy +ldapDisplayName: eFSPolicy +attributeId: 1.2.840.113556.1.4.268 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 8e4eb2ec-4712-11d0-a1a0-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: E-mail-Addresses +ldapDisplayName: mail +attributeId: 0.9.2342.19200300.100.1.3 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967961-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 0 +rangeUpper: 256 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 14846 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Employee-ID +ldapDisplayName: employeeID +attributeId: 1.2.840.113556.1.4.35 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967962-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Employee-Number +ldapDisplayName: employeeNumber +attributeId: 1.2.840.113556.1.2.610 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: a8df73ef-c5ea-11d1-bbcb-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 512 +mapiID: 35943 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Employee-Type +ldapDisplayName: employeeType +attributeId: 1.2.840.113556.1.2.613 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: a8df73f0-c5ea-11d1-bbcb-0080c76670c0 +systemOnly: FALSE +searchFlags: fCOPY +rangeLower: 1 +rangeUpper: 256 +mapiID: 35945 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Enabled +ldapDisplayName: Enabled +attributeId: 1.2.840.113556.1.2.557 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: a8df73f2-c5ea-11d1-bbcb-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +mapiID: 35873 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Enabled-Connection +ldapDisplayName: enabledConnection +attributeId: 1.2.840.113556.1.4.36 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: bf967963-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Enrollment-Providers +ldapDisplayName: enrollmentProviders +attributeId: 1.2.840.113556.1.4.825 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 2a39c5b3-8960-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Entry-TTL +ldapDisplayName: entryTTL +attributeId: 1.3.6.1.4.1.1466.101.119.3 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: d213decc-d81a-4384-aac2-dcfcfd631cf8 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 31557600 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED + +cn: Extended-Attribute-Info +ldapDisplayName: extendedAttributeInfo +attributeId: 1.2.840.113556.1.4.909 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 9a7ad947-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Extended-Chars-Allowed +ldapDisplayName: extendedCharsAllowed +attributeId: 1.2.840.113556.1.2.380 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: bf967966-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +mapiID: 32935 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Extended-Class-Info +ldapDisplayName: extendedClassInfo +attributeId: 1.2.840.113556.1.4.908 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 9a7ad948-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Extension-Name +ldapDisplayName: extensionName +attributeId: 1.2.840.113556.1.2.227 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: bf967972-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 255 +mapiID: 32937 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Extra-Columns +ldapDisplayName: extraColumns +attributeId: 1.2.840.113556.1.4.1687 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: d24e2846-1dd9-4bcf-99d7-a6227cc86da7 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Facsimile-Telephone-Number +ldapDisplayName: facsimileTelephoneNumber +attributeId: 2.5.4.23 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967974-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 14883 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: File-Ext-Priority +ldapDisplayName: fileExtPriority +attributeId: 1.2.840.113556.1.4.816 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: d9e18315-8939-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: fATTINDEX +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Flags +ldapDisplayName: flags +attributeId: 1.2.840.113556.1.4.38 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967976-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Flat-Name +ldapDisplayName: flatName +attributeId: 1.2.840.113556.1.4.511 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: b7b13117-b82e-11d0-afee-0000f80367c1 +systemOnly: FALSE +searchFlags: fATTINDEX +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Force-Logoff +ldapDisplayName: forceLogoff +attributeId: 1.2.840.113556.1.4.39 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf967977-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Foreign-Identifier +ldapDisplayName: foreignIdentifier +attributeId: 1.2.840.113556.1.4.356 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 3e97891e-8c01-11d0-afda-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Friendly-Names +ldapDisplayName: friendlyNames +attributeId: 1.2.840.113556.1.4.682 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 7bfdcb88-4807-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: From-Entry +ldapDisplayName: fromEntry +attributeId: 1.2.840.113556.1.4.910 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: FALSE +schemaIdGuid: 9a7ad949-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: From-Server +ldapDisplayName: fromServer +attributeId: 1.2.840.113556.1.4.40 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: bf967979-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fATTINDEX +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Frs-Computer-Reference +ldapDisplayName: frsComputerReference +attributeId: 1.2.840.113556.1.4.869 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 2a132578-9373-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +linkID: 102 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER + +cn: Frs-Computer-Reference-BL +ldapDisplayName: frsComputerReferenceBL +attributeId: 1.2.840.113556.1.4.870 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 2a132579-9373-11d1-aebc-0000f80367c1 +systemOnly: TRUE +searchFlags: 0 +linkID: 103 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: FRS-Control-Data-Creation +ldapDisplayName: fRSControlDataCreation +attributeId: 1.2.840.113556.1.4.871 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 2a13257a-9373-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Control-Inbound-Backlog +ldapDisplayName: fRSControlInboundBacklog +attributeId: 1.2.840.113556.1.4.872 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 2a13257b-9373-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Control-Outbound-Backlog +ldapDisplayName: fRSControlOutboundBacklog +attributeId: 1.2.840.113556.1.4.873 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 2a13257c-9373-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Directory-Filter +ldapDisplayName: fRSDirectoryFilter +attributeId: 1.2.840.113556.1.4.484 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 1be8f171-a9ff-11d0-afe2-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 2048 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-DS-Poll +ldapDisplayName: fRSDSPoll +attributeId: 1.2.840.113556.1.4.490 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 1be8f177-a9ff-11d0-afe2-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Extensions +ldapDisplayName: fRSExtensions +attributeId: 1.2.840.113556.1.4.536 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 52458020-ca6a-11d0-afff-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 65536 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Fault-Condition +ldapDisplayName: fRSFaultCondition +attributeId: 1.2.840.113556.1.4.491 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 1be8f178-a9ff-11d0-afe2-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-File-Filter +ldapDisplayName: fRSFileFilter +attributeId: 1.2.840.113556.1.4.483 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 1be8f170-a9ff-11d0-afe2-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 2048 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Flags +ldapDisplayName: fRSFlags +attributeId: 1.2.840.113556.1.4.874 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 2a13257d-9373-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Level-Limit +ldapDisplayName: fRSLevelLimit +attributeId: 1.2.840.113556.1.4.534 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 5245801e-ca6a-11d0-afff-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Member-Reference +ldapDisplayName: fRSMemberReference +attributeId: 1.2.840.113556.1.4.875 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 2a13257e-9373-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +linkID: 104 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER + +cn: FRS-Member-Reference-BL +ldapDisplayName: fRSMemberReferenceBL +attributeId: 1.2.840.113556.1.4.876 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 2a13257f-9373-11d1-aebc-0000f80367c1 +systemOnly: TRUE +searchFlags: 0 +linkID: 105 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: FRS-Partner-Auth-Level +ldapDisplayName: fRSPartnerAuthLevel +attributeId: 1.2.840.113556.1.4.877 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 2a132580-9373-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Primary-Member +ldapDisplayName: fRSPrimaryMember +attributeId: 1.2.840.113556.1.4.878 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 2a132581-9373-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +linkID: 106 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Replica-Set-GUID +ldapDisplayName: fRSReplicaSetGUID +attributeId: 1.2.840.113556.1.4.533 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 5245801a-ca6a-11d0-afff-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 16 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Replica-Set-Type +ldapDisplayName: fRSReplicaSetType +attributeId: 1.2.840.113556.1.4.31 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 26d9736b-6070-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Root-Path +ldapDisplayName: fRSRootPath +attributeId: 1.2.840.113556.1.4.487 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 1be8f174-a9ff-11d0-afe2-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 2048 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Root-Security +ldapDisplayName: fRSRootSecurity +attributeId: 1.2.840.113556.1.4.535 +attributeSyntax: 2.5.5.15 +omSyntax: 66 +isSingleValued: TRUE +schemaIdGuid: 5245801f-ca6a-11d0-afff-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 65535 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Service-Command +ldapDisplayName: fRSServiceCommand +attributeId: 1.2.840.113556.1.4.500 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: ddac0cee-af8f-11d0-afeb-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 512 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Service-Command-Status +ldapDisplayName: fRSServiceCommandStatus +attributeId: 1.2.840.113556.1.4.879 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 2a132582-9373-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 512 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Staging-Path +ldapDisplayName: fRSStagingPath +attributeId: 1.2.840.113556.1.4.488 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 1be8f175-a9ff-11d0-afe2-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 2048 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Time-Last-Command +ldapDisplayName: fRSTimeLastCommand +attributeId: 1.2.840.113556.1.4.880 +attributeSyntax: 2.5.5.11 +omSyntax: 23 +isSingleValued: TRUE +schemaIdGuid: 2a132583-9373-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Time-Last-Config-Change +ldapDisplayName: fRSTimeLastConfigChange +attributeId: 1.2.840.113556.1.4.881 +attributeSyntax: 2.5.5.11 +omSyntax: 23 +isSingleValued: TRUE +schemaIdGuid: 2a132584-9373-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Update-Timeout +ldapDisplayName: fRSUpdateTimeout +attributeId: 1.2.840.113556.1.4.485 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 1be8f172-a9ff-11d0-afe2-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Version +ldapDisplayName: fRSVersion +attributeId: 1.2.840.113556.1.4.882 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 2a132585-9373-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Version-GUID +ldapDisplayName: fRSVersionGUID +attributeId: 1.2.840.113556.1.4.43 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 26d9736c-6070-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 16 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FRS-Working-Path +ldapDisplayName: fRSWorkingPath +attributeId: 1.2.840.113556.1.4.486 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 1be8f173-a9ff-11d0-afe2-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 2048 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: FSMO-Role-Owner +ldapDisplayName: fSMORoleOwner +attributeId: 1.2.840.113556.1.4.369 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 66171887-8f3c-11d0-afda-00c04fd930c9 +systemOnly: FALSE +searchFlags: fATTINDEX +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Garbage-Coll-Period +ldapDisplayName: garbageCollPeriod +attributeId: 1.2.840.113556.1.2.301 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 5fd424a1-1262-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +mapiID: 32943 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Gecos +ldapDisplayName: gecos +attributeId: 1.3.6.1.1.1.1.2 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: TRUE +schemaIdGuid: a3e03f1f-1d55-4253-a0af-30c2a784e46e +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 10240 + +cn: Generated-Connection +ldapDisplayName: generatedConnection +attributeId: 1.2.840.113556.1.4.41 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: bf96797a-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Generation-Qualifier +ldapDisplayName: generationQualifier +attributeId: 2.5.4.44 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 16775804-47f3-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 64 +mapiID: 35923 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: GidNumber +ldapDisplayName: gidNumber +attributeId: 1.3.6.1.1.1.1.1 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: c5b95f0c-ec9e-41c4-849c-b46597ed6696 +systemOnly: FALSE +searchFlags: fATTINDEX + +cn: Given-Name +ldapDisplayName: givenName +attributeId: 2.5.4.42 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: f0f8ff8e-1191-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: fANR | fATTINDEX +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 14854 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Global-Address-List +ldapDisplayName: globalAddressList +attributeId: 1.2.840.113556.1.4.1245 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: f754c748-06f4-11d2-aa53-00c04fd7d83a +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Global-Address-List2 +ldapDisplayName: globalAddressList2 +attributeId: 1.2.840.113556.1.4.2047 +attributeSyntax: 2.5.5.1 +linkID: 2124 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 4898f63d-4112-477c-8826-3ca00bd8277d +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Governs-ID +ldapDisplayName: governsID +attributeId: 1.2.840.113556.1.2.22 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: TRUE +schemaIdGuid: bf96797d-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags:fPRESERVEONDELETE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: GPC-File-Sys-Path +ldapDisplayName: gPCFileSysPath +attributeId: 1.2.840.113556.1.4.894 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: f30e3bc1-9ff0-11d1-b603-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: GPC-Functionality-Version +ldapDisplayName: gPCFunctionalityVersion +attributeId: 1.2.840.113556.1.4.893 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: f30e3bc0-9ff0-11d1-b603-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: GPC-Machine-Extension-Names +ldapDisplayName: gPCMachineExtensionNames +attributeId: 1.2.840.113556.1.4.1348 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 32ff8ecc-783f-11d2-9916-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: GPC-User-Extension-Names +ldapDisplayName: gPCUserExtensionNames +attributeId: 1.2.840.113556.1.4.1349 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 42a75fc6-783f-11d2-9916-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: GPC-WQL-Filter +ldapDisplayName: gPCWQLFilter +attributeId: 1.2.840.113556.1.4.1694 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 7bd4c7a6-1add-4436-8c04-3999a880154c +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: GP-Link +ldapDisplayName: gPLink +attributeId: 1.2.840.113556.1.4.891 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: f30e3bbe-9ff0-11d1-b603-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: GP-Options +ldapDisplayName: gPOptions +attributeId: 1.2.840.113556.1.4.892 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: f30e3bbf-9ff0-11d1-b603-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Group-Attributes +ldapDisplayName: groupAttributes +attributeId: 1.2.840.113556.1.4.152 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf96797e-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fATTINDEX +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Group-Membership-SAM +ldapDisplayName: groupMembershipSAM +attributeId: 1.2.840.113556.1.4.166 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf967980-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Group-Priority +ldapDisplayName: groupPriority +attributeId: 1.2.840.113556.1.4.345 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: eea65905-8ac6-11d0-afda-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Groups-to-Ignore +ldapDisplayName: groupsToIgnore +attributeId: 1.2.840.113556.1.4.344 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: eea65904-8ac6-11d0-afda-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Group-Type +ldapDisplayName: groupType +attributeId: 1.2.840.113556.1.4.750 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 9a9a021e-4a5b-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags:fPRESERVEONDELETE | fATTINDEX +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Has-Master-NCs +ldapDisplayName: hasMasterNCs +attributeId: 1.2.840.113556.1.2.14 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: bf967982-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +linkID: 76 +mapiID: 32950 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Has-Partial-Replica-NCs +ldapDisplayName: hasPartialReplicaNCs +attributeId: 1.2.840.113556.1.2.15 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: bf967981-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +linkID: 74 +mapiID: 32949 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Help-Data16 +ldapDisplayName: helpData16 +attributeId: 1.2.840.113556.1.2.402 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 5fd424a7-1262-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 32768 +mapiID: 32826 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Help-Data32 +ldapDisplayName: helpData32 +attributeId: 1.2.840.113556.1.2.9 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 5fd424a8-1262-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 32768 +mapiID: 32784 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Help-File-Name +ldapDisplayName: helpFileName +attributeId: 1.2.840.113556.1.2.327 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 5fd424a9-1262-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 13 +mapiID: 32827 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Hide-From-AB +ldapDisplayName: hideFromAB +attributeId: 1.2.840.113556.1.4.1780 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: ec05b750-a977-4efe-8e8d-ba6c1a6e33a8 +systemOnly: FALSE +searchFlags: 0 + +cn: Home-Directory +ldapDisplayName: homeDirectory +attributeId: 1.2.840.113556.1.4.44 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967985-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Home-Drive +ldapDisplayName: homeDrive +attributeId: 1.2.840.113556.1.4.45 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967986-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: host +ldapDisplayName: host +attributeId: 0.9.2342.19200300.100.1.9 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 6043df71-fa48-46cf-ab7c-cbd54644b22d +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 256 + +cn: houseIdentifier +ldapDisplayName: houseIdentifier +attributeId: 2.5.4.51 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: a45398b7-c44a-4eb6-82d3-13c10946dbfe +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 32768 + +cn: Icon-Path +ldapDisplayName: iconPath +attributeId: 1.2.840.113556.1.4.219 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: f0f8ff83-1191-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 2048 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Implemented-Categories +ldapDisplayName: implementedCategories +attributeId: 1.2.840.113556.1.4.320 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 7d6c0e92-7e20-11d0-afd6-00c04fd930c9 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 16 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: IndexedScopes +ldapDisplayName: indexedScopes +attributeId: 1.2.840.113556.1.4.681 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 7bfdcb87-4807-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Initial-Auth-Incoming +ldapDisplayName: initialAuthIncoming +attributeId: 1.2.840.113556.1.4.539 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 52458023-ca6a-11d0-afff-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Initial-Auth-Outgoing +ldapDisplayName: initialAuthOutgoing +attributeId: 1.2.840.113556.1.4.540 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 52458024-ca6a-11d0-afff-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Initials +ldapDisplayName: initials +attributeId: 2.5.4.43 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: f0f8ff90-1191-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 6 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 14858 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Install-Ui-Level +ldapDisplayName: installUiLevel +attributeId: 1.2.840.113556.1.4.847 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 96a7dd64-9118-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Instance-Type +ldapDisplayName: instanceType +attributeId: 1.2.840.113556.1.2.1 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf96798c-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags:fPRESERVEONDELETE +mapiID: 32957 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: International-ISDN-Number +ldapDisplayName: internationalISDNNumber +attributeId: 2.5.4.25 +attributeSyntax: 2.5.5.6 +omSyntax: 18 +isSingleValued: FALSE +schemaIdGuid: bf96798d-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 16 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 32958 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Inter-Site-Topology-Failover +ldapDisplayName: interSiteTopologyFailover +attributeId: 1.2.840.113556.1.4.1248 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: b7c69e60-2cc7-11d2-854e-00a0c983f608 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Inter-Site-Topology-Generator +ldapDisplayName: interSiteTopologyGenerator +attributeId: 1.2.840.113556.1.4.1246 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: b7c69e5e-2cc7-11d2-854e-00a0c983f608 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Inter-Site-Topology-Renew +ldapDisplayName: interSiteTopologyRenew +attributeId: 1.2.840.113556.1.4.1247 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: b7c69e5f-2cc7-11d2-854e-00a0c983f608 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Invocation-Id +ldapDisplayName: invocationId +attributeId: 1.2.840.113556.1.2.115 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf96798e-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: fATTINDEX +mapiID: 32959 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: IpHostNumber +ldapDisplayName: ipHostNumber +attributeId: 1.3.6.1.1.1.1.19 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: de8bb721-85dc-4fde-b687-9657688e667e +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 128 + +cn: IpNetmaskNumber +ldapDisplayName: ipNetmaskNumber +attributeId: 1.3.6.1.1.1.1.21 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: TRUE +schemaIdGuid: 6ff64fcd-462e-4f62-b44a-9a5347659eb9 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 128 + +cn: IpNetworkNumber +ldapDisplayName: ipNetworkNumber +attributeId: 1.3.6.1.1.1.1.20 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: TRUE +schemaIdGuid: 4e3854f4-3087-42a4-a813-bb0c528958d3 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 128 + +cn: IpProtocolNumber +ldapDisplayName: ipProtocolNumber +attributeId: 1.3.6.1.1.1.1.17 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: ebf5c6eb-0e2d-4415-9670-1081993b4211 +systemOnly: FALSE +searchFlags: 0 + +cn: Ipsec-Data +ldapDisplayName: ipsecData +attributeId: 1.2.840.113556.1.4.623 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: b40ff81f-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Ipsec-Data-Type +ldapDisplayName: ipsecDataType +attributeId: 1.2.840.113556.1.4.622 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: b40ff81e-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Ipsec-Filter-Reference +ldapDisplayName: ipsecFilterReference +attributeId: 1.2.840.113556.1.4.629 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: b40ff823-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Ipsec-ID +ldapDisplayName: ipsecID +attributeId: 1.2.840.113556.1.4.621 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: b40ff81d-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Ipsec-ISAKMP-Reference +ldapDisplayName: ipsecISAKMPReference +attributeId: 1.2.840.113556.1.4.626 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: b40ff820-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Ipsec-Name +ldapDisplayName: ipsecName +attributeId: 1.2.840.113556.1.4.620 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: b40ff81c-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: IPSEC-Negotiation-Policy-Action +ldapDisplayName: iPSECNegotiationPolicyAction +attributeId: 1.2.840.113556.1.4.888 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 07383075-91df-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Ipsec-Negotiation-Policy-Reference +ldapDisplayName: ipsecNegotiationPolicyReference +attributeId: 1.2.840.113556.1.4.628 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: b40ff822-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: IPSEC-Negotiation-Policy-Type +ldapDisplayName: iPSECNegotiationPolicyType +attributeId: 1.2.840.113556.1.4.887 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 07383074-91df-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Ipsec-NFA-Reference +ldapDisplayName: ipsecNFAReference +attributeId: 1.2.840.113556.1.4.627 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: b40ff821-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Ipsec-Owners-Reference +ldapDisplayName: ipsecOwnersReference +attributeId: 1.2.840.113556.1.4.624 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: b40ff824-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Ipsec-Policy-Reference +ldapDisplayName: ipsecPolicyReference +attributeId: 1.2.840.113556.1.4.517 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: b7b13118-b82e-11d0-afee-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: IpServicePort +ldapDisplayName: ipServicePort +attributeId: 1.3.6.1.1.1.1.15 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: ff2daebf-f463-495a-8405-3e483641eaa2 +systemOnly: FALSE +searchFlags: 0 + +cn: IpServiceProtocol +ldapDisplayName: ipServiceProtocol +attributeId: 1.3.6.1.1.1.1.16 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: cd96ec0b-1ed6-43b4-b26b-f170b645883f +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 1024 + +cn: Is-Critical-System-Object +ldapDisplayName: isCriticalSystemObject +attributeId: 1.2.840.113556.1.4.868 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 00fbf30d-91fe-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Is-Defunct +ldapDisplayName: isDefunct +attributeId: 1.2.840.113556.1.4.661 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 28630ebe-41d5-11d1-a9c1-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Is-Deleted +ldapDisplayName: isDeleted +attributeId: 1.2.840.113556.1.2.48 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: bf96798f-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +mapiID: 32960 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Is-Ephemeral +ldapDisplayName: isEphemeral +attributeId: 1.2.840.113556.1.4.1212 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: f4c453f0-c5f1-11d1-bbcb-0080c76670c0 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Is-Member-Of-DL +ldapDisplayName: memberOf +attributeId: 1.2.840.113556.1.2.102 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: bf967991-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: fCOPY +attributeSecurityGuid: bc0ac240-79a9-11d0-9020-00c04fc2d4cf +linkID: 3 +mapiID: 32776 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Is-Member-Of-Partial-Attribute-Set +ldapDisplayName: isMemberOfPartialAttributeSet +attributeId: 1.2.840.113556.1.4.639 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 19405b9d-3cfa-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Is-Privilege-Holder +ldapDisplayName: isPrivilegeHolder +attributeId: 1.2.840.113556.1.4.638 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 19405b9c-3cfa-11d1-a9c0-0000f80367c1 +systemOnly: TRUE +searchFlags: 0 +linkID: 71 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: Is-Recycled +ldapDisplayName: isRecycled +attributeId: 1.2.840.113556.1.4.2058 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 8fb59256-55f1-444b-aacb-f5b482fe3459 +systemOnly: TRUE +searchFlags: fPRESERVEONDELETE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Is-Single-Valued +ldapDisplayName: isSingleValued +attributeId: 1.2.840.113556.1.2.33 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: bf967992-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +mapiID: 32961 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: jpegPhoto +ldapDisplayName: jpegPhoto +attributeId: 0.9.2342.19200300.100.1.60 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: bac80572-09c4-4fa9-9ae6-7628d7adbe0e +systemOnly: FALSE +searchFlags: 0 +showInAdvancedViewOnly: FALSE + +cn: Keywords +ldapDisplayName: keywords +attributeId: 1.2.840.113556.1.4.48 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: bf967993-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 1 +rangeUpper: 256 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Knowledge-Information +ldapDisplayName: knowledgeInformation +attributeId: 2.5.4.2 +attributeSyntax: 2.5.5.4 +omSyntax: 20 +isSingleValued: FALSE +schemaIdGuid: 1677581f-47f3-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +mapiID: 32963 + +cn: labeledURI +ldapDisplayName: labeledURI +attributeId: 1.3.6.1.4.1.250.1.57 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: c569bb46-c680-44bc-a273-e6c227d71b45 +systemOnly: FALSE +searchFlags: 0 +showInAdvancedViewOnly: FALSE + +cn: Last-Backup-Restoration-Time +ldapDisplayName: lastBackupRestorationTime +attributeId: 1.2.840.113556.1.4.519 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 1fbb0be8-ba63-11d0-afef-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Last-Content-Indexed +ldapDisplayName: lastContentIndexed +attributeId: 1.2.840.113556.1.4.50 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf967995-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Last-Known-Parent +ldapDisplayName: lastKnownParent +attributeId: 1.2.840.113556.1.4.781 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 52ab8670-5709-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Last-Logoff +ldapDisplayName: lastLogoff +attributeId: 1.2.840.113556.1.4.51 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf967996-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Last-Logon +ldapDisplayName: lastLogon +attributeId: 1.2.840.113556.1.4.52 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf967997-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Last-Logon-Timestamp +ldapDisplayName: lastLogonTimestamp +attributeId: 1.2.840.113556.1.4.1696 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: c0e20a04-0e5a-4ff3-9482-5efeaecd7060 +systemOnly: FALSE +searchFlags: fATTINDEX +attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Last-Set-Time +ldapDisplayName: lastSetTime +attributeId: 1.2.840.113556.1.4.53 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf967998-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Last-Update-Sequence +ldapDisplayName: lastUpdateSequence +attributeId: 1.2.840.113556.1.4.330 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 7d6c0e9c-7e20-11d0-afd6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: LDAP-Admin-Limits +ldapDisplayName: lDAPAdminLimits +attributeId: 1.2.840.113556.1.4.843 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 7359a352-90f7-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: LDAP-Display-Name +ldapDisplayName: lDAPDisplayName +attributeId: 1.2.840.113556.1.2.460 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf96799a-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags:fPRESERVEONDELETE | fATTINDEX +rangeLower: 1 +rangeUpper: 256 +mapiID: 33137 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: LDAP-IPDeny-List +ldapDisplayName: lDAPIPDenyList +attributeId: 1.2.840.113556.1.4.844 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 7359a353-90f7-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Legacy-Exchange-DN +ldapDisplayName: legacyExchangeDN +attributeId: 1.2.840.113556.1.4.655 +attributeSyntax: 2.5.5.4 +omSyntax: 20 +isSingleValued: TRUE +schemaIdGuid: 28630ebc-41d5-11d1-a9c1-0000f80367c1 +systemOnly: FALSE +searchFlags:fPRESERVEONDELETE| fANR | fATTINDEX +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Link-ID +ldapDisplayName: linkID +attributeId: 1.2.840.113556.1.2.50 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf96799b-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +mapiID: 32965 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Link-Track-Secret +ldapDisplayName: linkTrackSecret +attributeId: 1.2.840.113556.1.4.269 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 2ae80fe2-47b4-11d0-a1a4-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Lm-Pwd-History +ldapDisplayName: lmPwdHistory +attributeId: 1.2.840.113556.1.4.160 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: bf96799d-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Locale-ID +ldapDisplayName: localeID +attributeId: 1.2.840.113556.1.4.58 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: FALSE +schemaIdGuid: bf9679a1-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Locality-Name +ldapDisplayName: l +attributeId: 2.5.4.7 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf9679a2-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY | fATTINDEX +rangeLower: 1 +rangeUpper: 128 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 14887 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Localization-Display-Id +ldapDisplayName: localizationDisplayId +attributeId: 1.2.840.113556.1.4.1353 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: a746f0d1-78d0-11d2-9916-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Localized-Description +ldapDisplayName: localizedDescription +attributeId: 1.2.840.113556.1.4.817 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: d9e18316-8939-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Local-Policy-Flags +ldapDisplayName: localPolicyFlags +attributeId: 1.2.840.113556.1.4.56 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf96799e-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Local-Policy-Reference +ldapDisplayName: localPolicyReference +attributeId: 1.2.840.113556.1.4.457 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 80a67e4d-9f22-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: a29b8a01-c7e8-11d0-9bae-00c04fd92ef5 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Location +ldapDisplayName: location +attributeId: 1.2.840.113556.1.4.222 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 09dcb79f-165f-11d0-a064-00aa006c33ed +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 0 +rangeUpper: 1024 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Lockout-Duration +ldapDisplayName: lockoutDuration +attributeId: 1.2.840.113556.1.4.60 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf9679a5-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Lock-Out-Observation-Window +ldapDisplayName: lockOutObservationWindow +attributeId: 1.2.840.113556.1.4.61 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf9679a4-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Lockout-Threshold +ldapDisplayName: lockoutThreshold +attributeId: 1.2.840.113556.1.4.73 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf9679a6-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 65535 +attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Lockout-Time +ldapDisplayName: lockoutTime +attributeId: 1.2.840.113556.1.4.662 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 28630ebf-41d5-11d1-a9c1-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: LoginShell +ldapDisplayName: loginShell +attributeId: 1.3.6.1.1.1.1.4 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: TRUE +schemaIdGuid: a553d12c-3231-4c5e-8adf-8d189697721e +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 1024 + +cn: Logo +ldapDisplayName: thumbnailLogo +attributeId: 2.16.840.1.113730.3.1.36 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf9679a9-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 32767 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Logon-Count +ldapDisplayName: logonCount +attributeId: 1.2.840.113556.1.4.169 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf9679aa-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Logon-Hours +ldapDisplayName: logonHours +attributeId: 1.2.840.113556.1.4.64 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf9679ab-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Logon-Workstation +ldapDisplayName: logonWorkstation +attributeId: 1.2.840.113556.1.4.65 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf9679ac-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: LSA-Creation-Time +ldapDisplayName: lSACreationTime +attributeId: 1.2.840.113556.1.4.66 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf9679ad-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: LSA-Modified-Count +ldapDisplayName: lSAModifiedCount +attributeId: 1.2.840.113556.1.4.67 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf9679ae-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MacAddress +ldapDisplayName: macAddress +attributeId: 1.3.6.1.1.1.1.22 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: e6a522dd-9770-43e1-89de-1de5044328f7 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 128 + +cn: Machine-Architecture +ldapDisplayName: machineArchitecture +attributeId: 1.2.840.113556.1.4.68 +attributeSyntax: 2.5.5.9 +omSyntax: 10 +isSingleValued: FALSE +schemaIdGuid: bf9679af-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Machine-Password-Change-Interval +ldapDisplayName: machinePasswordChangeInterval +attributeId: 1.2.840.113556.1.4.520 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: c9b6358e-bb38-11d0-afef-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: a29b89fe-c7e8-11d0-9bae-00c04fd92ef5 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Machine-Role +ldapDisplayName: machineRole +attributeId: 1.2.840.113556.1.4.71 +attributeSyntax: 2.5.5.9 +omSyntax: 10 +isSingleValued: TRUE +schemaIdGuid: bf9679b2-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Machine-Wide-Policy +ldapDisplayName: machineWidePolicy +attributeId: 1.2.840.113556.1.4.459 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 80a67e4f-9f22-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: a29b8a01-c7e8-11d0-9bae-00c04fd92ef5 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Managed-By +ldapDisplayName: managedBy +attributeId: 1.2.840.113556.1.4.653 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 0296c120-40da-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +linkID: 72 +mapiID: 32780 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Managed-Objects +ldapDisplayName: managedObjects +attributeId: 1.2.840.113556.1.4.654 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 0296c124-40da-11d1-a9c0-0000f80367c1 +systemOnly: TRUE +searchFlags: 0 +linkID: 73 +mapiID: 32804 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: Manager +ldapDisplayName: manager +attributeId: 0.9.2342.19200300.100.1.10 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: bf9679b5-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +linkID: 42 +mapiID: 32773 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MAPI-ID +ldapDisplayName: mAPIID +attributeId: 1.2.840.113556.1.2.49 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf9679b7-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +mapiID: 32974 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Marshalled-Interface +ldapDisplayName: marshalledInterface +attributeId: 1.2.840.113556.1.4.72 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: bf9679b9-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Mastered-By +ldapDisplayName: masteredBy +attributeId: 1.2.840.113556.1.4.1409 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: e48e64e0-12c9-11d3-9102-00c04fd91ab1 +systemOnly: TRUE +searchFlags: 0 +linkID: 77 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Max-Pwd-Age +ldapDisplayName: maxPwdAge +attributeId: 1.2.840.113556.1.4.74 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf9679bb-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Max-Renew-Age +ldapDisplayName: maxRenewAge +attributeId: 1.2.840.113556.1.4.75 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf9679bc-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Max-Storage +ldapDisplayName: maxStorage +attributeId: 1.2.840.113556.1.4.76 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf9679bd-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Max-Ticket-Age +ldapDisplayName: maxTicketAge +attributeId: 1.2.840.113556.1.4.77 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf9679be-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: May-Contain +ldapDisplayName: mayContain +attributeId: 1.2.840.113556.1.2.25 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: FALSE +schemaIdGuid: bf9679bf-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: meetingAdvertiseScope +ldapDisplayName: meetingAdvertiseScope +attributeId: 1.2.840.113556.1.4.582 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 11b6cc8b-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingApplication +ldapDisplayName: meetingApplication +attributeId: 1.2.840.113556.1.4.573 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 11b6cc83-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingBandwidth +ldapDisplayName: meetingBandwidth +attributeId: 1.2.840.113556.1.4.589 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: FALSE +schemaIdGuid: 11b6cc92-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingBlob +ldapDisplayName: meetingBlob +attributeId: 1.2.840.113556.1.4.590 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 11b6cc93-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingContactInfo +ldapDisplayName: meetingContactInfo +attributeId: 1.2.840.113556.1.4.578 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 11b6cc87-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingDescription +ldapDisplayName: meetingDescription +attributeId: 1.2.840.113556.1.4.567 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 11b6cc7e-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingEndTime +ldapDisplayName: meetingEndTime +attributeId: 1.2.840.113556.1.4.588 +attributeSyntax: 2.5.5.11 +omSyntax: 23 +isSingleValued: FALSE +schemaIdGuid: 11b6cc91-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingID +ldapDisplayName: meetingID +attributeId: 1.2.840.113556.1.4.565 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 11b6cc7c-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingIP +ldapDisplayName: meetingIP +attributeId: 1.2.840.113556.1.4.580 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 11b6cc89-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingIsEncrypted +ldapDisplayName: meetingIsEncrypted +attributeId: 1.2.840.113556.1.4.585 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 11b6cc8e-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingKeyword +ldapDisplayName: meetingKeyword +attributeId: 1.2.840.113556.1.4.568 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 11b6cc7f-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingLanguage +ldapDisplayName: meetingLanguage +attributeId: 1.2.840.113556.1.4.574 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 11b6cc84-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingLocation +ldapDisplayName: meetingLocation +attributeId: 1.2.840.113556.1.4.569 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 11b6cc80-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingMaxParticipants +ldapDisplayName: meetingMaxParticipants +attributeId: 1.2.840.113556.1.4.576 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 11b6cc85-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingName +ldapDisplayName: meetingName +attributeId: 1.2.840.113556.1.4.566 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 11b6cc7d-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingOriginator +ldapDisplayName: meetingOriginator +attributeId: 1.2.840.113556.1.4.577 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 11b6cc86-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingOwner +ldapDisplayName: meetingOwner +attributeId: 1.2.840.113556.1.4.579 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 11b6cc88-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingProtocol +ldapDisplayName: meetingProtocol +attributeId: 1.2.840.113556.1.4.570 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 11b6cc81-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingRating +ldapDisplayName: meetingRating +attributeId: 1.2.840.113556.1.4.584 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 11b6cc8d-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingRecurrence +ldapDisplayName: meetingRecurrence +attributeId: 1.2.840.113556.1.4.586 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 11b6cc8f-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingScope +ldapDisplayName: meetingScope +attributeId: 1.2.840.113556.1.4.581 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 11b6cc8a-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingStartTime +ldapDisplayName: meetingStartTime +attributeId: 1.2.840.113556.1.4.587 +attributeSyntax: 2.5.5.11 +omSyntax: 23 +isSingleValued: FALSE +schemaIdGuid: 11b6cc90-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingType +ldapDisplayName: meetingType +attributeId: 1.2.840.113556.1.4.571 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 11b6cc82-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: meetingURL +ldapDisplayName: meetingURL +attributeId: 1.2.840.113556.1.4.583 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 11b6cc8c-48c4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Member +ldapDisplayName: member +attributeId: 2.5.4.31 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: bf9679c0-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: bc0ac240-79a9-11d0-9020-00c04fc2d4cf +linkID: 2 +mapiID: 32777 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: MemberNisNetgroup +ldapDisplayName: memberNisNetgroup +attributeId: 1.3.6.1.1.1.1.13 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: 0f6a17dc-53e5-4be8-9442-8f3ce2f9012a +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 153600 + +cn: MemberUid +ldapDisplayName: memberUid +attributeId: 1.3.6.1.1.1.1.12 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: 03dab236-672e-4f61-ab64-f77d2dc2ffab +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 256000 + +cn: MHS-OR-Address +ldapDisplayName: mhsORAddress +attributeId: 1.2.840.113556.1.4.650 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 0296c122-40da-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Min-Pwd-Age +ldapDisplayName: minPwdAge +attributeId: 1.2.840.113556.1.4.78 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf9679c2-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Min-Pwd-Length +ldapDisplayName: minPwdLength +attributeId: 1.2.840.113556.1.4.79 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf9679c3-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Min-Ticket-Age +ldapDisplayName: minTicketAge +attributeId: 1.2.840.113556.1.4.80 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf9679c4-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Modified-Count +ldapDisplayName: modifiedCount +attributeId: 1.2.840.113556.1.4.168 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf9679c5-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Modified-Count-At-Last-Prom +ldapDisplayName: modifiedCountAtLastProm +attributeId: 1.2.840.113556.1.4.81 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf9679c6-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Modify-Time-Stamp +ldapDisplayName: modifyTimeStamp +attributeId: 2.5.18.2 +attributeSyntax: 2.5.5.11 +omSyntax: 24 +isSingleValued: TRUE +schemaIdGuid: 9a7ad94a-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Moniker +ldapDisplayName: moniker +attributeId: 1.2.840.113556.1.4.82 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: bf9679c7-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Moniker-Display-Name +ldapDisplayName: monikerDisplayName +attributeId: 1.2.840.113556.1.4.83 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: bf9679c8-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Move-Tree-State +ldapDisplayName: moveTreeState +attributeId: 1.2.840.113556.1.4.1305 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 1f2ac2c8-3b71-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-COM-DefaultPartitionLink +ldapDisplayName: msCOM-DefaultPartitionLink +attributeId: 1.2.840.113556.1.4.1427 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 998b10f7-aa1a-4364-b867-753d197fe670 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-COM-ObjectId +ldapDisplayName: msCOM-ObjectId +attributeId: 1.2.840.113556.1.4.1428 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 430f678b-889f-41f2-9843-203b5a65572f +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-COM-PartitionLink +ldapDisplayName: msCOM-PartitionLink +attributeId: 1.2.840.113556.1.4.1423 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 09abac62-043f-4702-ac2b-6ca15eee5754 +systemOnly: FALSE +searchFlags: 0 +linkID: 1040 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-COM-PartitionSetLink +ldapDisplayName: msCOM-PartitionSetLink +attributeId: 1.2.840.113556.1.4.1424 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 67f121dc-7d02-4c7d-82f5-9ad4c950ac34 +systemOnly: TRUE +searchFlags: 0 +linkID: 1041 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: ms-COM-UserLink +ldapDisplayName: msCOM-UserLink +attributeId: 1.2.840.113556.1.4.1425 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 9e6f3a4d-242c-4f37-b068-36b57f9fc852 +systemOnly: TRUE +searchFlags: 0 +linkID: 1049 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: ms-COM-UserPartitionSetLink +ldapDisplayName: msCOM-UserPartitionSetLink +attributeId: 1.2.840.113556.1.4.1426 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 8e940c8a-e477-4367-b08d-ff2ff942dcd7 +systemOnly: FALSE +searchFlags: 0 +linkID: 1048 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Mscope-Id +ldapDisplayName: mscopeId +attributeId: 1.2.840.113556.1.4.716 +attributeSyntax: 2.5.5.5 +omSyntax: 19 +isSingleValued: TRUE +schemaIdGuid: 963d2751-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DFS-Comment-v2 +ldapDisplayName: msDFS-Commentv2 +attributeId: 1.2.840.113556.1.4.2036 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: b786cec9-61fd-4523-b2c1-5ceb3860bb32 +isMemberOfPartialAttributeSet: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32766 + +cn: ms-DFS-Generation-GUID-v2 +ldapDisplayName: msDFS-GenerationGUIDv2 +attributeId: 1.2.840.113556.1.4.2032 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 35b8b3d9-c58f-43d6-930e-5040f2f1a781 +isMemberOfPartialAttributeSet: FALSE +searchFlags: 0 +rangeLower: 16 +rangeUpper: 16 + +cn: ms-DFS-Last-Modified-v2 +ldapDisplayName: msDFS-LastModifiedv2 +attributeId: 1.2.840.113556.1.4.2034 +attributeSyntax: 2.5.5.11 +omSyntax: 24 +isSingleValued: TRUE +schemaIdGuid: 3c095e8a-314e-465b-83f5-ab8277bcf29b +isMemberOfPartialAttributeSet: FALSE +searchFlags: 0 + +cn: ms-DFS-Link-Identity-GUID-v2 +ldapDisplayName: msDFS-LinkIdentityGUIDv2 +attributeId: 1.2.840.113556.1.4.2041 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: edb027f3-5726-4dee-8d4e-dbf07e1ad1f1 +isMemberOfPartialAttributeSet: FALSE +searchFlags: 0 +rangeLower:16 +rangeUpper: 16 + +cn: ms-DFS-Link-Path-v2 +ldapDisplayName: msDFS-LinkPathv2 +attributeId: 1.2.840.113556.1.4.2039 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 86b021f6-10ab-40a2-a252-1dc0cc3be6a9 +isMemberOfPartialAttributeSet: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32766 + +cn: ms-DFS-Link-Security-Descriptor-v2 +ldapDisplayName: msDFS-LinkSecurityDescriptorv2 +attributeId: 1.2.840.113556.1.4.2040 +attributeSyntax: 2.5.5.15 +omSyntax: 66 +isSingleValued: TRUE +schemaIdGuid: 57cf87f7-3426-4841-b322-02b3b6e9eba8 +isMemberOfPartialAttributeSet: FALSE +searchFlags: 0 + +cn: ms-DFS-Namespace-Identity-GUID-v2 +ldapDisplayName: msDFS-NamespaceIdentityGUIDv2 +attributeId: 1.2.840.113556.1.4.2033 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 200432ce-ec5f-4931-a525-d7f4afe34e68 +isMemberOfPartialAttributeSet: FALSE +searchFlags: 0 +rangeLower: 16 +rangeUpper: 16 + +cn: ms-DFS-Properties-v2 +ldapDisplayName: msDFS-Propertiesv2 +attributeId: 1.2.840.113556.1.4.2037 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 0c3e5bc5-eb0e-40f5-9b53-334e958dffdb +isMemberOfPartialAttributeSet: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 1024 + +cn: ms-DFSR-CachePolicy +ldapDisplayName: msDFSR-CachePolicy +attributeId: 1.2.840.113556.1.6.13.3.29 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: db7a08e7-fc76-4569-a45f-f5ecb66a88b5 +searchFlags: 0 + +cn: ms-DFSR-CommonStagingPath +ldapDisplayName: msDFSR-CommonStagingPath +attributeId: 1.2.840.113556.1.6.13.3.38 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 936eac41-d257-4bb9-bd55-f310a3cf09ad +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 + +cn: ms-DFSR-CommonStagingSizeInMb +ldapDisplayName: msDFSR-CommonStagingSizeInMb +attributeId: 1.2.840.113556.1.6.13.3.39 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 135eb00e-4846-458b-8ea2-a37559afd405 +searchFlags: 0 +rangeLower: 0 +rangeUpper: -1 + +cn: ms-DFSR-ComputerReference +ldapDisplayName: msDFSR-ComputerReference +attributeId: 1.2.840.113556.1.6.13.3.101 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 6c7b5785-3d21-41bf-8a8a-627941544d5a +searchFlags: 0 +linkID: 2050 + +cn: ms-DFSR-ComputerReferenceBL +ldapDisplayName: msDFSR-ComputerReferenceBL +attributeId: 1.2.840.113556.1.6.13.3.103 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 5eb526d7-d71b-44ae-8cc6-95460052e6ac +searchFlags: 0 +linkID: 2051 +systemFlags: FLAG_ATTR_NOT_REPLICATED + +cn: ms-DFSR-ConflictPath +ldapDisplayName: msDFSR-ConflictPath +attributeId: 1.2.840.113556.1.6.13.3.7 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 5cf0bcc8-60f7-4bff-bda6-aea0344eb151 +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 + +cn: ms-DFSR-ConflictSizeInMb +ldapDisplayName: msDFSR-ConflictSizeInMb +attributeId: 1.2.840.113556.1.6.13.3.8 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 9ad33fc9-aacf-4299-bb3e-d1fc6ea88e49 +searchFlags: 0 +rangeLower: 0 +rangeUpper: -1 + +cn: ms-DFSR-ContentSetGuid +ldapDisplayName: msDFSR-ContentSetGuid +attributeId: 1.2.840.113556.1.6.13.3.18 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 1035a8e1-67a8-4c21-b7bb-031cdf99d7a0 +searchFlags: 0 +rangeLower: 16 +rangeUpper: 16 + +cn: ms-DFSR-DefaultCompressionExclusionFilter +ldapDisplayName: msDFSR-DefaultCompressionExclusionFilter +attributeId: 1.2.840.113556.1.6.13.3.34 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 87811bd5-cd8b-45cb-9f5d-980f3a9e0c97 +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 + +cn: ms-DFSR-DeletedPath +ldapDisplayName: msDFSR-DeletedPath +attributeId: 1.2.840.113556.1.6.13.3.26 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 817cf0b8-db95-4914-b833-5a079ef65764 +searchFlags: 0 +rangeUpper: 32767 + +cn: ms-DFSR-DeletedSizeInMb +ldapDisplayName: msDFSR-DeletedSizeInMb +attributeId: 1.2.840.113556.1.6.13.3.27 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 53ed9ad1-9975-41f4-83f5-0c061a12553a +searchFlags: 0 +rangeUpper: -1 + +cn: ms-DFSR-DfsLinkTarget +ldapDisplayName: msDFSR-DfsLinkTarget +attributeId: 1.2.840.113556.1.6.13.3.24 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: f7b85ba9-3bf9-428f-aab4-2eee6d56f063 +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 + +cn: ms-DFSR-DfsPath +ldapDisplayName: msDFSR-DfsPath +attributeId: 1.2.840.113556.1.6.13.3.21 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 2cc903e2-398c-443b-ac86-ff6b01eac7ba +searchFlags: fATTINDEX +rangeLower: 0 +rangeUpper: 32767 + +cn: ms-DFSR-DirectoryFilter +ldapDisplayName: msDFSR-DirectoryFilter +attributeId: 1.2.840.113556.1.6.13.3.13 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 93c7b477-1f2e-4b40-b7bf-007e8d038ccf +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 + +cn: ms-DFSR-DisablePacketPrivacy +ldapDisplayName: msDFSR-DisablePacketPrivacy +attributeId: 1.2.840.113556.1.6.13.3.32 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 6a84ede5-741e-43fd-9dd6-aa0f61578621 +searchFlags: 0 + +cn: ms-DFSR-Enabled +ldapDisplayName: msDFSR-Enabled +attributeId: 1.2.840.113556.1.6.13.3.9 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 03726ae7-8e7d-4446-8aae-a91657c00993 +searchFlags: 0 + +cn: ms-DFSR-Extension +ldapDisplayName: msDFSR-Extension +attributeId: 1.2.840.113556.1.6.13.3.2 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 78f011ec-a766-4b19-adcf-7b81ed781a4d +searchFlags: 0 +rangeLower: 0 +rangeUpper: 65536 + +cn: ms-DFSR-FileFilter +ldapDisplayName: msDFSR-FileFilter +attributeId: 1.2.840.113556.1.6.13.3.12 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: d68270ac-a5dc-4841-a6ac-cd68be38c181 +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 + +cn: ms-DFSR-Flags +ldapDisplayName: msDFSR-Flags +attributeId: 1.2.840.113556.1.6.13.3.16 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: fe515695-3f61-45c8-9bfa-19c148c57b09 +searchFlags: 0 + +cn: ms-DFSR-Keywords +ldapDisplayName: msDFSR-Keywords +attributeId: 1.2.840.113556.1.6.13.3.15 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 048b4692-6227-4b67-a074-c4437083e14b +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 + +cn: ms-DFSR-MaxAgeInCacheInMin +ldapDisplayName: msDFSR-MaxAgeInCacheInMin +attributeId: 1.2.840.113556.1.6.13.3.31 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 2ab0e48d-ac4e-4afc-83e5-a34240db6198 +searchFlags: 0 +rangeUpper: 2147483647 + +cn: ms-DFSR-MemberReference +ldapDisplayName: msDFSR-MemberReference +attributeId: 1.2.840.113556.1.6.13.3.100 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 261337aa-f1c3-44b2-bbea-c88d49e6f0c7 +searchFlags: 0 +linkID: 2052 + +cn: ms-DFSR-MemberReferenceBL +ldapDisplayName: msDFSR-MemberReferenceBL +attributeId: 1.2.840.113556.1.6.13.3.102 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: adde62c6-1880-41ed-bd3c-30b7d25e14f0 +searchFlags: 0 +linkID: 2053 +systemFlags: FLAG_ATTR_NOT_REPLICATED + +cn: ms-DFSR-MinDurationCacheInMin +ldapDisplayName: msDFSR-MinDurationCacheInMin +attributeId: 1.2.840.113556.1.6.13.3.30 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 4c5d607a-ce49-444a-9862-82a95f5d1fcc +searchFlags: 0 +rangeUpper: 2147483647 + +cn: ms-DFSR-OnDemandExclusionDirectoryFilter +ldapDisplayName: msDFSR-OnDemandExclusionDirectoryFilter +attributeId: 1.2.840.113556.1.6.13.3.36 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 7d523aff-9012-49b2-9925-f922a0018656 +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 + +cn: ms-DFSR-OnDemandExclusionFileFilter +ldapDisplayName: msDFSR-OnDemandExclusionFileFilter +attributeId: 1.2.840.113556.1.6.13.3.35 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: a68359dc-a581-4ee6-9015-5382c60f0fb4 +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 + +cn: ms-DFSR-Options +ldapDisplayName: msDFSR-Options +attributeId: 1.2.840.113556.1.6.13.3.17 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: d6d67084-c720-417d-8647-b696237a114c +searchFlags: 0 + +cn: ms-DFSR-Options2 +ldapDisplayName: msDFSR-Options2 +attributeId: 1.2.840.113556.1.6.13.3.37 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 11e24318-4ca6-4f49-9afe-e5eb1afa3473 +searchFlags: 0 + +cn: ms-DFSR-Priority +ldapDisplayName: msDFSR-Priority +attributeId: 1.2.840.113556.1.6.13.3.25 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: eb20e7d6-32ad-42de-b141-16ad2631b01b +searchFlags: 0 + +cn: ms-DFSR-RdcEnabled +ldapDisplayName: msDFSR-RdcEnabled +attributeId: 1.2.840.113556.1.6.13.3.19 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: e3b44e05-f4a7-4078-a730-f48670a743f8 +searchFlags: 0 + +cn: ms-DFSR-RdcMinFileSizeInKb +ldapDisplayName: msDFSR-RdcMinFileSizeInKb +attributeId: 1.2.840.113556.1.6.13.3.20 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: f402a330-ace5-4dc1-8cc9-74d900bf8ae0 +searchFlags: 0 +rangeLower: 0 +rangeUpper: -1 + +cn: ms-DFSR-ReadOnly +ldapDisplayName: msDFSR-ReadOnly +attributeId: 1.2.840.113556.1.6.13.3.28 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 5ac48021-e447-46e7-9d23-92c0c6a90dfb +searchFlags: 0 + +cn: ms-DFSR-ReplicationGroupGuid +ldapDisplayName: msDFSR-ReplicationGroupGuid +attributeId: 1.2.840.113556.1.6.13.3.23 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 2dad8796-7619-4ff8-966e-0a5cc67b287f +searchFlags: fATTINDEX +rangeLower: 16 +rangeUpper: 16 + +cn: ms-DFSR-ReplicationGroupType +ldapDisplayName: msDFSR-ReplicationGroupType +attributeId: 1.2.840.113556.1.6.13.3.10 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: eeed0fc8-1001-45ed-80cc-bbf744930720 +searchFlags: 0 + +cn: ms-DFSR-RootFence +ldapDisplayName: msDFSR-RootFence +attributeId: 1.2.840.113556.1.6.13.3.22 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 51928e94-2cd8-4abe-b552-e50412444370 +searchFlags: 0 + +cn: ms-DFSR-RootPath +ldapDisplayName: msDFSR-RootPath +attributeId: 1.2.840.113556.1.6.13.3.3 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: d7d5e8c1-e61f-464f-9fcf-20bbe0a2ec54 +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 + +cn: ms-DFSR-RootSizeInMb +ldapDisplayName: msDFSR-RootSizeInMb +attributeId: 1.2.840.113556.1.6.13.3.4 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 90b769ac-4413-43cf-ad7a-867142e740a3 +searchFlags: 0 +rangeLower: 0 +rangeUpper: -1 + +cn: ms-DFSR-Schedule +ldapDisplayName: msDFSR-Schedule +attributeId: 1.2.840.113556.1.6.13.3.14 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 4699f15f-a71f-48e2-9ff5-5897c0759205 +searchFlags: 0 +rangeLower: 336 +rangeUpper: 336 + +cn: ms-DFSR-StagingCleanupTriggerInPercent +ldapDisplayName: msDFSR-StagingCleanupTriggerInPercent +attributeId: 1.2.840.113556.1.6.13.3.40 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: d64b9c23-e1fa-467b-b317-6964d744d633 +searchFlags: 0 + +cn: ms-DFSR-StagingPath +ldapDisplayName: msDFSR-StagingPath +attributeId: 1.2.840.113556.1.6.13.3.5 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 86b9a69e-f0a6-405d-99bb-77d977992c2a +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 + +cn: ms-DFSR-StagingSizeInMb +ldapDisplayName: msDFSR-StagingSizeInMb +attributeId: 1.2.840.113556.1.6.13.3.6 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 250a8f20-f6fc-4559-ae65-e4b24c67aebe +searchFlags: 0 +rangeLower: 0 +rangeUpper: -1 + +cn: ms-DFSR-TombstoneExpiryInMin +ldapDisplayName: msDFSR-TombstoneExpiryInMin +attributeId: 1.2.840.113556.1.6.13.3.11 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 23e35d4c-e324-4861-a22f-e199140dae00 +searchFlags: 0 +rangeLower: 0 +rangeUpper: 2147483647 + +cn: ms-DFSR-Version +ldapDisplayName: msDFSR-Version +attributeId: 1.2.840.113556.1.6.13.3.1 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 1a861408-38c3-49ea-ba75-85481a77c655 +searchFlags: 0 +rangeUpper: 256 + +cn: ms-DFS-Schema-Major-Version +ldapDisplayName: msDFS-SchemaMajorVersion +attributeId: 1.2.840.113556.1.4.2030 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: ec6d7855-704a-4f61-9aa6-c49a7c1d54c7 +isMemberOfPartialAttributeSet: FALSE +searchFlags: 0 +rangeLower: 2 +rangeUpper: 2 + +cn: ms-DFS-Schema-Minor-Version +ldapDisplayName: msDFS-SchemaMinorVersion +attributeId: 1.2.840.113556.1.4.2031 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: fef9a725-e8f1-43ab-bd86-6a0115ce9e38 +isMemberOfPartialAttributeSet: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 0 + +cn: ms-DFS-Short-Name-Link-Path-v2 +ldapDisplayName: msDFS-ShortNameLinkPathv2 +attributeId: 1.2.840.113556.1.4.2042 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 2d7826f0-4cf7-42e9-a039-1110e0d9ca99 +isMemberOfPartialAttributeSet: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32766 + +cn: ms-DFS-Target-List-v2 +ldapDisplayName: msDFS-TargetListv2 +attributeId: 1.2.840.113556.1.4.2038 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 6ab126c6-fa41-4b36-809e-7ca91610d48f +isMemberOfPartialAttributeSet: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 2097152 + +cn: ms-DFS-Ttl-v2 +ldapDisplayName: msDFS-Ttlv2 +attributeId: 1.2.840.113556.1.4.2035 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: ea944d31-864a-4349-ada5-062e2c614f5e +isMemberOfPartialAttributeSet: FALSE +searchFlags: 0 + +cn: MS-DRM-Identity-Certificate +ldapDisplayName: msDRM-IdentityCertificate +attributeId: 1.2.840.113556.1.4.1843 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: e85e1204-3434-41ad-9b56-e2901228fff0 +searchFlags: 0 +rangeLower: 1 +rangeUpper: 10240 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Additional-Dns-Host-Name +ldapDisplayName: msDS-AdditionalDnsHostName +attributeId: 1.2.840.113556.1.4.1717 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 80863791-dbe9-4eb8-837e-7f0ab55d9ac7 +systemOnly: TRUE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 2048 +attributeSecurityGuid: 72e39547-7b18-11d1-adef-00c04fd8d5cd +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Additional-Sam-Account-Name +ldapDisplayName: msDS-AdditionalSamAccountName +attributeId: 1.2.840.113556.1.4.1718 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 975571df-a4d5-429a-9f59-cdc6581d91e6 +systemOnly: TRUE +searchFlags: fPRESERVEONDELETE| fANR | fATTINDEX +rangeLower: 0 +rangeUpper: 256 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Allowed-DNS-Suffixes +ldapDisplayName: msDS-AllowedDNSSuffixes +attributeId: 1.2.840.113556.1.4.1710 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 8469441b-9ac4-4e45-8205-bd219dbf672d +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 2048 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Allowed-To-Delegate-To +ldapDisplayName: msDS-AllowedToDelegateTo +attributeId: 1.2.840.113556.1.4.1787 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 800d94d7-b7a1-42a1-b14d-7cae1423d07f +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: MS-DS-All-Users-Trust-Quota +ldapDisplayName: msDS-AllUsersTrustQuota +attributeId: 1.2.840.113556.1.4.1789 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: d3aa4a5c-4e03-4810-97aa-2b339e7a434b +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Approx-Immed-Subordinates +ldapDisplayName: msDS-Approx-Immed-Subordinates +attributeId: 1.2.840.113556.1.4.1669 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: e185d243-f6ce-4adb-b496-b0c005d7823c +systemOnly: TRUE +searchFlags: 0 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-AuthenticatedAt-DC +ldapDisplayName: msDS-AuthenticatedAtDC +attributeId: 1.2.840.113556.1.4.1958 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 3e1ee99c-6604-4489-89d9-84798a89515a +systemOnly: FALSE +searchFlags: 0 +linkID: 2112 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-AuthenticatedTo-Accountlist +ldapDisplayName: msDS-AuthenticatedToAccountlist +attributeId: 1.2.840.113556.1.4.1957 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: e8b2c971-a6df-47bc-8d6f-62770d527aa5 +systemOnly: TRUE +searchFlags: 0 +linkID: 2113 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Auxiliary-Classes +ldapDisplayName: msDS-Auxiliary-Classes +attributeId: 1.2.840.113556.1.4.1458 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: FALSE +schemaIdGuid: c4af1073-ee50-4be0-b8c0-89a41fe99abe +systemOnly: TRUE +searchFlags: fPRESERVEONDELETE +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Az-Application-Data +ldapDisplayName: msDS-AzApplicationData +attributeId: 1.2.840.113556.1.4.1819 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 503fc3e8-1cc6-461a-99a3-9eee04f402a7 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Application-Name +ldapDisplayName: msDS-AzApplicationName +attributeId: 1.2.840.113556.1.4.1798 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: db5b0728-6208-4876-83b7-95d3e5695275 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 512 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Application-Version +ldapDisplayName: msDS-AzApplicationVersion +attributeId: 1.2.840.113556.1.4.1817 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 7184a120-3ac4-47ae-848f-fe0ab20784d4 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Biz-Rule +ldapDisplayName: msDS-AzBizRule +attributeId: 1.2.840.113556.1.4.1801 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 33d41ea8-c0c9-4c92-9494-f104878413fd +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 65536 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Biz-Rule-Language +ldapDisplayName: msDS-AzBizRuleLanguage +attributeId: 1.2.840.113556.1.4.1802 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 52994b56-0e6c-4e07-aa5c-ef9d7f5a0e25 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 64 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Class-ID +ldapDisplayName: msDS-AzClassId +attributeId: 1.2.840.113556.1.4.1816 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 013a7277-5c2d-49ef-a7de-b765b36a3f6f +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 40 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Domain-Timeout +ldapDisplayName: msDS-AzDomainTimeout +attributeId: 1.2.840.113556.1.4.1795 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 6448f56a-ca70-4e2e-b0af-d20e4ce653d0 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Generate-Audits +ldapDisplayName: msDS-AzGenerateAudits +attributeId: 1.2.840.113556.1.4.1805 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: f90abab0-186c-4418-bb85-88447c87222a +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Generic-Data +ldapDisplayName: msDS-AzGenericData +attributeId: 1.2.840.113556.1.4.1950 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: b5f7e349-7a5b-407c-a334-a31c3f538b98 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 65536 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Last-Imported-Biz-Rule-Path +ldapDisplayName: msDS-AzLastImportedBizRulePath +attributeId: 1.2.840.113556.1.4.1803 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 665acb5c-bb92-4dbc-8c59-b3638eab09b3 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 65536 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-LDAP-Query +ldapDisplayName: msDS-AzLDAPQuery +attributeId: 1.2.840.113556.1.4.1792 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 5e53368b-fc94-45c8-9d7d-daf31ee7112d +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 4096 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Az-Major-Version +ldapDisplayName: msDS-AzMajorVersion +attributeId: 1.2.840.113556.1.4.1824 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: cfb9adb7-c4b7-4059-9568-1ed9db6b7248 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Minor-Version +ldapDisplayName: msDS-AzMinorVersion +attributeId: 1.2.840.113556.1.4.1825 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: ee85ed93-b209-4788-8165-e702f51bfbf3 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Object-Guid +ldapDisplayName: msDS-AzObjectGuid +attributeId: 1.2.840.113556.1.4.1949 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 8491e548-6c38-4365-a732-af041569b02c +systemOnly: TRUE +searchFlags: fATTINDEX +rangeLower: 16 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Operation-ID +ldapDisplayName: msDS-AzOperationID +attributeId: 1.2.840.113556.1.4.1800 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: a5f3b553-5d76-4cbe-ba3f-4312152cab18 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Scope-Name +ldapDisplayName: msDS-AzScopeName +attributeId: 1.2.840.113556.1.4.1799 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 515a6b06-2617-4173-8099-d5605df043c6 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 65536 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Script-Engine-Cache-Max +ldapDisplayName: msDS-AzScriptEngineCacheMax +attributeId: 1.2.840.113556.1.4.1796 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 2629f66a-1f95-4bf3-a296-8e9d7b9e30c8 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Script-Timeout +ldapDisplayName: msDS-AzScriptTimeout +attributeId: 1.2.840.113556.1.4.1797 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 87d0fb41-2c8b-41f6-b972-11fdfd50d6b0 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Task-Is-Role-Definition +ldapDisplayName: msDS-AzTaskIsRoleDefinition +attributeId: 1.2.840.113556.1.4.1818 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 7b078544-6c82-4fe9-872f-ff48ad2b2e26 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Behavior-Version +ldapDisplayName: msDS-Behavior-Version +attributeId: 1.2.840.113556.1.4.1459 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: d31a8757-2447-4545-8081-3bb610cacbf2 +systemOnly: TRUE +searchFlags: 0 +rangeLower: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-BridgeHead-Servers-Used +ldapDisplayName: msDS-BridgeHeadServersUsed +attributeId: 1.2.840.113556.1.4.2049 +attributeSyntax: 2.5.5.7 +omSyntax: 127 +omObjectClass: 1.2.840.113556.1.1.1.11 +linkID: 2160 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +schemaIdGuid: 3ced1465-7b71-2541-8780-1e1ea6243a82 +searchFlags: 0 +systemFlags: FLAG_ATTR_NOT_REPLICATED | FLAG_ATTR_IS_OPERATIONAL |FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Byte-Array +ldapDisplayName: msDS-ByteArray +attributeId: 1.2.840.113556.1.4.1831 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: f0d8972e-dd5b-40e5-a51d-044c7c17ece7 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 1000000 + +cn: ms-DS-Cached-Membership +ldapDisplayName: msDS-Cached-Membership +attributeId: 1.2.840.113556.1.4.1441 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 69cab008-cdd4-4bc9-bab8-0ff37efe1b20 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Cached-Membership-Time-Stamp +ldapDisplayName: msDS-Cached-Membership-Time-Stamp +attributeId: 1.2.840.113556.1.4.1442 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 3566bf1f-beee-4dcb-8abe-ef89fcfec6c1 +systemOnly: FALSE +searchFlags: fATTINDEX +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: MS-DS-Consistency-Child-Count +ldapDisplayName: mS-DS-ConsistencyChildCount +attributeId: 1.2.840.113556.1.4.1361 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 178b7bc2-b63a-11d2-90e1-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-DS-Consistency-Guid +ldapDisplayName: mS-DS-ConsistencyGuid +attributeId: 1.2.840.113556.1.4.1360 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 23773dc2-b63a-11d2-90e1-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-DS-Creator-SID +ldapDisplayName: mS-DS-CreatorSID +attributeId: 1.2.840.113556.1.4.1410 +attributeSyntax: 2.5.5.17 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: c5e60132-1480-11d3-91c1-0000f87a57d4 +systemOnly: TRUE +searchFlags: fATTINDEX +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Date-Time +ldapDisplayName: msDS-DateTime +attributeId: 1.2.840.113556.1.4.1832 +attributeSyntax: 2.5.5.11 +omSyntax: 24 +isSingleValued: FALSE +schemaIdGuid: 234fcbd8-fb52-4908-a328-fd9f6e58e403 +systemOnly: FALSE +searchFlags: 0 + +cn: ms-DS-Default-Quota +ldapDisplayName: msDS-DefaultQuota +attributeId: 1.2.840.113556.1.4.1846 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 6818f726-674b-441b-8a3a-f40596374cea +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Deleted-Object-Lifetime +ldapDisplayName: msDS-DeletedObjectLifetime +attributeId: 1.2.840.113556.1.4.2068 +attributeSyntax: 2.5.5.9 +omSyntax: 10 +isSingleValued: TRUE +schemaIdGuid: a9b38cb6-189a-4def-8a70-0fcfa158148e +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-DnsRootAlias +ldapDisplayName: msDS-DnsRootAlias +attributeId: 1.2.840.113556.1.4.1719 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 2143acca-eead-4d29-b591-85fa49ce9173 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 255 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Enabled-Feature +ldapDisplayName: msDS-EnabledFeature +attributeId: 1.2.840.113556.1.4.2061 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +linkId: 2168 +isSingleValued: FALSE +schemaIdGuid: 5706aeaf-b940-4fb2-bcfc-5268683ad9fe +isMemberOfPartialAttributeSet: TRUE +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Enabled-Feature-BL +ldapDisplayName: msDS-EnabledFeatureBL +attributeId: 1.2.840.113556.1.4.2069 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +linkId: 2169 +isSingleValued: FALSE +schemaIdGuid: ce5b01bc-17c6-44b8-9dc1-a9668b00901b +isMemberOfPartialAttributeSet: TRUE +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT|FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Entry-Time-To-Die +ldapDisplayName: msDS-Entry-Time-To-Die +attributeId: 1.2.840.113556.1.4.1622 +attributeSyntax: 2.5.5.11 +omSyntax: 24 +isSingleValued: TRUE +schemaIdGuid: e1e9bad7-c6dd-4101-a843-794cec85b038 +systemOnly: TRUE +searchFlags: fPRESERVEONDELETE | fATTINDEX +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_OPERATIONAL +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-ExecuteScriptPassword +ldapDisplayName: msDS-ExecuteScriptPassword +attributeId: 1.2.840.113556.1.4.1783 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 9d054a5a-d187-46c1-9d85-42dfc44a56dd +systemOnly: TRUE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 64 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-External-Key +ldapDisplayName: msDS-ExternalKey +attributeId: 1.2.840.113556.1.4.1833 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: b92fd528-38ac-40d4-818d-0433380837c1 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 10000 + +cn: ms-DS-External-Store +ldapDisplayName: msDS-ExternalStore +attributeId: 1.2.840.113556.1.4.1834 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 604877cd-9cdb-47c7-b03d-3daadb044910 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 10000 + +cn: ms-DS-Failed-Interactive-Logon-Count +ldapDisplayName: msDS-FailedInteractiveLogonCount +attributeId: 1.2.840.113556.1.4.1972 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: dc3ca86f-70ad-4960-8425-a4d6313d93dd +systemOnly: TRUE +searchFlags: 0 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon +ldapDisplayName: msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon +attributeId: 1.2.840.113556.1.4.1973 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: c5d234e5-644a-4403-a665-e26e0aef5e98 +systemOnly: TRUE +searchFlags: 0 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Filter-Containers +ldapDisplayName: msDS-FilterContainers +attributeId: 1.2.840.113556.1.4.1703 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: fb00dcdf-ac37-483a-9c12-ac53a6603033 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 64 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-HAB-Seniority-Index +ldapDisplayName: msDS-HABSeniorityIndex +attributeId: 1.2.840.113556.1.4.1997 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: def449f1-fd3b-4045-98cf-d9658da788b5 +systemOnly: FALSE +searchFlags: fATTINDEX +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 36000 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Has-Domain-NCs +ldapDisplayName: msDS-HasDomainNCs +attributeId: 1.2.840.113556.1.4.1820 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 6f17e347-a842-4498-b8b3-15e007da4fed +systemOnly: TRUE +searchFlags: 0 +rangeLower: 4 +rangeUpper: 4 +linkID: 2026 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Has-Full-Replica-NCs +ldapDisplayName: msDS-hasFullReplicaNCs +attributeId: 1.2.840.113556.1.4.1925 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 1d3c2d18-42d0-4868-99fe-0eca1e6fa9f3 +systemOnly: TRUE +searchFlags: 0 +linkID: 2104 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Has-Instantiated-NCs +ldapDisplayName: msDS-HasInstantiatedNCs +attributeId: 1.2.840.113556.1.4.1709 +attributeSyntax: 2.5.5.7 +omSyntax: 127 +omObjectClass: 1.2.840.113556.1.1.1.11 +isSingleValued: FALSE +schemaIdGuid: 11e9a5bc-4517-4049-af9c-51554fb0fc09 +systemOnly: TRUE +searchFlags: 0 +rangeLower: 4 +rangeUpper: 4 +linkID: 2002 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Has-Master-NCs +ldapDisplayName: msDS-hasMasterNCs +attributeId: 1.2.840.113556.1.4.1836 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: ae2de0e2-59d7-4d47-8d47-ed4dfe4357ad +systemOnly: TRUE +searchFlags: 0 +linkID: 2036 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Host-Service-Account +ldapDisplayName: msDS-HostServiceAccount +attributeId: 1.2.840.113556.1.4.2056 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 80641043-15a2-40e1-92a2-8ca866f70776 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +linkID: 2166 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Host-Service-Account-BL +ldapDisplayName: msDS-HostServiceAccountBL +attributeId: 1.2.840.113556.1.4.2057 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 79abe4eb-88f3-48e7-89d6-f4bc7e98c331 +systemOnly: TRUE +searchFlags: 0 +linkID: 2167 +systemFlags: FLAG_SCHEMA_BASE_OBJECT|FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Integer +ldapDisplayName: msDS-Integer +attributeId: 1.2.840.113556.1.4.1835 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: FALSE +schemaIdGuid: 7bc64cea-c04e-4318-b102-3e0729371a65 +systemOnly: FALSE +searchFlags: 0 + +cn: ms-DS-IntId +ldapDisplayName: msDS-IntId +attributeId: 1.2.840.113556.1.4.1716 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bc60096a-1b47-4b30-8877-602c93f56532 +systemOnly: TRUE +searchFlags: fPRESERVEONDELETE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Is-Domain-For +ldapDisplayName: msDS-IsDomainFor +attributeId: 1.2.840.113556.1.4.1933 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: ff155a2a-44e5-4de0-8318-13a58988de4f +systemOnly: TRUE +searchFlags: 0 +linkID: 2027 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: ms-DS-Is-Full-Replica-For +ldapDisplayName: msDS-IsFullReplicaFor +attributeId: 1.2.840.113556.1.4.1932 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: c8bc72e0-a6b4-48f0-94a5-fd76a88c9987 +systemOnly: TRUE +searchFlags: 0 +linkID: 2105 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: ms-DS-isGC +ldapDisplayName: msDS-isGC +attributeId: 1.2.840.113556.1.4.1959 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 1df5cf33-0fe5-499e-90e1-e94b42718a46 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Is-Partial-Replica-For +ldapDisplayName: msDS-IsPartialReplicaFor +attributeId: 1.2.840.113556.1.4.1934 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 37c94ff6-c6d4-498f-b2f9-c6f7f8647809 +systemOnly: TRUE +searchFlags: 0 +linkID: 75 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: ms-DS-isRODC +ldapDisplayName: msDS-isRODC +attributeId: 1.2.840.113556.1.4.1960 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: a8e8aa23-3e67-4af1-9d7a-2f1a1d633ac9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Is-User-Cachable-At-Rodc +ldapDisplayName: msDS-IsUserCachableAtRodc +attributeId: 1.2.840.113556.1.4.2025 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: fe01245a-341f-4556-951f-48c033a89050 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-KeyVersionNumber +ldapDisplayName: msDS-KeyVersionNumber +attributeId: 1.2.840.113556.1.4.1782 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: c523e9c0-33b5-4ac8-8923-b57b927f42f6 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-KrbTgt-Link +ldapDisplayName: msDS-KrbTgtLink +attributeId: 1.2.840.113556.1.4.1923 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 778ff5c9-6f4e-4b74-856a-d68383313910 +systemOnly: FALSE +searchFlags: 0 +linkID: 2100 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-KrbTgt-Link-BL +ldapDisplayName: msDS-KrbTgtLinkBl +attributeId: 1.2.840.113556.1.4.1931 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 5dd68c41-bfdf-438b-9b5d-39d9618bf260 +systemOnly: TRUE +searchFlags: 0 +linkID: 2101 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Last-Failed-Interactive-Logon-Time +ldapDisplayName: msDS-LastFailedInteractiveLogonTime +attributeId: 1.2.840.113556.1.4.1971 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: c7e7dafa-10c3-4b8b-9acd-54f11063742e +systemOnly: TRUE +searchFlags: 0 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Last-Known-RDN +ldapDisplayName: msDS-LastKnownRDN +attributeId: 1.2.840.113556.1.4.2067 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 8ab15858-683e-466d-877f-d640e1f9a611 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Last-Successful-Interactive-Logon-Time +ldapDisplayName: msDS-LastSuccessfulInteractiveLogonTime +attributeId: 1.2.840.113556.1.4.1970 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 011929e6-8b5d-4258-b64a-00b0b4949747 +systemOnly: TRUE +searchFlags: 0 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Local-Effective-Deletion-Time +ldapDisplayName: msDS-LocalEffectiveDeletionTime +attributeId: 1.2.840.113556.1.4.2059 +attributeSyntax: 2.5.5.11 +omSyntax: 24 +isSingleValued: TRUE +schemaIdGuid: 94f2800c-531f-4aeb-975d-48ac39fd8ca4 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT|FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Local-Effective-Recycle-Time +ldapDisplayName: msDS-LocalEffectiveRecycleTime +attributeId: 1.2.840.113556.1.4.2060 +attributeSyntax: 2.5.5.11 +omSyntax: 24 +isSingleValued: TRUE +schemaIdGuid: 4ad6016b-b0d2-4c9b-93b6-5964b17b968c +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT|FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Lockout-Duration +ldapDisplayName: msDS-LockoutDuration +attributeId: 1.2.840.113556.1.4.2018 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 0 +schemaIdGuid: 421f889a-472e-4fe4-8eb9-e1d0bc6071b2 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Lockout-Observation-Window +ldapDisplayName: msDS-LockoutObservationWindow +attributeId: 1.2.840.113556.1.4.2017 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 0 +schemaIdGuid: b05bda89-76af-468a-b892-1be55558ecc8 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Lockout-Threshold +ldapDisplayName: msDS-LockoutThreshold +attributeId: 1.2.840.113556.1.4.2019 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 65535 +schemaIdGuid: b8c8c35e-4a19-4a95-99d0-69fe4446286f +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Logon-Time-Sync-Interval +ldapDisplayName: msDS-LogonTimeSyncInterval +attributeId: 1.2.840.113556.1.4.1784 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: ad7940f8-e43a-4a42-83bc-d688e59ea605 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: MS-DS-Machine-Account-Quota +ldapDisplayName: ms-DS-MachineAccountQuota +attributeId: 1.2.840.113556.1.4.1411 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: d064fb68-1480-11d3-91c1-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Mastered-By +ldapDisplayName: msDs-masteredBy +attributeId: 1.2.840.113556.1.4.1837 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 60234769-4819-4615-a1b2-49d2f119acb5 +systemOnly: TRUE +searchFlags: 0 +linkID: 2037 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Maximum-Password-Age +ldapDisplayName: msDS-MaximumPasswordAge +attributeId: 1.2.840.113556.1.4.2011 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 0 +schemaIdGuid: fdd337f5-4999-4fce-b252-8ff9c9b43875 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Max-Values +ldapDisplayName: msDs-MaxValues +attributeId: 1.2.840.113556.1.4.1842 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: d1e169a4-ebe9-49bf-8fcb-8aef3874592d +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Members-For-Az-Role +ldapDisplayName: msDS-MembersForAzRole +attributeId: 1.2.840.113556.1.4.1806 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: cbf7e6cd-85a4-4314-8939-8bfe80597835 +systemOnly: FALSE +searchFlags: 0 +linkID: 2016 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Members-For-Az-Role-BL +ldapDisplayName: msDS-MembersForAzRoleBL +attributeId: 1.2.840.113556.1.4.1807 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: ececcd20-a7e0-4688-9ccf-02ece5e287f5 +systemOnly: TRUE +searchFlags: 0 +linkID: 2017 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: ms-DS-Minimum-Password-Age +ldapDisplayName: msDS-MinimumPasswordAge +attributeId: 1.2.840.113556.1.4.2012 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 0 +schemaIdGuid: 2a74f878-4d9c-49f9-97b3-6767d1cbd9a3 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Minimum-Password-Length +ldapDisplayName: msDS-MinimumPasswordLength +attributeId: 1.2.840.113556.1.4.2013 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 255 +schemaIdGuid: b21b3439-4c3a-441c-bb5f-08f20e9b315e +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-NC-Repl-Cursors +ldapDisplayName: msDS-NCReplCursors +attributeId: 1.2.840.113556.1.4.1704 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 8a167ce4-f9e8-47eb-8d78-f7fe80abb2cc +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-NC-Replica-Locations +ldapDisplayName: msDS-NC-Replica-Locations +attributeId: 1.2.840.113556.1.4.1661 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 97de9615-b537-46bc-ac0f-10720f3909f3 +systemOnly: FALSE +searchFlags: 0 +linkID: 1044 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-NC-Repl-Inbound-Neighbors +ldapDisplayName: msDS-NCReplInboundNeighbors +attributeId: 1.2.840.113556.1.4.1705 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 9edba85a-3e9e-431b-9b1a-a5b6e9eda796 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-NC-Repl-Outbound-Neighbors +ldapDisplayName: msDS-NCReplOutboundNeighbors +attributeId: 1.2.840.113556.1.4.1706 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 855f2ef5-a1c5-4cc4-ba6d-32522848b61f +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-NC-RO-Replica-Locations +ldapDisplayName: msDS-NC-RO-Replica-Locations +attributeId: 1.2.840.113556.1.4.1967 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 3df793df-9858-4417-a701-735a1ecebf74 +systemOnly: FALSE +searchFlags: 0 +linkID: 2114 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-NC-RO-Replica-Locations-BL +ldapDisplayName: msDS-NC-RO-Replica-Locations-BL +attributeId: 1.2.840.113556.1.4.1968 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: f547511c-5b2a-44cc-8358-992a88258164 +systemOnly: FALSE +searchFlags: 0 +linkID: 2115 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: ms-DS-NC-Type +ldapDisplayName: msDS-NcType +attributeId: 1.2.840.113556.1.4.2024 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +systemOnly: TRUE +searchFlags: 0 +schemaIdGuid: 5a2eacd7-cc2b-48cf-9d9a-b6f1a0024de9 +showInAdvancedViewOnly: TRUE +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Never-Reveal-Group +ldapDisplayName: msDS-NeverRevealGroup +attributeId: 1.2.840.113556.1.4.1926 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 15585999-fd49-4d66-b25d-eeb96aba8174 +systemOnly: FALSE +searchFlags: 0 +linkID: 2106 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Non-Members +ldapDisplayName: msDS-NonMembers +attributeId: 1.2.840.113556.1.4.1793 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: cafcb1de-f23c-46b5-adf7-1e64957bd5db +systemOnly: FALSE +searchFlags: 0 +linkID: 2014 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Non-Members-BL +ldapDisplayName: msDS-NonMembersBL +attributeId: 1.2.840.113556.1.4.1794 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 2a8c68fc-3a7a-4e87-8720-fe77c51cbe74 +systemOnly: TRUE +searchFlags: 0 +linkID: 2015 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: ms-DS-Non-Security-Group-Extra-Classes +ldapDisplayName: msDS-Non-Security-Group-Extra-Classes +attributeId: 1.2.840.113556.1.4.1689 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 2de144fc-1f52-486f-bdf4-16fcc3084e54 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Object-Reference +ldapDisplayName: msDS-ObjectReference +attributeId: 1.2.840.113556.1.4.1840 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 638ec2e8-22e7-409c-85d2-11b21bee72de +systemOnly: FALSE +searchFlags: 0 +linkID: 2038 + +cn: ms-DS-Object-Reference-BL +ldapDisplayName: msDS-ObjectReferenceBL +attributeId: 1.2.840.113556.1.4.1841 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 2b702515-c1f7-4b3b-b148-c0e4c6ceecb4 +systemOnly: TRUE +searchFlags: 0 +linkID: 2039 +systemFlags: FLAG_ATTR_NOT_REPLICATED + +cn: ms-DS-OIDToGroup-Link +ldapDisplayName: msDS-OIDToGroupLink +attributeId: 1.2.840.113556.1.4.2051 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: f9c9a57c-3941-438d-bebf-0edaf2aca187 +systemOnly: FALSE +searchFlags: 0 +linkID: 2164 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-OIDToGroup-Link-Bl +ldapDisplayName: msDS-OIDToGroupLinkBl +attributeId: 1.2.840.113556.1.4.2052 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 1a3d0d20-5844-4199-ad25-0f5039a76ada +systemOnly: FALSE +searchFlags: 0 +linkID: 2165 +systemFlags: FLAG_SCHEMA_BASE_OBJECT|FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Operations-For-Az-Role +ldapDisplayName: msDS-OperationsForAzRole +attributeId: 1.2.840.113556.1.4.1812 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 93f701be-fa4c-43b6-bc2f-4dbea718ffab +systemOnly: FALSE +searchFlags: 0 +linkID: 2022 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Operations-For-Az-Role-BL +ldapDisplayName: msDS-OperationsForAzRoleBL +attributeId: 1.2.840.113556.1.4.1813 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: f85b6228-3734-4525-b6b7-3f3bb220902c +systemOnly: TRUE +searchFlags: 0 +linkID: 2023 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: ms-DS-Operations-For-Az-Task +ldapDisplayName: msDS-OperationsForAzTask +attributeId: 1.2.840.113556.1.4.1808 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 1aacb436-2e9d-44a9-9298-ce4debeb6ebf +systemOnly: FALSE +searchFlags: 0 +linkID: 2018 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Operations-For-Az-Task-BL +ldapDisplayName: msDS-OperationsForAzTaskBL +attributeId: 1.2.840.113556.1.4.1809 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: a637d211-5739-4ed1-89b2-88974548bc59 +systemOnly: TRUE +searchFlags: 0 +linkID: 2019 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: ms-DS-Optional-Feature-Flags +ldapDisplayName: msDS-OptionalFeatureFlags +attributeId: 1.2.840.113556.1.4.2063 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 8a0560c1-97b9-4811-9db7-dc061598965b +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Optional-Feature-Guid +ldapDisplayName: msDS-OptionalFeatureGuid +attributeId: 1.2.840.113556.1.4.2062 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 9b88bda8-dd82-4998-a91d-5f2d2baf1927 +systemOnly: TRUE +searchFlags: 0 +rangeLower: 16 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Other-Settings +ldapDisplayName: msDS-Other-Settings +attributeId: 1.2.840.113556.1.4.1621 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 79d2f34c-9d7d-42bb-838f-866b3e4400e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Password-Complexity-Enabled +ldapDisplayName: msDS-PasswordComplexityEnabled +attributeId: 1.2.840.113556.1.4.2015 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +systemOnly: FALSE +searchFlags: 0 +schemaIdGuid: db68054b-c9c3-4bf0-b15b-0fb52552a610 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Password-History-Length +ldapDisplayName: msDS-PasswordHistoryLength +attributeId: 1.2.840.113556.1.4.2014 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 65535 +schemaIdGuid: fed81bb7-768c-4c2f-9641-2245de34794d +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Password-Reversible-Encryption-Enabled +ldapDisplayName: msDS-PasswordReversibleEncryptionEnabled +attributeId: 1.2.840.113556.1.4.2016 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +systemOnly: FALSE +searchFlags: 0 +schemaIdGuid: 75ccdd8f-af6c-4487-bb4b-69e4d38a959c +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Password-Settings-Precedence +ldapDisplayName: msDS-PasswordSettingsPrecedence +attributeId: 1.2.840.113556.1.4.2023 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +schemaIdGuid: 456374ac-1f0a-4617-93cf-bc55a7c9d341 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: MS-DS-Per-User-Trust-Quota +ldapDisplayName: msDS-PerUserTrustQuota +attributeId: 1.2.840.113556.1.4.1788 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: d161adf0-ca24-4993-a3aa-8b2c981302e8 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: MS-DS-Per-User-Trust-Tombstones-Quota +ldapDisplayName: msDS-PerUserTrustTombstonesQuota +attributeId: 1.2.840.113556.1.4.1790 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 8b70a6c6-50f9-4fa3-a71e-1ce03040449b +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Phonetic-Company-Name +ldapDisplayName: msDS-PhoneticCompanyName +attributeId: 1.2.840.113556.1.4.1945 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 5bd5208d-e5f4-46ae-a514-543bc9c47659 +systemOnly: FALSE +searchFlags: fATTINDEX | fANR +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 35985 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Phonetic-Department +ldapDisplayName: msDS-PhoneticDepartment +attributeId: 1.2.840.113556.1.4.1944 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 6cd53daf-003e-49e7-a702-6fa896e7a6ef +systemOnly: FALSE +searchFlags: fATTINDEX | fANR +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 35984 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Phonetic-Display-Name +ldapDisplayName: msDS-PhoneticDisplayName +attributeId: 1.2.840.113556.1.4.1946 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: e21a94e4-2d66-4ce5-b30d-0ef87a776ff0 +systemOnly: FALSE +searchFlags: fATTINDEX | fANR +rangeLower: 0 +rangeUpper: 256 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 35986 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Phonetic-First-Name +ldapDisplayName: msDS-PhoneticFirstName +attributeId: 1.2.840.113556.1.4.1942 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 4b1cba4e-302f-4134-ac7c-f01f6c797843 +systemOnly: FALSE +searchFlags: fATTINDEX | fANR +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 35982 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Phonetic-Last-Name +ldapDisplayName: msDS-PhoneticLastName +attributeId: 1.2.840.113556.1.4.1943 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: f217e4ec-0836-4b90-88af-2f5d4bbda2bc +systemOnly: FALSE +searchFlags: fATTINDEX | fANR +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 35983 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Preferred-GC-Site +ldapDisplayName: msDS-Preferred-GC-Site +attributeId: 1.2.840.113556.1.4.1444 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: d921b50a-0ab2-42cd-87f6-09cf83a91854 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Principal-Name +ldapDisplayName: msDS-PrincipalName +attributeId: 1.2.840.113556.1.4.1865 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 564e9325-d057-c143-9e3b-4f9e5ef46f93 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Promotion-Settings +ldapDisplayName: msDS-PromotionSettings +attributeId: 1.2.840.113556.1.4.1962 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: c881b4e2-43c0-4ebe-b9bb-5250aa9b434c +systemOnly: TRUE +searchFlags: 0 +rangeUpper: 65536 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-PSO-Applied +ldapDisplayName: msDS-PSOApplied +attributeId: 1.2.840.113556.1.4.2021 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +isSingleValued: FALSE +systemOnly: TRUE +searchFlags: fCOPY +omObjectClass: 1.3.12.2.1011.28.0.714 +schemaIdGuid: 5e6cf031-bda8-43c8-aca4-8fee4127005b +linkID: 2119 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-PSO-Applies-To +ldapDisplayName: msDS-PSOAppliesTo +attributeId: 1.2.840.113556.1.4.2020 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +isSingleValued: FALSE +systemOnly: FALSE +searchFlags: 0 +omObjectClass: 1.3.12.2.1011.28.0.714 +schemaIdGuid: 64c80f48-cdd2-4881-a86d-4e97b6f561fc +linkID: 2118 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Quota-Amount +ldapDisplayName: msDS-QuotaAmount +attributeId: 1.2.840.113556.1.4.1845 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: fbb9a00d-3a8c-4233-9cf9-7189264903a1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Quota-Effective +ldapDisplayName: msDS-QuotaEffective +attributeId: 1.2.840.113556.1.4.1848 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 6655b152-101c-48b4-b347-e1fcebc60157 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Quota-Trustee +ldapDisplayName: msDS-QuotaTrustee +attributeId: 1.2.840.113556.1.4.1844 +attributeSyntax: 2.5.5.17 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 16378906-4ea5-49be-a8d1-bfd41dff4f65 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 28 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Quota-Used +ldapDisplayName: msDS-QuotaUsed +attributeId: 1.2.840.113556.1.4.1849 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: b5a84308-615d-4bb7-b05f-2f1746aa439f +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Repl-Attribute-Meta-Data +ldapDisplayName: msDS-ReplAttributeMetaData +attributeId: 1.2.840.113556.1.4.1707 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: d7c53242-724e-4c39-9d4c-2df8c9d66c7a +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: MS-DS-Replicates-NC-Reason +ldapDisplayName: mS-DS-ReplicatesNCReason +attributeId: 1.2.840.113556.1.4.1408 +attributeSyntax: 2.5.5.7 +omSyntax: 127 +omObjectClass: 1.2.840.113556.1.1.1.11 +isSingleValued: FALSE +schemaIdGuid: 0ea12b84-08b3-11d3-91bc-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-ReplicationEpoch +ldapDisplayName: msDS-ReplicationEpoch +attributeId: 1.2.840.113556.1.4.1720 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 08e3aa79-eb1c-45b5-af7b-8f94246c8e41 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Replication-Notify-First-DSA-Delay +ldapDisplayName: msDS-Replication-Notify-First-DSA-Delay +attributeId: 1.2.840.113556.1.4.1663 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 85abd4f4-0a89-4e49-bdec-6f35bb2562ba +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Replication-Notify-Subsequent-DSA-Delay +ldapDisplayName: msDS-Replication-Notify-Subsequent-DSA-Delay +attributeId: 1.2.840.113556.1.4.1664 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: d63db385-dd92-4b52-b1d8-0d3ecc0e86b6 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Repl-Value-Meta-Data +ldapDisplayName: msDS-ReplValueMetaData +attributeId: 1.2.840.113556.1.4.1708 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 2f5c8145-e1bd-410b-8957-8bfa81d5acfd +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Required-Domain-Behavior-Version +ldapDisplayName: msDS-RequiredDomainBehaviorVersion +attributeId: 1.2.840.113556.1.4.2066 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: eadd3dfe-ae0e-4cc2-b9b9-5fe5b6ed2dd2 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Required-Forest-Behavior-Version +ldapDisplayName: msDS-RequiredForestBehaviorVersion +attributeId: 1.2.840.113556.1.4.2079 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 4beca2e8-a653-41b2-8fee-721575474bec +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Resultant-PSO +ldapDisplayName: msDS-ResultantPSO +attributeId: 1.2.840.113556.1.4.2022 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +isSingleValued: TRUE +systemOnly: TRUE +searchFlags: fCOPY +omObjectClass: 1.3.12.2.1011.28.0.714 +schemaIdGuid: b77ea093-88d0-4780-9a98-911f8e8b1dca +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Retired-Repl-NC-Signatures +ldapDisplayName: msDS-RetiredReplNCSignatures +attributeId: 1.2.840.113556.1.4.1826 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: d5b35506-19d6-4d26-9afb-11357ac99b5e +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Revealed-DSAs +ldapDisplayName: msDS-RevealedDSAs +attributeId: 1.2.840.113556.1.4.1930 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 94f6f2ac-c76d-4b5e-b71f-f332c3e93c22 +systemOnly: TRUE +searchFlags: 0 +linkID: 2103 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Revealed-List +ldapDisplayName: msDS-RevealedList +attributeId: 1.2.840.113556.1.4.1940 +attributeSyntax: 2.5.5.14 +omSyntax: 127 +omObjectClass: 1.2.840.113556.1.1.1.12 +isSingleValued: FALSE +schemaIdGuid: cbdad11c-7fec-387b-6219-3a0627d9af81 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Revealed-List-BL +ldapDisplayName: msDS-RevealedListBL +attributeId: 1.2.840.113556.1.4.1975 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: aa1c88fd-b0f6-429f-b2ca-9d902266e808 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Revealed-Users +ldapDisplayName: msDS-RevealedUsers +attributeId: 1.2.840.113556.1.4.1924 +attributeSyntax: 2.5.5.7 +omSyntax: 127 +omObjectClass: 1.2.840.113556.1.1.1.11 +isSingleValued: FALSE +schemaIdGuid: 185c7821-3749-443a-bd6a-288899071adb +systemOnly: TRUE +searchFlags: 0 +linkID: 2102 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Reveal-OnDemand-Group +ldapDisplayName: msDS-RevealOnDemandGroup +attributeId: 1.2.840.113556.1.4.1928 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 303d9f4a-1dd6-4b38-8fc5-33afe8c988ad +systemOnly: FALSE +searchFlags: 0 +linkID: 2110 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-ds-Schema-Extensions +ldapDisplayName: msDs-Schema-Extensions +attributeId: 1.2.840.113556.1.4.1440 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: b39a61be-ed07-4cab-9a4a-4963ed0141e1 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-SD-Reference-Domain +ldapDisplayName: msDS-SDReferenceDomain +attributeId: 1.2.840.113556.1.4.1711 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 4c51e316-f628-43a5-b06b-ffb695fcb4f3 +systemOnly: FALSE +searchFlags: 0 +linkID: 2000 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Secondary-KrbTgt-Number +ldapDisplayName: msDS-SecondaryKrbTgtNumber +attributeId: 1.2.840.113556.1.4.1929 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: aa156612-2396-467e-ad6a-28d23fdb1865 +systemOnly: TRUE +searchFlags: fATTINDEX +rangeLower: 65536 +rangeUpper: 65536 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Security-Group-Extra-Classes +ldapDisplayName: msDS-Security-Group-Extra-Classes +attributeId: 1.2.840.113556.1.4.1688 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 4f146ae8-a4fe-4801-a731-f51848a4f4e4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Settings +ldapDisplayName: msDS-Settings +attributeId: 1.2.840.113556.1.4.1697 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 0e1b47d7-40a3-4b48-8d1b-4cac0c1cdf21 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 1000000 + +cn: ms-DS-Site-Affinity +ldapDisplayName: msDS-Site-Affinity +attributeId: 1.2.840.113556.1.4.1443 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: c17c5602-bcb7-46f0-9656-6370ca884b72 +systemOnly: FALSE +searchFlags: fATTINDEX +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-SiteName +ldapDisplayName: msDS-SiteName +attributeId: 1.2.840.113556.1.4.1961 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 98a7f36d-3595-448a-9e6f-6b8965baed9c +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Source-Object-DN +ldapDisplayName: msDS-SourceObjectDN +attributeId: 1.2.840.113556.1.4.1879 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 773e93af-d3b4-48d4-b3f9-06457602d3d0 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 10240 + +cn: ms-DS-SPN-Suffixes +ldapDisplayName: msDS-SPNSuffixes +attributeId: 1.2.840.113556.1.4.1715 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 789ee1eb-8c8e-4e4c-8cec-79b31b7617b5 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 255 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Supported-Encryption-Types +ldapDisplayName: msDS-SupportedEncryptionTypes +attributeId: 1.2.840.113556.1.4.1963 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 20119867-1d04-4ab7-9371-cfc3d5df0afd +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Tasks-For-Az-Role +ldapDisplayName: msDS-TasksForAzRole +attributeId: 1.2.840.113556.1.4.1814 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 35319082-8c4a-4646-9386-c2949d49894d +systemOnly: FALSE +searchFlags: 0 +linkID: 2024 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Tasks-For-Az-Role-BL +ldapDisplayName: msDS-TasksForAzRoleBL +attributeId: 1.2.840.113556.1.4.1815 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: a0dcd536-5158-42fe-8c40-c00a7ad37959 +systemOnly: TRUE +searchFlags: 0 +linkID: 2025 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: ms-DS-Tasks-For-Az-Task +ldapDisplayName: msDS-TasksForAzTask +attributeId: 1.2.840.113556.1.4.1810 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: b11c8ee2-5fcd-46a7-95f0-f38333f096cf +systemOnly: FALSE +searchFlags: 0 +linkID: 2020 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Tasks-For-Az-Task-BL +ldapDisplayName: msDS-TasksForAzTaskBL +attributeId: 1.2.840.113556.1.4.1811 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: df446e52-b5fa-4ca2-a42f-13f98a526c8f +systemOnly: TRUE +searchFlags: 0 +linkID: 2021 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: ms-DS-Tombstone-Quota-Factor +ldapDisplayName: msDS-TombstoneQuotaFactor +attributeId: 1.2.840.113556.1.4.1847 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 461744d7-f3b6-45ba-8753-fb9552a5df32 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 100 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Top-Quota-Usage +ldapDisplayName: msDS-TopQuotaUsage +attributeId: 1.2.840.113556.1.4.1850 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 7b7cce4f-f1f5-4bb6-b7eb-23504af19e75 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-Trust-Forest-Trust-Info +ldapDisplayName: msDS-TrustForestTrustInfo +attributeId: 1.2.840.113556.1.4.1702 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 29cc866e-49d3-4969-942e-1dbc0925d183 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-UpdateScript +ldapDisplayName: msDS-UpdateScript +attributeId: 1.2.840.113556.1.4.1721 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 146eb639-bb9f-4fc1-a825-e29e00c77920 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-User-Account-Control-Computed +ldapDisplayName: msDS-User-Account-Control-Computed +attributeId: 1.2.840.113556.1.4.1460 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 2cc4b836-b63f-4940-8d23-ea7acf06af56 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-User-Password-Expiry-Time-Computed +ldapDisplayName: msDS-UserPasswordExpiryTimeComputed +attributeId: 1.2.840.113556.1.4.1996 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: add5cf10-7b09-4449-9ae6-2534148f8a72 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-DS-USN-Last-Sync-Success +ldapDisplayName: msDS-USNLastSyncSuccess +attributeId: 1.2.840.113556.1.4.2055 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 31f7b8b6-c9f8-4f2d-a37b-58a823030331 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED | FLAG_ATTR_IS_OPERATIONAL +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: ms-Exch-Assistant-Name +ldapDisplayName: msExchAssistantName +attributeId: 1.2.840.113556.1.2.444 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: a8df7394-c5ea-11d1-bbcb-0080c76670c0 +searchFlags: 0 +rangeLower: 1 +rangeUpper: 256 +mapiID: 14896 + +cn: ms-Exch-House-Identifier +ldapDisplayName: msExchHouseIdentifier +attributeId: 1.2.840.113556.1.2.596 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: a8df7407-c5ea-11d1-bbcb-0080c76670c0 +searchFlags: 0 +rangeLower: 1 +rangeUpper: 128 +mapiID: 35924 + +cn: ms-Exch-LabeledURI +ldapDisplayName: msExchLabeledURI +attributeId: 1.2.840.113556.1.2.593 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 16775820-47f3-11d1-a9c3-0000f80367c1 +searchFlags: 0 +rangeLower: 1 +rangeUpper: 1024 +mapiID: 35921 + +cn: ms-Exch-Owner-BL +ldapDisplayName: ownerBL +attributeId: 1.2.840.113556.1.2.104 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: bf9679f4-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +linkID: 45 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: ms-FRS-Hub-Member +ldapDisplayName: msFRS-Hub-Member +attributeId: 1.2.840.113556.1.4.1693 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 5643ff81-35b6-4ca9-9512-baf0bd0a2772 +searchFlags: 0 +linkID: 1046 + +cn: ms-FRS-Topology-Pref +ldapDisplayName: msFRS-Topology-Pref +attributeId: 1.2.840.113556.1.4.1692 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 92aa27e0-5c50-402d-9ec1-ee847def9788 +searchFlags: 0 + +cn: ms-FVE-KeyPackage +ldapDisplayName: msFVE-KeyPackage +attributeId: 1.2.840.113556.1.4.1999 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +rangeUpper: 102400 +schemaIdGuid: 1fd55ea8-88a7-47dc-8129-0daa97186a54 +searchFlags: fRODCFilteredAttribute | fCONFIDENTIAL | fCOPY |fPRESERVEONDELETE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-FVE-RecoveryGuid +ldapDisplayName: msFVE-RecoveryGuid +attributeId: 1.2.840.113556.1.4.1965 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: f76909bc-e678-47a0-b0b3-f86a0044c06d +searchFlags: fCOPY | fPRESERVEONDELETE | fPDNTATTINDEX | fATTINDEX +rangeUpper: 128 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-FVE-RecoveryPassword +ldapDisplayName: msFVE-RecoveryPassword +attributeId: 1.2.840.113556.1.4.1964 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +rangeUpper: 256 +schemaIdGuid: 43061ac1-c8ad-4ccc-b785-2bfac20fc60a +searchFlags: fRODCFilteredAttribute | fCONFIDENTIAL | fCOPY |fPRESERVEONDELETE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-FVE-VolumeGuid +ldapDisplayName: msFVE-VolumeGuid +attributeId: 1.2.840.113556.1.4.1998 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +searchFlags: fCOPY | fPRESERVEONDELETE | fPDNTATTINDEX | fATTINDEX +rangeUpper: 128 +schemaIdGuid: 85e5a5cf-dcee-4075-9cfd-ac9db6a2f245 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-ieee-80211-Data +ldapDisplayName: msieee80211-Data +attributeId: 1.2.840.113556.1.4.1821 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 0e0d0938-2658-4580-a9f6-7a0ac7b566cb +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-ieee-80211-Data-Type +ldapDisplayName: msieee80211-DataType +attributeId: 1.2.840.113556.1.4.1822 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 6558b180-35da-4efe-beed-521f8f48cafb +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-ieee-80211-ID +ldapDisplayName: msieee80211-ID +attributeId: 1.2.840.113556.1.4.1823 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 7f73ef75-14c9-4c23-81de-dd07a06f9e8b +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Msi-File-List +ldapDisplayName: msiFileList +attributeId: 1.2.840.113556.1.4.671 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 7bfdcb7d-4807-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-IIS-FTP-Dir +ldapDisplayName: msIIS-FTPDir +attributeId: 1.2.840.113556.1.4.1786 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 8a5c99e9-2230-46eb-b8e8-e59d712eb9ee +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 256 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-IIS-FTP-Root +ldapDisplayName: msIIS-FTPRoot +attributeId: 1.2.840.113556.1.4.1785 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 2a7827a4-1483-49a5-9d84-52e3812156b4 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 256 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-Imaging-PSP-Identifier +ldapDisplayName: msImaging-PSPIdentifier +attributeId: 1.2.840.113556.1.4.2053 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 51583ce9-94fa-4b12-b990-304c35b18595 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-Imaging-PSP-String +ldapDisplayName: msImaging-PSPString +attributeId: 1.2.840.113556.1.4.2054 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 7b6760ae-d6ed-44a6-b6be-9de62c09ec67 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 524288 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Msi-Script +ldapDisplayName: msiScript +attributeId: 1.2.840.113556.1.4.814 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: d9e18313-8939-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Msi-Script-Name +ldapDisplayName: msiScriptName +attributeId: 1.2.840.113556.1.4.845 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 96a7dd62-9118-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Msi-Script-Path +ldapDisplayName: msiScriptPath +attributeId: 1.2.840.113556.1.4.15 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967937-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Msi-Script-Size +ldapDisplayName: msiScriptSize +attributeId: 1.2.840.113556.1.4.846 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 96a7dd63-9118-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Authenticate +ldapDisplayName: mSMQAuthenticate +attributeId: 1.2.840.113556.1.4.923 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 9a0dc326-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Base-Priority +ldapDisplayName: mSMQBasePriority +attributeId: 1.2.840.113556.1.4.920 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 9a0dc323-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Computer-Type +ldapDisplayName: mSMQComputerType +attributeId: 1.2.840.113556.1.4.933 +attributeSyntax: 2.5.5.4 +omSyntax: 20 +isSingleValued: TRUE +schemaIdGuid: 9a0dc32e-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Computer-Type-Ex +ldapDisplayName: mSMQComputerTypeEx +attributeId: 1.2.840.113556.1.4.1417 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 18120de8-f4c4-4341-bd95-32eb5bcf7c80 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Cost +ldapDisplayName: mSMQCost +attributeId: 1.2.840.113556.1.4.946 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 9a0dc33a-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-CSP-Name +ldapDisplayName: mSMQCSPName +attributeId: 1.2.840.113556.1.4.940 +attributeSyntax: 2.5.5.4 +omSyntax: 20 +isSingleValued: TRUE +schemaIdGuid: 9a0dc334-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Dependent-Client-Service +ldapDisplayName: mSMQDependentClientService +attributeId: 1.2.840.113556.1.4.1239 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 2df90d83-009f-11d2-aa4c-00c04fd7d83a +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Dependent-Client-Services +ldapDisplayName: mSMQDependentClientServices +attributeId: 1.2.840.113556.1.4.1226 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 2df90d76-009f-11d2-aa4c-00c04fd7d83a +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Digests +ldapDisplayName: mSMQDigests +attributeId: 1.2.840.113556.1.4.948 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 9a0dc33c-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 16 +rangeUpper: 16 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Digests-Mig +ldapDisplayName: mSMQDigestsMig +attributeId: 1.2.840.113556.1.4.966 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 0f71d8e0-da3b-11d1-90a5-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Ds-Service +ldapDisplayName: mSMQDsService +attributeId: 1.2.840.113556.1.4.1238 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 2df90d82-009f-11d2-aa4c-00c04fd7d83a +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Ds-Services +ldapDisplayName: mSMQDsServices +attributeId: 1.2.840.113556.1.4.1228 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 2df90d78-009f-11d2-aa4c-00c04fd7d83a +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Encrypt-Key +ldapDisplayName: mSMQEncryptKey +attributeId: 1.2.840.113556.1.4.936 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 9a0dc331-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Foreign +ldapDisplayName: mSMQForeign +attributeId: 1.2.840.113556.1.4.934 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 9a0dc32f-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-In-Routing-Servers +ldapDisplayName: mSMQInRoutingServers +attributeId: 1.2.840.113556.1.4.929 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 9a0dc32c-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Interval1 +ldapDisplayName: mSMQInterval1 +attributeId: 1.2.840.113556.1.4.1308 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 8ea825aa-3b7b-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Interval2 +ldapDisplayName: mSMQInterval2 +attributeId: 1.2.840.113556.1.4.1309 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 99b88f52-3b7b-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Journal +ldapDisplayName: mSMQJournal +attributeId: 1.2.840.113556.1.4.918 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 9a0dc321-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Journal-Quota +ldapDisplayName: mSMQJournalQuota +attributeId: 1.2.840.113556.1.4.921 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 9a0dc324-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Label +ldapDisplayName: mSMQLabel +attributeId: 1.2.840.113556.1.4.922 +attributeSyntax: 2.5.5.4 +omSyntax: 20 +isSingleValued: TRUE +schemaIdGuid: 9a0dc325-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 0 +rangeUpper: 124 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Label-Ex +ldapDisplayName: mSMQLabelEx +attributeId: 1.2.840.113556.1.4.1415 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 4580ad25-d407-48d2-ad24-43e6e56793d7 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 0 +rangeUpper: 124 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Long-Lived +ldapDisplayName: mSMQLongLived +attributeId: 1.2.840.113556.1.4.941 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 9a0dc335-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Migrated +ldapDisplayName: mSMQMigrated +attributeId: 1.2.840.113556.1.4.952 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 9a0dc33f-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Multicast-Address +ldapDisplayName: MSMQ-MulticastAddress +attributeId: 1.2.840.113556.1.4.1714 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 1d2f4412-f10d-4337-9b48-6e5b125cd265 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 9 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Name-Style +ldapDisplayName: mSMQNameStyle +attributeId: 1.2.840.113556.1.4.939 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 9a0dc333-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Nt4-Flags +ldapDisplayName: mSMQNt4Flags +attributeId: 1.2.840.113556.1.4.964 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: eb38a158-d57f-11d1-90a2-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Nt4-Stub +ldapDisplayName: mSMQNt4Stub +attributeId: 1.2.840.113556.1.4.960 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: FALSE +schemaIdGuid: 6f914be6-d57e-11d1-90a2-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-OS-Type +ldapDisplayName: mSMQOSType +attributeId: 1.2.840.113556.1.4.935 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 9a0dc330-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Out-Routing-Servers +ldapDisplayName: mSMQOutRoutingServers +attributeId: 1.2.840.113556.1.4.928 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 9a0dc32b-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Owner-ID +ldapDisplayName: mSMQOwnerID +attributeId: 1.2.840.113556.1.4.925 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 9a0dc328-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: fPRESERVEONDELETE | fATTINDEX +rangeLower: 16 +rangeUpper: 16 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: MSMQ-Prev-Site-Gates +ldapDisplayName: mSMQPrevSiteGates +attributeId: 1.2.840.113556.1.4.1225 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 2df90d75-009f-11d2-aa4c-00c04fd7d83a +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Privacy-Level +ldapDisplayName: mSMQPrivacyLevel +attributeId: 1.2.840.113556.1.4.924 +attributeSyntax: 2.5.5.9 +omSyntax: 10 +isSingleValued: TRUE +schemaIdGuid: 9a0dc327-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 2 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-QM-ID +ldapDisplayName: mSMQQMID +attributeId: 1.2.840.113556.1.4.951 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 9a0dc33e-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 16 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Queue-Journal-Quota +ldapDisplayName: mSMQQueueJournalQuota +attributeId: 1.2.840.113556.1.4.963 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 8e441266-d57f-11d1-90a2-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Queue-Name-Ext +ldapDisplayName: mSMQQueueNameExt +attributeId: 1.2.840.113556.1.4.1243 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 2df90d87-009f-11d2-aa4c-00c04fd7d83a +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 92 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Queue-Quota +ldapDisplayName: mSMQQueueQuota +attributeId: 1.2.840.113556.1.4.962 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 3f6b8e12-d57f-11d1-90a2-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Queue-Type +ldapDisplayName: mSMQQueueType +attributeId: 1.2.840.113556.1.4.917 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 9a0dc320-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 16 +rangeUpper: 16 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Quota +ldapDisplayName: mSMQQuota +attributeId: 1.2.840.113556.1.4.919 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 9a0dc322-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Recipient-FormatName +ldapDisplayName: msMQ-Recipient-FormatName +attributeId: 1.2.840.113556.1.4.1695 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 3bfe6748-b544-485a-b067-1b310c4334bf +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 255 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Routing-Service +ldapDisplayName: mSMQRoutingService +attributeId: 1.2.840.113556.1.4.1237 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 2df90d81-009f-11d2-aa4c-00c04fd7d83a +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Routing-Services +ldapDisplayName: mSMQRoutingServices +attributeId: 1.2.840.113556.1.4.1227 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 2df90d77-009f-11d2-aa4c-00c04fd7d83a +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Secured-Source +ldapDisplayName: MSMQ-SecuredSource +attributeId: 1.2.840.113556.1.4.1713 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 8bf0221b-7a06-4d63-91f0-1499941813d3 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Services +ldapDisplayName: mSMQServices +attributeId: 1.2.840.113556.1.4.950 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 9a0dc33d-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Service-Type +ldapDisplayName: mSMQServiceType +attributeId: 1.2.840.113556.1.4.930 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 9a0dc32d-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Sign-Certificates +ldapDisplayName: mSMQSignCertificates +attributeId: 1.2.840.113556.1.4.947 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 9a0dc33b-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 1048576 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Sign-Certificates-Mig +ldapDisplayName: mSMQSignCertificatesMig +attributeId: 1.2.840.113556.1.4.967 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 3881b8ea-da3b-11d1-90a5-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 1048576 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Sign-Key +ldapDisplayName: mSMQSignKey +attributeId: 1.2.840.113556.1.4.937 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 9a0dc332-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Site-1 +ldapDisplayName: mSMQSite1 +attributeId: 1.2.840.113556.1.4.943 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 9a0dc337-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Site-2 +ldapDisplayName: mSMQSite2 +attributeId: 1.2.840.113556.1.4.944 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 9a0dc338-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Site-Foreign +ldapDisplayName: mSMQSiteForeign +attributeId: 1.2.840.113556.1.4.961 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: FALSE +schemaIdGuid: fd129d8a-d57e-11d1-90a2-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Site-Gates +ldapDisplayName: mSMQSiteGates +attributeId: 1.2.840.113556.1.4.945 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 9a0dc339-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Site-Gates-Mig +ldapDisplayName: mSMQSiteGatesMig +attributeId: 1.2.840.113556.1.4.1310 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: e2704852-3b7b-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Site-ID +ldapDisplayName: mSMQSiteID +attributeId: 1.2.840.113556.1.4.953 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 9a0dc340-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Site-Name +ldapDisplayName: mSMQSiteName +attributeId: 1.2.840.113556.1.4.965 +attributeSyntax: 2.5.5.4 +omSyntax: 20 +isSingleValued: TRUE +schemaIdGuid: ffadb4b2-de39-11d1-90a5-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Site-Name-Ex +ldapDisplayName: mSMQSiteNameEx +attributeId: 1.2.840.113556.1.4.1416 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 422144fa-c17f-4649-94d6-9731ed2784ed +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Sites +ldapDisplayName: mSMQSites +attributeId: 1.2.840.113556.1.4.927 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 9a0dc32a-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 16 +rangeUpper: 16 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Transactional +ldapDisplayName: mSMQTransactional +attributeId: 1.2.840.113556.1.4.926 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 9a0dc329-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-User-Sid +ldapDisplayName: mSMQUserSid +attributeId: 1.2.840.113556.1.4.1337 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: c58aae32-56f9-11d2-90d0-00c04fd91ab1 +systemOnly: TRUE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 128 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER + +cn: MSMQ-Version +ldapDisplayName: mSMQVersion +attributeId: 1.2.840.113556.1.4.942 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 9a0dc336-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-net-ieee-80211-GP-PolicyData +ldapDisplayName: ms-net-ieee-80211-GP-PolicyData +attributeId: 1.2.840.113556.1.4.1952 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 9c1495a5-4d76-468e-991e-1433b0a67855 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 4194304 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-net-ieee-80211-GP-PolicyGUID +ldapDisplayName: ms-net-ieee-80211-GP-PolicyGUID +attributeId: 1.2.840.113556.1.4.1951 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 35697062-1eaf-448b-ac1e-388e0be4fdee +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 64 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-net-ieee-80211-GP-PolicyReserved +ldapDisplayName: ms-net-ieee-80211-GP-PolicyReserved +attributeId: 1.2.840.113556.1.4.1953 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 0f69c62e-088e-4ff5-a53a-e923cec07c0a +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 4194304 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-net-ieee-8023-GP-PolicyData +ldapDisplayName: ms-net-ieee-8023-GP-PolicyData +attributeId: 1.2.840.113556.1.4.1955 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 8398948b-7457-4d91-bd4d-8d7ed669c9f7 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 1048576 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-net-ieee-8023-GP-PolicyGUID +ldapDisplayName: ms-net-ieee-8023-GP-PolicyGUID +attributeId: 1.2.840.113556.1.4.1954 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 94a7b05a-b8b2-4f59-9c25-39e69baa1684 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 64 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-net-ieee-8023-GP-PolicyReserved +ldapDisplayName: ms-net-ieee-8023-GP-PolicyReserved +attributeId: 1.2.840.113556.1.4.1956 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: d3c527c7-2606-4deb-8cfd-18426feec8ce +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 1048576 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: msNPAllowDialin +ldapDisplayName: msNPAllowDialin +attributeId: 1.2.840.113556.1.4.1119 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: db0c9085-c1f2-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: fCOPY +attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: msNPCalledStationID +ldapDisplayName: msNPCalledStationID +attributeId: 1.2.840.113556.1.4.1123 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: db0c9089-c1f2-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: fCOPY +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: msNPCallingStationID +ldapDisplayName: msNPCallingStationID +attributeId: 1.2.840.113556.1.4.1124 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: db0c908a-c1f2-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: fCOPY +attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: msNPSavedCallingStationID +ldapDisplayName: msNPSavedCallingStationID +attributeId: 1.2.840.113556.1.4.1130 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: db0c908e-c1f2-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: fCOPY +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-AccountCredentials +ldapDisplayName: msPKIAccountCredentials +attributeId: 1.2.840.113556.1.4.1894 +attributeSyntax: 2.5.5.7 +omSyntax: 127 +omObjectClass: 1.2.840.113556.1.1.1.11 +isSingleValued: FALSE +schemaIdGuid: b8dfa744-31dc-4ef1-ac7c-84baf7ef9da7 +systemOnly: FALSE +searchFlags: fCONFIDENTIAL | fRODCFilteredAttribute +attributeSecurityGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8 +linkID: 2048 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-Certificate-Application-Policy +ldapDisplayName: msPKI-Certificate-Application-Policy +attributeId: 1.2.840.113556.1.4.1674 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: dbd90548-aa37-4202-9966-8c537ba5ce32 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-Certificate-Name-Flag +ldapDisplayName: msPKI-Certificate-Name-Flag +attributeId: 1.2.840.113556.1.4.1432 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: ea1dddc4-60ff-416e-8cc0-17cee534bce7 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-Certificate-Policy +ldapDisplayName: msPKI-Certificate-Policy +attributeId: 1.2.840.113556.1.4.1439 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 38942346-cc5b-424b-a7d8-6ffd12029c5f +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-Cert-Template-OID +ldapDisplayName: msPKI-Cert-Template-OID +attributeId: 1.2.840.113556.1.4.1436 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 3164c36a-ba26-468c-8bda-c1e5cc256728 +systemOnly: FALSE +searchFlags: 1 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-Credential-Roaming-Tokens +ldapDisplayName: msPKI-CredentialRoamingTokens +attributeId: 1.2.840.113556.1.4.2050 +attributeSyntax: 2.5.5.7 +omSyntax: 127 +omObjectClass: 1.2.840.113556.1.1.1.11 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +schemaIdGuid: b7ff5a38-0818-42b0-8110-d3d154c97f24 +attributeSecurityGUID: 91e647de-d96f-4b70-9557-d63ff4f3ccd8 +systemOnly: FALSE +searchFlags: fCONFIDENTIAL +linkID: 2162 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-DPAPIMasterKeys +ldapDisplayName: msPKIDPAPIMasterKeys +attributeId: 1.2.840.113556.1.4.1893 +attributeSyntax: 2.5.5.7 +omSyntax: 127 +omObjectClass: 1.2.840.113556.1.1.1.11 +isSingleValued: FALSE +schemaIdGuid: b3f93023-9239-4f7c-b99c-6745d87adbc2 +systemOnly: FALSE +searchFlags: fCONFIDENTIAL | fRODCFilteredAttribute +attributeSecurityGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8 +linkID: 2046 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-Enrollment-Flag +ldapDisplayName: msPKI-Enrollment-Flag +attributeId: 1.2.840.113556.1.4.1430 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: d15ef7d8-f226-46db-ae79-b34e560bd12c +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-Enrollment-Servers +ldapDisplayName: msPKI-Enrollment-Servers +attributeId: 1.2.840.113556.1.4.2076 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: f22bd38f-a1d0-4832-8b28-0331438886a6 +systemOnly: FALSE +rangeUpper: 65536 +isMemberOfPartialAttributeSet: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-Minimal-Key-Size +ldapDisplayName: msPKI-Minimal-Key-Size +attributeId: 1.2.840.113556.1.4.1433 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: e96a63f5-417f-46d3-be52-db7703c503df +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-OID-Attribute +ldapDisplayName: msPKI-OID-Attribute +attributeId: 1.2.840.113556.1.4.1671 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 8c9e1288-5028-4f4f-a704-76d026f246ef +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-OID-CPS +ldapDisplayName: msPKI-OID-CPS +attributeId: 1.2.840.113556.1.4.1672 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 5f49940e-a79f-4a51-bb6f-3d446a54dc6b +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 32768 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-OID-LocalizedName +ldapDisplayName: msPKI-OIDLocalizedName +attributeId: 1.2.840.113556.1.4.1712 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 7d59a816-bb05-4a72-971f-5c1331f67559 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 512 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-OID-User-Notice +ldapDisplayName: msPKI-OID-User-Notice +attributeId: 1.2.840.113556.1.4.1673 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 04c4da7a-e114-4e69-88de-e293f2d3b395 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 32768 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-Private-Key-Flag +ldapDisplayName: msPKI-Private-Key-Flag +attributeId: 1.2.840.113556.1.4.1431 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bab04ac2-0435-4709-9307-28380e7c7001 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-RA-Application-Policies +ldapDisplayName: msPKI-RA-Application-Policies +attributeId: 1.2.840.113556.1.4.1675 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 3c91fbbf-4773-4ccd-a87b-85d53e7bcf6a +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-RA-Policies +ldapDisplayName: msPKI-RA-Policies +attributeId: 1.2.840.113556.1.4.1438 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: d546ae22-0951-4d47-817e-1c9f96faad46 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-RA-Signature +ldapDisplayName: msPKI-RA-Signature +attributeId: 1.2.840.113556.1.4.1429 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: fe17e04b-937d-4f7e-8e0e-9292c8d5683e +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-RoamingTimeStamp +ldapDisplayName: msPKIRoamingTimeStamp +attributeId: 1.2.840.113556.1.4.1892 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 6617e4ac-a2f1-43ab-b60c-11fbd1facf05 +systemOnly: FALSE +searchFlags: fCONFIDENTIAL | fRODCFilteredAttribute +attributeSecurityGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-Site-Name +ldapDisplayName: msPKI-Site-Name +attributeId: 1.2.840.113556.1.4.2077 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 0cd8711f-0afc-4926-a4b1-09b08d3d436c +systemOnly: FALSE +rangeUpper: 1024 +isMemberOfPartialAttributeSet: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-Supersede-Templates +ldapDisplayName: msPKI-Supersede-Templates +attributeId: 1.2.840.113556.1.4.1437 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 9de8ae7d-7a5b-421d-b5e4-061f79dfd5d7 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-Template-Minor-Revision +ldapDisplayName: msPKI-Template-Minor-Revision +attributeId: 1.2.840.113556.1.4.1435 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 13f5236c-1884-46b1-b5d0-484e38990d58 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-Template-Schema-Version +ldapDisplayName: msPKI-Template-Schema-Version +attributeId: 1.2.840.113556.1.4.1434 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 0c15e9f5-491d-4594-918f-32813a091da9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: msRADIUSCallbackNumber +ldapDisplayName: msRADIUSCallbackNumber +attributeId: 1.2.840.113556.1.4.1145 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: TRUE +schemaIdGuid: db0c909c-c1f2-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: fCOPY +attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-RADIUS-FramedInterfaceId +ldapDisplayName: msRADIUS-FramedInterfaceId +attributeId: 1.2.840.113556.1.4.1913 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: TRUE +schemaIdGuid: a6f24a23-d65c-4d65-a64f-35fb6873c2b9 +systemOnly: FALSE +searchFlags: fCOPY +rangeUpper: 8 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: msRADIUSFramedIPAddress +ldapDisplayName: msRADIUSFramedIPAddress +attributeId: 1.2.840.113556.1.4.1153 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: db0c90a4-c1f2-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: fCOPY +attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-RADIUS-FramedIpv6Prefix +ldapDisplayName: msRADIUS-FramedIpv6Prefix +attributeId: 1.2.840.113556.1.4.1915 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: TRUE +schemaIdGuid: f63ed610-d67c-494d-87be-cd1e24359a38 +systemOnly: FALSE +searchFlags: fCOPY +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-RADIUS-FramedIpv6Route +ldapDisplayName: msRADIUS-FramedIpv6Route +attributeId: 1.2.840.113556.1.4.1917 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: 5a5aa804-3083-4863-94e5-018a79a22ec0 +systemOnly: FALSE +searchFlags: fCOPY +rangeUpper: 4096 + +cn: msRADIUSFramedRoute +ldapDisplayName: msRADIUSFramedRoute +attributeId: 1.2.840.113556.1.4.1158 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: db0c90a9-c1f2-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: fCOPY +attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-RADIUS-SavedFramedInterfaceId +ldapDisplayName: msRADIUS-SavedFramedInterfaceId +attributeId: 1.2.840.113556.1.4.1914 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: TRUE +schemaIdGuid: a4da7289-92a3-42e5-b6b6-dad16d280ac9 +systemOnly: FALSE +searchFlags: fCOPY +rangeUpper: 8 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-RADIUS-SavedFramedIpv6Prefix +ldapDisplayName: msRADIUS-SavedFramedIpv6Prefix +attributeId: 1.2.840.113556.1.4.1916 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: TRUE +schemaIdGuid: 0965a062-b1e1-403b-b48d-5c0eb0e952cc +systemOnly: FALSE +searchFlags: fCOPY +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-RADIUS-SavedFramedIpv6Route +ldapDisplayName: msRADIUS-SavedFramedIpv6Route +attributeId: 1.2.840.113556.1.4.1918 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: 9666bb5c-df9d-4d41-b437-2eec7e27c9b3 +systemOnly: FALSE +searchFlags: fCOPY +rangeUpper: 4096 + +cn: msRADIUSServiceType +ldapDisplayName: msRADIUSServiceType +attributeId: 1.2.840.113556.1.4.1171 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: db0c90b6-c1f2-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: fCOPY +attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: msRASSavedCallbackNumber +ldapDisplayName: msRASSavedCallbackNumber +attributeId: 1.2.840.113556.1.4.1189 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: TRUE +schemaIdGuid: db0c90c5-c1f2-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: fCOPY +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: msRASSavedFramedIPAddress +ldapDisplayName: msRASSavedFramedIPAddress +attributeId: 1.2.840.113556.1.4.1190 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: db0c90c6-c1f2-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: fCOPY +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: msRASSavedFramedRoute +ldapDisplayName: msRASSavedFramedRoute +attributeId: 1.2.840.113556.1.4.1191 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: db0c90c7-c1f2-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +searchFlags: fCOPY +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-RRAS-Attribute +ldapDisplayName: msRRASAttribute +attributeId: 1.2.840.113556.1.4.884 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: f39b98ad-938d-11d1-aebd-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-RRAS-Vendor-Attribute-Entry +ldapDisplayName: msRRASVendorAttributeEntry +attributeId: 1.2.840.113556.1.4.883 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: f39b98ac-938d-11d1-aebd-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: msSFU-30-Aliases +ldapDisplayName: msSFU30Aliases +attributeId: 1.2.840.113556.1.6.18.1.323 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: 20ebf171-c69a-4c31-b29d-dcb837d8912d +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 153600 + +cn: msSFU-30-Crypt-Method +ldapDisplayName: msSFU30CryptMethod +attributeId: 1.2.840.113556.1.6.18.1.352 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: TRUE +schemaIdGuid: 4503d2a3-3d70-41b8-b077-dff123c15865 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 1024 + +cn: msSFU-30-Domains +ldapDisplayName: msSFU30Domains +attributeId: 1.2.840.113556.1.6.18.1.340 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: 93095ed3-6f30-4bdd-b734-65d569f5f7c9 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeUpper: 256000 + +cn: msSFU-30-Field-Separator +ldapDisplayName: msSFU30FieldSeparator +attributeId: 1.2.840.113556.1.6.18.1.302 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: a2e11a42-e781-4ca1-a7fa-ec307f62b6a1 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 50 + +cn: msSFU-30-Intra-Field-Separator +ldapDisplayName: msSFU30IntraFieldSeparator +attributeId: 1.2.840.113556.1.6.18.1.303 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 95b2aef0-27e4-4cb9-880a-a2d9a9ea23b8 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 50 + +cn: msSFU-30-Is-Valid-Container +ldapDisplayName: msSFU30IsValidContainer +attributeId: 1.2.840.113556.1.6.18.1.350 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 0dea42f5-278d-4157-b4a7-49b59664915b +systemOnly: FALSE +searchFlags: fATTINDEX + +cn: msSFU-30-Key-Attributes +ldapDisplayName: msSFU30KeyAttributes +attributeId: 1.2.840.113556.1.6.18.1.301 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 32ecd698-ce9e-4894-a134-7ad76b082e83 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 1024 + +cn: msSFU-30-Key-Values +ldapDisplayName: msSFU30KeyValues +attributeId: 1.2.840.113556.1.6.18.1.324 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: 37830235-e5e9-46f2-922b-d8d44f03e7ae +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 10240 + +cn: msSFU-30-Map-Filter +ldapDisplayName: msSFU30MapFilter +attributeId: 1.2.840.113556.1.6.18.1.306 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: b7b16e01-024f-4e23-ad0d-71f1a406b684 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 1024 + +cn: msSFU-30-Master-Server-Name +ldapDisplayName: msSFU30MasterServerName +attributeId: 1.2.840.113556.1.6.18.1.307 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 4cc908a2-9e18-410e-8459-f17cc422020a +systemOnly: FALSE +searchFlags: fATTINDEX +rangeUpper: 1024 + +cn: msSFU-30-Max-Gid-Number +ldapDisplayName: msSFU30MaxGidNumber +attributeId: 1.2.840.113556.1.6.18.1.342 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 04ee6aa6-f83b-469a-bf5a-3c00d3634669 +systemOnly: FALSE +searchFlags: fATTINDEX + +cn: msSFU-30-Max-Uid-Number +ldapDisplayName: msSFU30MaxUidNumber +attributeId: 1.2.840.113556.1.6.18.1.343 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: ec998437-d944-4a28-8500-217588adfc75 +systemOnly: FALSE +searchFlags: fATTINDEX + +cn: msSFU-30-Name +ldapDisplayName: msSFU30Name +attributeId: 1.2.840.113556.1.6.18.1.309 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: TRUE +schemaIdGuid: 16c5d1d3-35c2-4061-a870-a5cefda804f0 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeUpper: 1024 + +cn: msSFU-30-Netgroup-Host-At-Domain +ldapDisplayName: msSFU30NetgroupHostAtDomain +attributeId: 1.2.840.113556.1.6.18.1.348 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: 97d2bf65-0466-4852-a25a-ec20f57ee36c +systemOnly: FALSE +searchFlags: fATTINDEX +rangeUpper: 2048 + +cn: msSFU-30-Netgroup-User-At-Domain +ldapDisplayName: msSFU30NetgroupUserAtDomain +attributeId: 1.2.840.113556.1.6.18.1.349 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: a9e84eed-e630-4b67-b4b3-cad2a82d345e +systemOnly: FALSE +searchFlags: fATTINDEX +rangeUpper: 2048 + +cn: msSFU-30-Nis-Domain +ldapDisplayName: msSFU30NisDomain +attributeId: 1.2.840.113556.1.6.18.1.339 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: TRUE +schemaIdGuid: 9ee3b2e3-c7f3-45f8-8c9f-1382be4984d2 +systemOnly: FALSE +searchFlags: fPRESERVEONDELETE | fATTINDEX +rangeUpper: 1024 + +cn: msSFU-30-NSMAP-Field-Position +ldapDisplayName: msSFU30NSMAPFieldPosition +attributeId: 1.2.840.113556.1.6.18.1.345 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: TRUE +schemaIdGuid: 585c9d5e-f599-4f07-9cf9-4373af4b89d3 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 1024 + +cn: msSFU-30-Order-Number +ldapDisplayName: msSFU30OrderNumber +attributeId: 1.2.840.113556.1.6.18.1.308 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 02625f05-d1ee-4f9f-b366-55266becb95c +systemOnly: FALSE +searchFlags: fATTINDEX +rangeUpper: 1024 + +cn: msSFU-30-Posix-Member +ldapDisplayName: msSFU30PosixMember +attributeId: 1.2.840.113556.1.6.18.1.346 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: c875d82d-2848-4cec-bb50-3c5486d09d57 +systemOnly: FALSE +searchFlags: 0 +linkID: 2030 + +cn: msSFU-30-Posix-Member-Of +ldapDisplayName: msSFU30PosixMemberOf +attributeId: 1.2.840.113556.1.6.18.1.347 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 7bd76b92-3244-438a-ada6-24f5ea34381e +systemOnly: FALSE +searchFlags: 0 +linkID: 2031 +systemFlags: FLAG_ATTR_NOT_REPLICATED + +cn: msSFU-30-Result-Attributes +ldapDisplayName: msSFU30ResultAttributes +attributeId: 1.2.840.113556.1.6.18.1.305 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: e167b0b6-4045-4433-ac35-53f972d45cba +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 1024 + +cn: msSFU-30-Search-Attributes +ldapDisplayName: msSFU30SearchAttributes +attributeId: 1.2.840.113556.1.6.18.1.304 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: ef9a2df0-2e57-48c8-8950-0cc674004733 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 1024 + +cn: msSFU-30-Search-Container +ldapDisplayName: msSFU30SearchContainer +attributeId: 1.2.840.113556.1.6.18.1.300 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 27eebfa2-fbeb-4f8e-aad6-c50247994291 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 2048 + +cn: msSFU-30-Yp-Servers +ldapDisplayName: msSFU30YpServers +attributeId: 1.2.840.113556.1.6.18.1.341 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: 084a944b-e150-4bfe-9345-40e1aedaebba +systemOnly: FALSE +searchFlags: fATTINDEX +rangeUpper: 20480 + +cn: MS-SQL-Alias +ldapDisplayName: mS-SQL-Alias +attributeId: 1.2.840.113556.1.4.1395 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: e0c6baae-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: fATTINDEX +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-AllowAnonymousSubscription +ldapDisplayName: mS-SQL-AllowAnonymousSubscription +attributeId: 1.2.840.113556.1.4.1394 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: db77be4a-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-AllowImmediateUpdatingSubscription +ldapDisplayName: mS-SQL-AllowImmediateUpdatingSubscription +attributeId: 1.2.840.113556.1.4.1404 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: c4186b6e-d34b-11d2-999a-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-AllowKnownPullSubscription +ldapDisplayName: mS-SQL-AllowKnownPullSubscription +attributeId: 1.2.840.113556.1.4.1403 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: c3bb7054-d34b-11d2-999a-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-AllowQueuedUpdatingSubscription +ldapDisplayName: mS-SQL-AllowQueuedUpdatingSubscription +attributeId: 1.2.840.113556.1.4.1405 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: c458ca80-d34b-11d2-999a-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-AllowSnapshotFilesFTPDownloading +ldapDisplayName: mS-SQL-AllowSnapshotFilesFTPDownloading +attributeId: 1.2.840.113556.1.4.1406 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: c49b8be8-d34b-11d2-999a-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-AppleTalk +ldapDisplayName: mS-SQL-AppleTalk +attributeId: 1.2.840.113556.1.4.1378 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 8fda89f4-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-Applications +ldapDisplayName: mS-SQL-Applications +attributeId: 1.2.840.113556.1.4.1400 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: fbcda2ea-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-Build +ldapDisplayName: mS-SQL-Build +attributeId: 1.2.840.113556.1.4.1368 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 603e94c4-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-CharacterSet +ldapDisplayName: mS-SQL-CharacterSet +attributeId: 1.2.840.113556.1.4.1370 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 696177a6-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-Clustered +ldapDisplayName: mS-SQL-Clustered +attributeId: 1.2.840.113556.1.4.1373 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 7778bd90-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-ConnectionURL +ldapDisplayName: mS-SQL-ConnectionURL +attributeId: 1.2.840.113556.1.4.1383 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: a92d23da-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-Contact +ldapDisplayName: mS-SQL-Contact +attributeId: 1.2.840.113556.1.4.1365 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 4f6cbdd8-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-CreationDate +ldapDisplayName: mS-SQL-CreationDate +attributeId: 1.2.840.113556.1.4.1397 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: ede14754-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-Database +ldapDisplayName: mS-SQL-Database +attributeId: 1.2.840.113556.1.4.1393 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: d5a0dbdc-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: fATTINDEX +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-Description +ldapDisplayName: mS-SQL-Description +attributeId: 1.2.840.113556.1.4.1390 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 8386603c-ccef-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-GPSHeight +ldapDisplayName: mS-SQL-GPSHeight +attributeId: 1.2.840.113556.1.4.1387 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bcdd4f0e-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-GPSLatitude +ldapDisplayName: mS-SQL-GPSLatitude +attributeId: 1.2.840.113556.1.4.1385 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: b222ba0e-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-GPSLongitude +ldapDisplayName: mS-SQL-GPSLongitude +attributeId: 1.2.840.113556.1.4.1386 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: b7577c94-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-InformationDirectory +ldapDisplayName: mS-SQL-InformationDirectory +attributeId: 1.2.840.113556.1.4.1392 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: d0aedb2e-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-InformationURL +ldapDisplayName: mS-SQL-InformationURL +attributeId: 1.2.840.113556.1.4.1382 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: a42cd510-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-Keywords +ldapDisplayName: mS-SQL-Keywords +attributeId: 1.2.840.113556.1.4.1401 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 01e9a98a-ccef-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-Language +ldapDisplayName: mS-SQL-Language +attributeId: 1.2.840.113556.1.4.1389 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: c57f72f4-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-LastBackupDate +ldapDisplayName: mS-SQL-LastBackupDate +attributeId: 1.2.840.113556.1.4.1398 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: f2b6abca-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-LastDiagnosticDate +ldapDisplayName: mS-SQL-LastDiagnosticDate +attributeId: 1.2.840.113556.1.4.1399 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: f6d6dd88-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-LastUpdatedDate +ldapDisplayName: mS-SQL-LastUpdatedDate +attributeId: 1.2.840.113556.1.4.1381 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 9fcc43d4-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-Location +ldapDisplayName: mS-SQL-Location +attributeId: 1.2.840.113556.1.4.1366 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 561c9644-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-Memory +ldapDisplayName: mS-SQL-Memory +attributeId: 1.2.840.113556.1.4.1367 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 5b5d448c-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-MultiProtocol +ldapDisplayName: mS-SQL-MultiProtocol +attributeId: 1.2.840.113556.1.4.1375 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 8157fa38-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-Name +ldapDisplayName: mS-SQL-Name +attributeId: 1.2.840.113556.1.4.1363 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 3532dfd8-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: fATTINDEX +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-NamedPipe +ldapDisplayName: mS-SQL-NamedPipe +attributeId: 1.2.840.113556.1.4.1374 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 7b91c840-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-PublicationURL +ldapDisplayName: mS-SQL-PublicationURL +attributeId: 1.2.840.113556.1.4.1384 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: ae0c11b8-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-Publisher +ldapDisplayName: mS-SQL-Publisher +attributeId: 1.2.840.113556.1.4.1402 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: c1676858-d34b-11d2-999a-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-RegisteredOwner +ldapDisplayName: mS-SQL-RegisteredOwner +attributeId: 1.2.840.113556.1.4.1364 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 48fd44ea-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-ServiceAccount +ldapDisplayName: mS-SQL-ServiceAccount +attributeId: 1.2.840.113556.1.4.1369 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 64933a3e-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-Size +ldapDisplayName: mS-SQL-Size +attributeId: 1.2.840.113556.1.4.1396 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: e9098084-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-SortOrder +ldapDisplayName: mS-SQL-SortOrder +attributeId: 1.2.840.113556.1.4.1371 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 6ddc42c0-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-SPX +ldapDisplayName: mS-SQL-SPX +attributeId: 1.2.840.113556.1.4.1376 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 86b08004-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-Status +ldapDisplayName: mS-SQL-Status +attributeId: 1.2.840.113556.1.4.1380 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 9a7d4770-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-TCPIP +ldapDisplayName: mS-SQL-TCPIP +attributeId: 1.2.840.113556.1.4.1377 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 8ac263a6-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-ThirdParty +ldapDisplayName: mS-SQL-ThirdParty +attributeId: 1.2.840.113556.1.4.1407 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: c4e311fc-d34b-11d2-999a-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-Type +ldapDisplayName: mS-SQL-Type +attributeId: 1.2.840.113556.1.4.1391 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: ca48eba8-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-UnicodeSortOrder +ldapDisplayName: mS-SQL-UnicodeSortOrder +attributeId: 1.2.840.113556.1.4.1372 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 72dc918a-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-Version +ldapDisplayName: mS-SQL-Version +attributeId: 1.2.840.113556.1.4.1388 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: c07cc1d0-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: fATTINDEX +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-Vines +ldapDisplayName: mS-SQL-Vines +attributeId: 1.2.840.113556.1.4.1379 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 94c56394-ccee-11d2-9993-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TAPI-Conference-Blob +ldapDisplayName: msTAPI-ConferenceBlob +attributeId: 1.2.840.113556.1.4.1700 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 4cc4601e-7201-4141-abc8-3e529ae88863 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TAPI-Ip-Address +ldapDisplayName: msTAPI-IpAddress +attributeId: 1.2.840.113556.1.4.1701 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: efd7d7f7-178e-4767-87fa-f8a16b840544 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TAPI-Protocol-Id +ldapDisplayName: msTAPI-ProtocolId +attributeId: 1.2.840.113556.1.4.1699 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 89c1ebcf-7a5f-41fd-99ca-c900b32299ab +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TAPI-Unique-Identifier +ldapDisplayName: msTAPI-uid +attributeId: 1.2.840.113556.1.4.1698 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 70a4e7ea-b3b9-4643-8918-e6dd2471bfd4 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 256 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TPM-OwnerInformation +ldapDisplayName: msTPM-OwnerInformation +attributeId: 1.2.840.113556.1.4.1966 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: aa4e1a6d-550d-4e05-8c35-4afcb917a9fe +searchFlags: fPRESERVEONDELETE | fCOPY | fCONFIDENTIAL |fRODCFilteredAttribute +rangeUpper: 128 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Allow-Logon +ldapDisplayName: msTSAllowLogon +attributeId: 1.2.840.113556.1.4.1979 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 3a0cd464-bc54-40e7-93ae-a646a6ecc4b4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Broken-Connection-Action +ldapDisplayName: msTSBrokenConnectionAction +attributeId: 1.2.840.113556.1.4.1985 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 1cf41bba-5604-463e-94d6-1a1287b72ca3 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Connect-Client-Drives +ldapDisplayName: msTSConnectClientDrives +attributeId: 1.2.840.113556.1.4.1986 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 23572aaf-29dd-44ea-b0fa-7e8438b9a4a3 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Connect-Printer-Drives +ldapDisplayName: msTSConnectPrinterDrives +attributeId: 1.2.840.113556.1.4.1987 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 8ce6a937-871b-4c92-b285-d99d4036681c +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Default-To-Main-Printer +ldapDisplayName: msTSDefaultToMainPrinter +attributeId: 1.2.840.113556.1.4.1988 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: c0ffe2bd-cacf-4dc7-88d5-61e9e95766f6 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Endpoint-Data +ldapDisplayName: msTSEndpointData +attributeId: 1.2.840.113556.1.4.2070 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 40e1c407-4344-40f3-ab43-3625a34a63a2 +systemOnly: FALSE +rangeLower: 0 +rangeUpper: 32767 +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Endpoint-Plugin +ldapDisplayName: msTSEndpointPlugin +attributeId: 1.2.840.113556.1.4.2072 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 3c08b569-801f-4158-b17b-e363d6ae696a +systemOnly: FALSE +rangeLower: 0 +rangeUpper: 32767 +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Endpoint-Type +ldapDisplayName: msTSEndpointType +attributeId: 1.2.840.113556.1.4.2071 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 377ade80-e2d8-46c5-9bcd-6d9dec93b35e +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-TS-ExpireDate +ldapDisplayName: msTSExpireDate +attributeId: 1.2.840.113556.1.4.1993 +attributeSyntax: 2.5.5.11 +omSyntax: 24 +isSingleValued: TRUE +schemaIdGuid: 70004ef5-25c3-446a-97c8-996ae8566776 +systemOnly: FALSE +searchFlags: fATTINDEX +attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e +systemFlags: FLAG_SCHEMA_BASE_OBJECT +showInAdvancedViewOnly: TRUE + +cn: MS-TS-ExpireDate2 +ldapDisplayName: msTSExpireDate2 +attributeId: 1.2.840.113556.1.4.2000 +attributeSyntax: 2.5.5.11 +omSyntax: 24 +isSingleValued: TRUE +schemaIdGuid: 54dfcf71-bc3f-4f0b-9d5a-4b2476bb8925 +systemOnly: FALSE +searchFlags: fATTINDEX +attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e +systemFlags: FLAG_SCHEMA_BASE_OBJECT +showInAdvancedViewOnly: TRUE + +cn: MS-TS-ExpireDate3 +ldapDisplayName: msTSExpireDate3 +attributeId: 1.2.840.113556.1.4.2003 +attributeSyntax: 2.5.5.11 +omSyntax: 24 +isSingleValued: TRUE +schemaIdGuid: 41bc7f04-be72-4930-bd10-1f3439412387 +systemOnly: FALSE +searchFlags: fATTINDEX +attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e +systemFlags: FLAG_SCHEMA_BASE_OBJECT +showInAdvancedViewOnly: TRUE + +cn: MS-TS-ExpireDate4 +ldapDisplayName: msTSExpireDate4 +attributeId: 1.2.840.113556.1.4.2006 +attributeSyntax: 2.5.5.11 +omSyntax: 24 +isSingleValued: TRUE +schemaIdGuid: 5e11dc43-204a-4faf-a008-6863621c6f5f +systemOnly: FALSE +searchFlags: fATTINDEX +attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e +systemFlags: FLAG_SCHEMA_BASE_OBJECT +showInAdvancedViewOnly: TRUE + +cn: ms-TS-Home-Directory +ldapDisplayName: msTSHomeDirectory +attributeId: 1.2.840.113556.1.4.1977 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 5d3510f0-c4e7-4122-b91f-a20add90e246 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Home-Drive +ldapDisplayName: msTSHomeDrive +attributeId: 1.2.840.113556.1.4.1978 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 5f0a24d9-dffa-4cd9-acbf-a0680c03731e +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Initial-Program +ldapDisplayName: msTSInitialProgram +attributeId: 1.2.840.113556.1.4.1990 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 9201ac6f-1d69-4dfb-802e-d95510109599 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-TS-LicenseVersion +ldapDisplayName: msTSLicenseVersion +attributeId: 1.2.840.113556.1.4.1994 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 0ae94a89-372f-4df2-ae8a-c64a2bc47278 +systemOnly: FALSE +searchFlags: fATTINDEX +attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-TS-LicenseVersion2 +ldapDisplayName: msTSLicenseVersion2 +attributeId: 1.2.840.113556.1.4.2001 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 4b0df103-8d97-45d9-ad69-85c3080ba4e7 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 0 +rangeUpper: 255 +attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-TS-LicenseVersion3 +ldapDisplayName: msTSLicenseVersion3 +attributeId: 1.2.840.113556.1.4.2004 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: f8ba8f81-4cab-4973-a3c8-3a6da62a5e31 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 0 +rangeUpper: 255 +attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-TS-LicenseVersion4 +ldapDisplayName: msTSLicenseVersion4 +attributeId: 1.2.840.113556.1.4.2007 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 70ca5d97-2304-490a-8a27-52678c8d2095 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 0 +rangeUpper: 255 +attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-TSLS-Property01 +ldapDisplayName: msTSLSProperty01 +attributeId: 1.2.840.113556.1.4.2009 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 0 +rangeUpper: 32767 +schemaIdGuid: 87e53590-971d-4a52-955b-4794d15a84ae +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-TSLS-Property02 +ldapDisplayName: msTSLSProperty02 +attributeId: 1.2.840.113556.1.4.2010 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 0 +rangeUpper: 32767 +schemaIdGuid: 47c77bb0-316e-4e2f-97f1-0d4c48fca9dd +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-TS-ManagingLS +ldapDisplayName: msTSManagingLS +attributeId: 1.2.840.113556.1.4.1995 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: f3bcc547-85b0-432c-9ac0-304506bf2c83 +systemOnly: FALSE +searchFlags: fATTINDEX +attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-TS-ManagingLS2 +ldapDisplayName: msTSManagingLS2 +attributeId: 1.2.840.113556.1.4.2002 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +systemOnly: FALSE +rangeLower: 0 +rangeUpper: 255 +schemaIdGuid: 349f0757-51bd-4fc8-9d66-3eceea8a25be +searchFlags: fATTINDEX +attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-TS-ManagingLS3 +ldapDisplayName: msTSManagingLS3 +attributeId: 1.2.840.113556.1.4.2005 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +systemOnly: FALSE +rangeLower: 0 +rangeUpper: 255 +schemaIdGuid: fad5dcc1-2130-4c87-a118-75322cd67050 +searchFlags: fATTINDEX +attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-TS-ManagingLS4 +ldapDisplayName: msTSManagingLS4 +attributeId: 1.2.840.113556.1.4.2008 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +systemOnly: FALSE +rangeLower: 0 +rangeUpper: 255 +schemaIdGuid: f7a3b6a0-2107-4140-b306-75cb521731e5 +searchFlags: fATTINDEX +attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Max-Connection-Time +ldapDisplayName: msTSMaxConnectionTime +attributeId: 1.2.840.113556.1.4.1982 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 1d960ee2-6464-4e95-a781-e3b5cd5f9588 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Max-Disconnection-Time +ldapDisplayName: msTSMaxDisconnectionTime +attributeId: 1.2.840.113556.1.4.1981 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 326f7089-53d8-4784-b814-46d8535110d2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Max-Idle-Time +ldapDisplayName: msTSMaxIdleTime +attributeId: 1.2.840.113556.1.4.1983 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: ff739e9c-6bb7-460e-b221-e250f3de0f95 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Primary-Desktop +ldapDisplayName: msTSPrimaryDesktop +attributeId: 1.2.840.113556.1.4.2073 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +linkID: 2170 +isSingleValued: TRUE +schemaIdGuid: 29259694-09e4-4237-9f72-9306ebe63ab2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Primary-Desktop-BL +ldapDisplayName: msTSPrimaryDesktopBL +attributeId: 1.2.840.113556.1.4.2074 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +linkID: 2171 +isSingleValued: FALSE +schemaIdGuid: 9daadc18-40d1-4ed1-a2bf-6b9bf47d3daa +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Profile-Path +ldapDisplayName: msTSProfilePath +attributeId: 1.2.840.113556.1.4.1976 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: e65c30db-316c-4060-a3a0-387b083f09cd +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-TS-Property01 +ldapDisplayName: msTSProperty01 +attributeId: 1.2.840.113556.1.4.1991 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: faaea977-9655-49d7-853d-f27bb7aaca0f +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 0 +rangeUpper: 32767 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-TS-Property02 +ldapDisplayName: msTSProperty02 +attributeId: 1.2.840.113556.1.4.1992 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 3586f6ac-51b7-4978-ab42-f936463198e7 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 0 +rangeUpper: 32767 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Reconnection-Action +ldapDisplayName: msTSReconnectionAction +attributeId: 1.2.840.113556.1.4.1984 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 366ed7ca-3e18-4c7f-abae-351a01e4b4f7 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Remote-Control +ldapDisplayName: msTSRemoteControl +attributeId: 1.2.840.113556.1.4.1980 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 15177226-8642-468b-8c48-03ddfd004982 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Secondary-Desktop-BL +ldapDisplayName: msTSSecondaryDesktopBL +attributeId: 1.2.840.113556.1.4.2078 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +linkID: 2173 +isSingleValued: FALSE +schemaIdGuid: 34b107af-a00a-455a-b139-dd1a1b12d8af +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Secondary-Desktops +ldapDisplayName: msTSSecondaryDesktops +attributeId: 1.2.840.113556.1.4.2075 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +linkID: 2172 +isSingleValued: FALSE +schemaIdGuid: f63aa29a-bb31-48e1-bfab-0a6c5a1d39c2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TS-Work-Directory +ldapDisplayName: msTSWorkDirectory +attributeId: 1.2.840.113556.1.4.1989 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: a744f666-3d3c-4cc8-834b-9d4f6f687b8b +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-Author +ldapDisplayName: msWMI-Author +attributeId: 1.2.840.113556.1.4.1623 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 6366c0c1-6972-4e66-b3a5-1d52ad0c0547 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-ChangeDate +ldapDisplayName: msWMI-ChangeDate +attributeId: 1.2.840.113556.1.4.1624 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: f9cdf7a0-ec44-4937-a79b-cd91522b3aa8 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-Class +ldapDisplayName: msWMI-Class +attributeId: 1.2.840.113556.1.4.1676 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 90c1925f-4a24-4b07-b202-be32eb3c8b74 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-ClassDefinition +ldapDisplayName: msWMI-ClassDefinition +attributeId: 1.2.840.113556.1.4.1625 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 2b9c0ebc-c272-45cb-99d2-4d0e691632e0 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-CreationDate +ldapDisplayName: msWMI-CreationDate +attributeId: 1.2.840.113556.1.4.1626 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 748b0a2e-3351-4b3f-b171-2f17414ea779 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-Genus +ldapDisplayName: msWMI-Genus +attributeId: 1.2.840.113556.1.4.1677 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 50c8673a-8f56-4614-9308-9e1340fb9af3 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-ID +ldapDisplayName: msWMI-ID +attributeId: 1.2.840.113556.1.4.1627 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 9339a803-94b8-47f7-9123-a853b9ff7e45 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-int8Default +ldapDisplayName: msWMI-Int8Default +attributeId: 1.2.840.113556.1.4.1632 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: f4d8085a-8c5b-4785-959b-dc585566e445 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-int8Max +ldapDisplayName: msWMI-Int8Max +attributeId: 1.2.840.113556.1.4.1633 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: e3d8b547-003d-4946-a32b-dc7cedc96b74 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-int8Min +ldapDisplayName: msWMI-Int8Min +attributeId: 1.2.840.113556.1.4.1634 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: ed1489d1-54cc-4066-b368-a00daa2664f1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-int8ValidValues +ldapDisplayName: msWMI-Int8ValidValues +attributeId: 1.2.840.113556.1.4.1635 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: FALSE +schemaIdGuid: 103519a9-c002-441b-981a-b0b3e012c803 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-intDefault +ldapDisplayName: msWMI-IntDefault +attributeId: 1.2.840.113556.1.4.1628 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 1b0c07f8-76dd-4060-a1e1-70084619dc90 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-intFlags1 +ldapDisplayName: msWMI-intFlags1 +attributeId: 1.2.840.113556.1.4.1678 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 18e006b9-6445-48e3-9dcf-b5ecfbc4df8e +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-intFlags2 +ldapDisplayName: msWMI-intFlags2 +attributeId: 1.2.840.113556.1.4.1679 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 075a42c9-c55a-45b1-ac93-eb086b31f610 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-intFlags3 +ldapDisplayName: msWMI-intFlags3 +attributeId: 1.2.840.113556.1.4.1680 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: f29fa736-de09-4be4-b23a-e734c124bacc +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-intFlags4 +ldapDisplayName: msWMI-intFlags4 +attributeId: 1.2.840.113556.1.4.1681 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bd74a7ac-c493-4c9c-bdfa-5c7b119ca6b2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-intMax +ldapDisplayName: msWMI-IntMax +attributeId: 1.2.840.113556.1.4.1629 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: fb920c2c-f294-4426-8ac1-d24b42aa2bce +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-intMin +ldapDisplayName: msWMI-IntMin +attributeId: 1.2.840.113556.1.4.1630 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 68c2e3ba-9837-4c70-98e0-f0c33695d023 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-intValidValues +ldapDisplayName: msWMI-IntValidValues +attributeId: 1.2.840.113556.1.4.1631 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: FALSE +schemaIdGuid: 6af565f6-a749-4b72-9634-3c5d47e6b4e0 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-Mof +ldapDisplayName: msWMI-Mof +attributeId: 1.2.840.113556.1.4.1638 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 6736809f-2064-443e-a145-81262b1f1366 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-Name +ldapDisplayName: msWMI-Name +attributeId: 1.2.840.113556.1.4.1639 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: c6c8ace5-7e81-42af-ad72-77412c5941c4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-NormalizedClass +ldapDisplayName: msWMI-NormalizedClass +attributeId: 1.2.840.113556.1.4.1640 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: eaba628f-eb8e-4fe9-83fc-693be695559b +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-Parm1 +ldapDisplayName: msWMI-Parm1 +attributeId: 1.2.840.113556.1.4.1682 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 27e81485-b1b0-4a8b-bedd-ce19a837e26e +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-Parm2 +ldapDisplayName: msWMI-Parm2 +attributeId: 1.2.840.113556.1.4.1683 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 0003508e-9c42-4a76-a8f4-38bf64bab0de +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-Parm3 +ldapDisplayName: msWMI-Parm3 +attributeId: 1.2.840.113556.1.4.1684 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 45958fb6-52bd-48ce-9f9f-c2712d9f2bfc +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-Parm4 +ldapDisplayName: msWMI-Parm4 +attributeId: 1.2.840.113556.1.4.1685 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 3800d5a3-f1ce-4b82-a59a-1528ea795f59 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-PropertyName +ldapDisplayName: msWMI-PropertyName +attributeId: 1.2.840.113556.1.4.1641 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: ab920883-e7f8-4d72-b4a0-c0449897509d +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-Query +ldapDisplayName: msWMI-Query +attributeId: 1.2.840.113556.1.4.1642 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 65fff93e-35e3-45a3-85ae-876c6718297f +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-QueryLanguage +ldapDisplayName: msWMI-QueryLanguage +attributeId: 1.2.840.113556.1.4.1643 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 7d3cfa98-c17b-4254-8bd7-4de9b932a345 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-ScopeGuid +ldapDisplayName: msWMI-ScopeGuid +attributeId: 1.2.840.113556.1.4.1686 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 87b78d51-405f-4b7f-80ed-2bd28786f48d +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-SourceOrganization +ldapDisplayName: msWMI-SourceOrganization +attributeId: 1.2.840.113556.1.4.1644 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 34f7ed6c-615d-418d-aa00-549a7d7be03e +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-stringDefault +ldapDisplayName: msWMI-StringDefault +attributeId: 1.2.840.113556.1.4.1636 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 152e42b6-37c5-4f55-ab48-1606384a9aea +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-stringValidValues +ldapDisplayName: msWMI-StringValidValues +attributeId: 1.2.840.113556.1.4.1637 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 37609d31-a2bf-4b58-8f53-2b64e57a076d +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-TargetClass +ldapDisplayName: msWMI-TargetClass +attributeId: 1.2.840.113556.1.4.1645 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 95b6d8d6-c9e8-4661-a2bc-6a5cabc04c62 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-TargetNameSpace +ldapDisplayName: msWMI-TargetNameSpace +attributeId: 1.2.840.113556.1.4.1646 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 1c4ab61f-3420-44e5-849d-8b5dbf60feb7 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-TargetObject +ldapDisplayName: msWMI-TargetObject +attributeId: 1.2.840.113556.1.4.1647 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: c44f67a5-7de5-4a1f-92d9-662b57364b77 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-TargetPath +ldapDisplayName: msWMI-TargetPath +attributeId: 1.2.840.113556.1.4.1648 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 5006a79a-6bfe-4561-9f52-13cf4dd3e560 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-TargetType +ldapDisplayName: msWMI-TargetType +attributeId: 1.2.840.113556.1.4.1649 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: ca2a281e-262b-4ff7-b419-bc123352a4e9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Must-Contain +ldapDisplayName: mustContain +attributeId: 1.2.840.113556.1.2.24 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: FALSE +schemaIdGuid: bf9679d3-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Name-Service-Flags +ldapDisplayName: nameServiceFlags +attributeId: 1.2.840.113556.1.4.753 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 80212840-4bdc-11d1-a9c4-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: NC-Name +ldapDisplayName: nCName +attributeId: 1.2.840.113556.1.2.16 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: bf9679d6-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: fPRESERVEONDELETE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: NETBIOS-Name +ldapDisplayName: nETBIOSName +attributeId: 1.2.840.113556.1.4.87 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf9679d8-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 1 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: netboot-Allow-New-Clients +ldapDisplayName: netbootAllowNewClients +attributeId: 1.2.840.113556.1.4.849 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 07383076-91df-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: netboot-Answer-Only-Valid-Clients +ldapDisplayName: netbootAnswerOnlyValidClients +attributeId: 1.2.840.113556.1.4.854 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 0738307b-91df-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: netboot-Answer-Requests +ldapDisplayName: netbootAnswerRequests +attributeId: 1.2.840.113556.1.4.853 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 0738307a-91df-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: netboot-Current-Client-Count +ldapDisplayName: netbootCurrentClientCount +attributeId: 1.2.840.113556.1.4.852 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 07383079-91df-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Netboot-GUID +ldapDisplayName: netbootGUID +attributeId: 1.2.840.113556.1.4.359 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 3e978921-8c01-11d0-afda-00c04fd930c9 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 16 +rangeUpper: 16 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Netboot-Initialization +ldapDisplayName: netbootInitialization +attributeId: 1.2.840.113556.1.4.358 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 3e978920-8c01-11d0-afda-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: netboot-IntelliMirror-OSes +ldapDisplayName: netbootIntelliMirrorOSes +attributeId: 1.2.840.113556.1.4.857 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 0738307e-91df-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: netboot-Limit-Clients +ldapDisplayName: netbootLimitClients +attributeId: 1.2.840.113556.1.4.850 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 07383077-91df-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: netboot-Locally-Installed-OSes +ldapDisplayName: netbootLocallyInstalledOSes +attributeId: 1.2.840.113556.1.4.859 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 07383080-91df-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Netboot-Machine-File-Path +ldapDisplayName: netbootMachineFilePath +attributeId: 1.2.840.113556.1.4.361 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 3e978923-8c01-11d0-afda-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: netboot-Max-Clients +ldapDisplayName: netbootMaxClients +attributeId: 1.2.840.113556.1.4.851 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 07383078-91df-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Netboot-Mirror-Data-File +ldapDisplayName: netbootMirrorDataFile +attributeId: 1.2.840.113556.1.4.1241 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 2df90d85-009f-11d2-aa4c-00c04fd7d83a +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: netboot-New-Machine-Naming-Policy +ldapDisplayName: netbootNewMachineNamingPolicy +attributeId: 1.2.840.113556.1.4.855 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 0738307c-91df-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: netboot-New-Machine-OU +ldapDisplayName: netbootNewMachineOU +attributeId: 1.2.840.113556.1.4.856 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 0738307d-91df-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: netboot-SCP-BL +ldapDisplayName: netbootSCPBL +attributeId: 1.2.840.113556.1.4.864 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 07383082-91df-11d1-aebc-0000f80367c1 +systemOnly: TRUE +searchFlags: 0 +linkID: 101 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: netboot-Server +ldapDisplayName: netbootServer +attributeId: 1.2.840.113556.1.4.860 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 07383081-91df-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +linkID: 100 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Netboot-SIF-File +ldapDisplayName: netbootSIFFile +attributeId: 1.2.840.113556.1.4.1240 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 2df90d84-009f-11d2-aa4c-00c04fd7d83a +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: netboot-Tools +ldapDisplayName: netbootTools +attributeId: 1.2.840.113556.1.4.858 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 0738307f-91df-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Network-Address +ldapDisplayName: networkAddress +attributeId: 1.2.840.113556.1.2.459 +attributeSyntax: 2.5.5.4 +omSyntax: 20 +isSingleValued: FALSE +schemaIdGuid: bf9679d9-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 256 +mapiID: 33136 + +cn: Next-Level-Store +ldapDisplayName: nextLevelStore +attributeId: 1.2.840.113556.1.4.214 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: bf9679da-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Next-Rid +ldapDisplayName: nextRid +attributeId: 1.2.840.113556.1.4.88 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf9679db-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: NisMapEntry +ldapDisplayName: nisMapEntry +attributeId: 1.3.6.1.1.1.1.27 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: TRUE +schemaIdGuid: 4a95216e-fcc0-402e-b57f-5971626148a9 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 1024 + +cn: NisMapName +ldapDisplayName: nisMapName +attributeId: 1.3.6.1.1.1.1.26 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: TRUE +schemaIdGuid: 969d3c79-0e9a-4d95-b0ac-bdde7ff8f3a1 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 1024 + +cn: NisNetgroupTriple +ldapDisplayName: nisNetgroupTriple +attributeId: 1.3.6.1.1.1.1.14 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: a8032e74-30ef-4ff5-affc-0fc217783fec +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 153600 + +cn: Non-Security-Member +ldapDisplayName: nonSecurityMember +attributeId: 1.2.840.113556.1.4.530 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 52458018-ca6a-11d0-afff-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +linkID: 50 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Non-Security-Member-BL +ldapDisplayName: nonSecurityMemberBL +attributeId: 1.2.840.113556.1.4.531 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 52458019-ca6a-11d0-afff-0000f80367c1 +systemOnly: TRUE +searchFlags: 0 +linkID: 51 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: Notification-List +ldapDisplayName: notificationList +attributeId: 1.2.840.113556.1.4.303 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 19195a56-6da0-11d0-afd3-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: NT-Group-Members +ldapDisplayName: nTGroupMembers +attributeId: 1.2.840.113556.1.4.89 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: bf9679df-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: NT-Mixed-Domain +ldapDisplayName: nTMixedDomain +attributeId: 1.2.840.113556.1.4.357 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 3e97891f-8c01-11d0-afda-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Nt-Pwd-History +ldapDisplayName: ntPwdHistory +attributeId: 1.2.840.113556.1.4.94 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: bf9679e2-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: NT-Security-Descriptor +ldapDisplayName: nTSecurityDescriptor +attributeId: 1.2.840.113556.1.2.281 +attributeSyntax: 2.5.5.15 +omSyntax: 66 +isSingleValued: TRUE +schemaIdGuid: bf9679e3-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fPRESERVEONDELETE +rangeLower: 0 +rangeUpper: 132096 +mapiID: 32787 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_OPERATIONAL |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Obj-Dist-Name +ldapDisplayName: distinguishedName +attributeId: 2.5.4.49 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: bf9679e4-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags:fPRESERVEONDELETE +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 32828 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Object-Category +ldapDisplayName: objectCategory +attributeId: 1.2.840.113556.1.4.782 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 26d97369-6070-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +searchFlags: fATTINDEX +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Object-Class +ldapDisplayName: objectClass +attributeId: 2.5.4.0 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: FALSE +schemaIdGuid: bf9679e5-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: fATTINDEX | fPRESERVEONDELETE +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Object-Class-Category +ldapDisplayName: objectClassCategory +attributeId: 1.2.840.113556.1.2.370 +attributeSyntax: 2.5.5.9 +omSyntax: 10 +isSingleValued: TRUE +schemaIdGuid: bf9679e6-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 3 +mapiID: 33014 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Object-Classes +ldapDisplayName: objectClasses +attributeId: 2.5.21.6 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 9a7ad94b-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Object-Count +ldapDisplayName: objectCount +attributeId: 1.2.840.113556.1.4.506 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 34aaa216-b699-11d0-afee-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Object-Guid +ldapDisplayName: objectGUID +attributeId: 1.2.840.113556.1.4.2 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf9679e7-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: fPRESERVEONDELETE | fATTINDEX +rangeLower: 16 +rangeUpper: 16 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 35949 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Object-Sid +ldapDisplayName: objectSid +attributeId: 1.2.840.113556.1.4.146 +attributeSyntax: 2.5.5.17 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf9679e8-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: fPRESERVEONDELETE | fATTINDEX +rangeLower: 0 +rangeUpper: 28 +attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +mapiID: 32807 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Object-Version +ldapDisplayName: objectVersion +attributeId: 1.2.840.113556.1.2.76 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 16775848-47f3-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +mapiID: 33015 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: OEM-Information +ldapDisplayName: oEMInformation +attributeId: 1.2.840.113556.1.4.151 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf9679ea-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 +attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: OM-Object-Class +ldapDisplayName: oMObjectClass +attributeId: 1.2.840.113556.1.2.218 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf9679ec-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +mapiID: 33021 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: OM-Syntax +ldapDisplayName: oMSyntax +attributeId: 1.2.840.113556.1.2.231 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf9679ed-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: fPRESERVEONDELETE +mapiID: 33022 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: OMT-Guid +ldapDisplayName: oMTGuid +attributeId: 1.2.840.113556.1.4.505 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: ddac0cf3-af8f-11d0-afeb-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: OMT-Indx-Guid +ldapDisplayName: oMTIndxGuid +attributeId: 1.2.840.113556.1.4.333 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 1f0075fa-7e40-11d0-afd6-00c04fd930c9 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 0 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: OncRpcNumber +ldapDisplayName: oncRpcNumber +attributeId: 1.3.6.1.1.1.1.18 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 966825f5-01d9-4a5c-a011-d15ae84efa55 +systemOnly: FALSE +searchFlags: 0 + +cn: Operating-System +ldapDisplayName: operatingSystem +attributeId: 1.2.840.113556.1.4.363 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 3e978925-8c01-11d0-afda-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Operating-System-Hotfix +ldapDisplayName: operatingSystemHotfix +attributeId: 1.2.840.113556.1.4.415 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bd951b3c-9c96-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Operating-System-Service-Pack +ldapDisplayName: operatingSystemServicePack +attributeId: 1.2.840.113556.1.4.365 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 3e978927-8c01-11d0-afda-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Operating-System-Version +ldapDisplayName: operatingSystemVersion +attributeId: 1.2.840.113556.1.4.364 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 3e978926-8c01-11d0-afda-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Operator-Count +ldapDisplayName: operatorCount +attributeId: 1.2.840.113556.1.4.144 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf9679ee-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Option-Description +ldapDisplayName: optionDescription +attributeId: 1.2.840.113556.1.4.712 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 963d274d-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Options +ldapDisplayName: options +attributeId: 1.2.840.113556.1.4.307 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 19195a53-6da0-11d0-afd3-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Options-Location +ldapDisplayName: optionsLocation +attributeId: 1.2.840.113556.1.4.713 +attributeSyntax: 2.5.5.5 +omSyntax: 19 +isSingleValued: FALSE +schemaIdGuid: 963d274e-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: organizationalStatus +ldapDisplayName: organizationalStatus +attributeId: 0.9.2342.19200300.100.1.45 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 28596019-7349-4d2f-adff-5a629961f942 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 256 + +cn: Organizational-Unit-Name +ldapDisplayName: ou +attributeId: 2.5.4.11 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: bf9679f0-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 33026 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Organization-Name +ldapDisplayName: o +attributeId: 2.5.4.10 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: bf9679ef-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 33025 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Original-Display-Table +ldapDisplayName: originalDisplayTable +attributeId: 1.2.840.113556.1.2.445 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 5fd424ce-1262-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 32768 +mapiID: 33027 + +cn: Original-Display-Table-MSDOS +ldapDisplayName: originalDisplayTableMSDOS +attributeId: 1.2.840.113556.1.2.214 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 5fd424cf-1262-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 32768 +mapiID: 33028 + +cn: Other-Login-Workstations +ldapDisplayName: otherLoginWorkstations +attributeId: 1.2.840.113556.1.4.91 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: bf9679f1-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +rangeLower: 0 +rangeUpper: 1024 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Other-Mailbox +ldapDisplayName: otherMailbox +attributeId: 1.2.840.113556.1.4.651 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 0296c123-40da-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 + +cn: Other-Name +ldapDisplayName: middleName +attributeId: 2.16.840.1.113730.3.1.34 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf9679f2-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 64 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Other-Well-Known-Objects +ldapDisplayName: otherWellKnownObjects +attributeId: 1.2.840.113556.1.4.1359 +attributeSyntax: 2.5.5.7 +omSyntax: 127 +omObjectClass: 1.2.840.113556.1.1.1.11 +isSingleValued: FALSE +schemaIdGuid: 1ea64e5d-ac0f-11d2-90df-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 16 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Owner +ldapDisplayName: owner +attributeId: 2.5.4.32 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: bf9679f3-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +linkID: 44 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Package-Flags +ldapDisplayName: packageFlags +attributeId: 1.2.840.113556.1.4.327 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 7d6c0e99-7e20-11d0-afd6-00c04fd930c9 +systemOnly: FALSE +searchFlags: fATTINDEX +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Package-Name +ldapDisplayName: packageName +attributeId: 1.2.840.113556.1.4.326 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 7d6c0e98-7e20-11d0-afd6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Package-Type +ldapDisplayName: packageType +attributeId: 1.2.840.113556.1.4.324 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 7d6c0e96-7e20-11d0-afd6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Parent-CA +ldapDisplayName: parentCA +attributeId: 1.2.840.113556.1.4.557 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 5245801b-ca6a-11d0-afff-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Parent-CA-Certificate-Chain +ldapDisplayName: parentCACertificateChain +attributeId: 1.2.840.113556.1.4.685 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 963d2733-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Parent-GUID +ldapDisplayName: parentGUID +attributeId: 1.2.840.113556.1.4.1224 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 2df90d74-009f-11d2-aa4c-00c04fd7d83a +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Partial-Attribute-Deletion-List +ldapDisplayName: partialAttributeDeletionList +attributeId: 1.2.840.113556.1.4.663 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 28630ec0-41d5-11d1-a9c1-0000f80367c1 +systemOnly: TRUE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Partial-Attribute-Set +ldapDisplayName: partialAttributeSet +attributeId: 1.2.840.113556.1.4.640 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 19405b9e-3cfa-11d1-a9c0-0000f80367c1 +systemOnly: TRUE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Pek-Key-Change-Interval +ldapDisplayName: pekKeyChangeInterval +attributeId: 1.2.840.113556.1.4.866 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 07383084-91df-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Pek-List +ldapDisplayName: pekList +attributeId: 1.2.840.113556.1.4.865 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 07383083-91df-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Pending-CA-Certificates +ldapDisplayName: pendingCACertificates +attributeId: 1.2.840.113556.1.4.693 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 963d273c-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Pending-Parent-CA +ldapDisplayName: pendingParentCA +attributeId: 1.2.840.113556.1.4.695 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 963d273e-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Per-Msg-Dialog-Display-Table +ldapDisplayName: perMsgDialogDisplayTable +attributeId: 1.2.840.113556.1.2.325 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 5fd424d3-1262-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 32768 +mapiID: 33032 + +cn: Per-Recip-Dialog-Display-Table +ldapDisplayName: perRecipDialogDisplayTable +attributeId: 1.2.840.113556.1.2.326 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 5fd424d4-1262-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 32768 +mapiID: 33033 + +cn: Personal-Title +ldapDisplayName: personalTitle +attributeId: 1.2.840.113556.1.2.615 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 16775858-47f3-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 35947 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Phone-Fax-Other +ldapDisplayName: otherFacsimileTelephoneNumber +attributeId: 1.2.840.113556.1.4.646 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 0296c11d-40da-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Phone-Home-Other +ldapDisplayName: otherHomePhone +attributeId: 1.2.840.113556.1.2.277 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: f0f8ffa2-1191-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 14895 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Phone-Home-Primary +ldapDisplayName: homePhone +attributeId: 0.9.2342.19200300.100.1.20 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: f0f8ffa1-1191-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 14857 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Phone-Ip-Other +ldapDisplayName: otherIpPhone +attributeId: 1.2.840.113556.1.4.722 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 4d146e4b-48d4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Phone-Ip-Primary +ldapDisplayName: ipPhone +attributeId: 1.2.840.113556.1.4.721 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 4d146e4a-48d4-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 64 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Phone-ISDN-Primary +ldapDisplayName: primaryInternationalISDNNumber +attributeId: 1.2.840.113556.1.4.649 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 0296c11f-40da-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Phone-Mobile-Other +ldapDisplayName: otherMobile +attributeId: 1.2.840.113556.1.4.647 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 0296c11e-40da-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Phone-Mobile-Primary +ldapDisplayName: mobile +attributeId: 0.9.2342.19200300.100.1.41 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: f0f8ffa3-1191-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 14876 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Phone-Office-Other +ldapDisplayName: otherTelephone +attributeId: 1.2.840.113556.1.2.18 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: f0f8ffa5-1191-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 14875 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Phone-Pager-Other +ldapDisplayName: otherPager +attributeId: 1.2.840.113556.1.2.118 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: f0f8ffa4-1191-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 35950 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Phone-Pager-Primary +ldapDisplayName: pager +attributeId: 0.9.2342.19200300.100.1.42 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: f0f8ffa6-1191-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 14881 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: photo +ldapDisplayName: photo +attributeId: 0.9.2342.19200300.100.1.7 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 9c979768-ba1a-4c08-9632-c6a5c1ed649a +systemOnly: FALSE +searchFlags: 0 + +cn: Physical-Delivery-Office-Name +ldapDisplayName: physicalDeliveryOfficeName +attributeId: 2.5.4.19 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf9679f7-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fANR | fATTINDEX +rangeLower: 1 +rangeUpper: 128 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 14873 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Physical-Location-Object +ldapDisplayName: physicalLocationObject +attributeId: 1.2.840.113556.1.4.514 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: b7b13119-b82e-11d0-afee-0000f80367c1 +systemOnly: FALSE +searchFlags: fATTINDEX +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Picture +ldapDisplayName: thumbnailPhoto +attributeId: 2.16.840.1.113730.3.1.35 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 8d3bca50-1d7e-11d0-a081-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 102400 +mapiId: 35998 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: PKI-Critical-Extensions +ldapDisplayName: pKICriticalExtensions +attributeId: 1.2.840.113556.1.4.1330 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: fc5a9106-3b9d-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: PKI-Default-CSPs +ldapDisplayName: pKIDefaultCSPs +attributeId: 1.2.840.113556.1.4.1334 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 1ef6336e-3b9e-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: PKI-Default-Key-Spec +ldapDisplayName: pKIDefaultKeySpec +attributeId: 1.2.840.113556.1.4.1327 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 426cae6e-3b9d-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: PKI-Enrollment-Access +ldapDisplayName: pKIEnrollmentAccess +attributeId: 1.2.840.113556.1.4.1335 +attributeSyntax: 2.5.5.15 +omSyntax: 66 +isSingleValued: FALSE +schemaIdGuid: 926be278-56f9-11d2-90d0-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: PKI-Expiration-Period +ldapDisplayName: pKIExpirationPeriod +attributeId: 1.2.840.113556.1.4.1331 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 041570d2-3b9e-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: PKI-Extended-Key-Usage +ldapDisplayName: pKIExtendedKeyUsage +attributeId: 1.2.840.113556.1.4.1333 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 18976af6-3b9e-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: PKI-Key-Usage +ldapDisplayName: pKIKeyUsage +attributeId: 1.2.840.113556.1.4.1328 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: e9b0a87e-3b9d-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: PKI-Max-Issuing-Depth +ldapDisplayName: pKIMaxIssuingDepth +attributeId: 1.2.840.113556.1.4.1329 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: f0bfdefa-3b9d-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: PKI-Overlap-Period +ldapDisplayName: pKIOverlapPeriod +attributeId: 1.2.840.113556.1.4.1332 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 1219a3ec-3b9e-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: PKT +ldapDisplayName: pKT +attributeId: 1.2.840.113556.1.4.206 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 8447f9f1-1027-11d0-a05f-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 10485760 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: PKT-Guid +ldapDisplayName: pKTGuid +attributeId: 1.2.840.113556.1.4.205 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 8447f9f0-1027-11d0-a05f-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 16 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Policy-Replication-Flags +ldapDisplayName: policyReplicationFlags +attributeId: 1.2.840.113556.1.4.633 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 19405b96-3cfa-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Port-Name +ldapDisplayName: portName +attributeId: 1.2.840.113556.1.4.228 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 281416c4-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Possible-Inferiors +ldapDisplayName: possibleInferiors +attributeId: 1.2.840.113556.1.4.915 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: FALSE +schemaIdGuid: 9a7ad94c-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Poss-Superiors +ldapDisplayName: possSuperiors +attributeId: 1.2.840.113556.1.2.8 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: FALSE +schemaIdGuid: bf9679fa-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Postal-Address +ldapDisplayName: postalAddress +attributeId: 2.5.4.16 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: bf9679fc-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +rangeLower: 1 +rangeUpper: 4096 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 33036 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Postal-Code +ldapDisplayName: postalCode +attributeId: 2.5.4.17 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf9679fd-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +rangeLower: 1 +rangeUpper: 40 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 14890 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Post-Office-Box +ldapDisplayName: postOfficeBox +attributeId: 2.5.4.18 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: bf9679fb-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +rangeLower: 1 +rangeUpper: 40 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 14891 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Preferred-Delivery-Method +ldapDisplayName: preferredDeliveryMethod +attributeId: 2.5.4.28 +attributeSyntax: 2.5.5.9 +omSyntax: 10 +isSingleValued: FALSE +schemaIdGuid: bf9679fe-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 33037 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: preferredLanguage +ldapDisplayName: preferredLanguage +attributeId: 2.16.840.1.113730.3.1.39 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 856be0d0-18e7-46e1-8f5f-7ee4d9020e0d +systemOnly: FALSE +searchFlags: 0 + +cn: Preferred-OU +ldapDisplayName: preferredOU +attributeId: 1.2.840.113556.1.4.97 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: bf9679ff-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Prefix-Map +ldapDisplayName: prefixMap +attributeId: 1.2.840.113556.1.4.538 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 52458022-ca6a-11d0-afff-0000f80367c1 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Presentation-Address +ldapDisplayName: presentationAddress +attributeId: 2.5.4.29 +attributeSyntax: 2.5.5.13 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.732 +isSingleValued: TRUE +schemaIdGuid: a8df744b-c5ea-11d1-bbcb-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Previous-CA-Certificates +ldapDisplayName: previousCACertificates +attributeId: 1.2.840.113556.1.4.692 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 963d2739-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Previous-Parent-CA +ldapDisplayName: previousParentCA +attributeId: 1.2.840.113556.1.4.694 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 963d273d-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Primary-Group-ID +ldapDisplayName: primaryGroupID +attributeId: 1.2.840.113556.1.4.98 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967a00-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY| fATTINDEX +attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Primary-Group-Token +ldapDisplayName: primaryGroupToken +attributeId: 1.2.840.113556.1.4.1412 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: c0ed8738-7efd-4481-84d9-66d2db8be369 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Print-Attributes +ldapDisplayName: printAttributes +attributeId: 1.2.840.113556.1.4.247 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 281416d7-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Bin-Names +ldapDisplayName: printBinNames +attributeId: 1.2.840.113556.1.4.237 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 281416cd-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Collate +ldapDisplayName: printCollate +attributeId: 1.2.840.113556.1.4.242 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 281416d2-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Color +ldapDisplayName: printColor +attributeId: 1.2.840.113556.1.4.243 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 281416d3-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Duplex-Supported +ldapDisplayName: printDuplexSupported +attributeId: 1.2.840.113556.1.4.1311 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 281416cc-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-End-Time +ldapDisplayName: printEndTime +attributeId: 1.2.840.113556.1.4.234 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 281416ca-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Printer-Name +ldapDisplayName: printerName +attributeId: 1.2.840.113556.1.4.300 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 244b296e-5abd-11d0-afd2-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Form-Name +ldapDisplayName: printFormName +attributeId: 1.2.840.113556.1.4.235 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 281416cb-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Keep-Printed-Jobs +ldapDisplayName: printKeepPrintedJobs +attributeId: 1.2.840.113556.1.4.275 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: ba305f6d-47e3-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Language +ldapDisplayName: printLanguage +attributeId: 1.2.840.113556.1.4.246 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 281416d6-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 256 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-MAC-Address +ldapDisplayName: printMACAddress +attributeId: 1.2.840.113556.1.4.288 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: ba305f7a-47e3-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Max-Copies +ldapDisplayName: printMaxCopies +attributeId: 1.2.840.113556.1.4.241 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 281416d1-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Max-Resolution-Supported +ldapDisplayName: printMaxResolutionSupported +attributeId: 1.2.840.113556.1.4.238 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 281416cf-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Max-X-Extent +ldapDisplayName: printMaxXExtent +attributeId: 1.2.840.113556.1.4.277 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: ba305f6f-47e3-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Max-Y-Extent +ldapDisplayName: printMaxYExtent +attributeId: 1.2.840.113556.1.4.278 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: ba305f70-47e3-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Media-Ready +ldapDisplayName: printMediaReady +attributeId: 1.2.840.113556.1.4.289 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 3bcbfcf5-4d3d-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Media-Supported +ldapDisplayName: printMediaSupported +attributeId: 1.2.840.113556.1.4.299 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 244b296f-5abd-11d0-afd2-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Memory +ldapDisplayName: printMemory +attributeId: 1.2.840.113556.1.4.282 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: ba305f74-47e3-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Min-X-Extent +ldapDisplayName: printMinXExtent +attributeId: 1.2.840.113556.1.4.279 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: ba305f71-47e3-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Min-Y-Extent +ldapDisplayName: printMinYExtent +attributeId: 1.2.840.113556.1.4.280 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: ba305f72-47e3-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Network-Address +ldapDisplayName: printNetworkAddress +attributeId: 1.2.840.113556.1.4.287 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: ba305f79-47e3-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Notify +ldapDisplayName: printNotify +attributeId: 1.2.840.113556.1.4.272 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: ba305f6a-47e3-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Number-Up +ldapDisplayName: printNumberUp +attributeId: 1.2.840.113556.1.4.290 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 3bcbfcf4-4d3d-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Orientations-Supported +ldapDisplayName: printOrientationsSupported +attributeId: 1.2.840.113556.1.4.240 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 281416d0-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 256 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Owner +ldapDisplayName: printOwner +attributeId: 1.2.840.113556.1.4.271 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: ba305f69-47e3-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Pages-Per-Minute +ldapDisplayName: printPagesPerMinute +attributeId: 1.2.840.113556.1.4.631 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 19405b97-3cfa-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Rate +ldapDisplayName: printRate +attributeId: 1.2.840.113556.1.4.285 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: ba305f77-47e3-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Rate-Unit +ldapDisplayName: printRateUnit +attributeId: 1.2.840.113556.1.4.286 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: ba305f78-47e3-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Separator-File +ldapDisplayName: printSeparatorFile +attributeId: 1.2.840.113556.1.4.230 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 281416c6-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Share-Name +ldapDisplayName: printShareName +attributeId: 1.2.840.113556.1.4.270 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: ba305f68-47e3-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Spooling +ldapDisplayName: printSpooling +attributeId: 1.2.840.113556.1.4.274 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: ba305f6c-47e3-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Stapling-Supported +ldapDisplayName: printStaplingSupported +attributeId: 1.2.840.113556.1.4.281 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: ba305f73-47e3-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Start-Time +ldapDisplayName: printStartTime +attributeId: 1.2.840.113556.1.4.233 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 281416c9-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Print-Status +ldapDisplayName: printStatus +attributeId: 1.2.840.113556.1.4.273 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: ba305f6b-47e3-11d0-a1a6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Priority +ldapDisplayName: priority +attributeId: 1.2.840.113556.1.4.231 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 281416c7-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Prior-Set-Time +ldapDisplayName: priorSetTime +attributeId: 1.2.840.113556.1.4.99 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf967a01-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Prior-Value +ldapDisplayName: priorValue +attributeId: 1.2.840.113556.1.4.100 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf967a02-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Private-Key +ldapDisplayName: privateKey +attributeId: 1.2.840.113556.1.4.101 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf967a03-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Privilege-Attributes +ldapDisplayName: privilegeAttributes +attributeId: 1.2.840.113556.1.4.636 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 19405b9a-3cfa-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Privilege-Display-Name +ldapDisplayName: privilegeDisplayName +attributeId: 1.2.840.113556.1.4.634 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 19405b98-3cfa-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Privilege-Holder +ldapDisplayName: privilegeHolder +attributeId: 1.2.840.113556.1.4.637 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 19405b9b-3cfa-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +linkID: 70 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Privilege-Value +ldapDisplayName: privilegeValue +attributeId: 1.2.840.113556.1.4.635 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 19405b99-3cfa-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Product-Code +ldapDisplayName: productCode +attributeId: 1.2.840.113556.1.4.818 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: d9e18317-8939-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Profile-Path +ldapDisplayName: profilePath +attributeId: 1.2.840.113556.1.4.139 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967a05-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Proxied-Object-Name +ldapDisplayName: proxiedObjectName +attributeId: 1.2.840.113556.1.4.1249 +attributeSyntax: 2.5.5.7 +omSyntax: 127 +omObjectClass: 1.2.840.113556.1.1.1.11 +isSingleValued: TRUE +schemaIdGuid: e1aea402-cd5b-11d0-afff-0000f80367c1 +systemOnly: TRUE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Proxy-Addresses +ldapDisplayName: proxyAddresses +attributeId: 1.2.840.113556.1.2.210 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: bf967a06-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fANR | fATTINDEX +rangeLower: 1 +rangeUpper: 1123 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 32783 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Proxy-Generation-Enabled +ldapDisplayName: proxyGenerationEnabled +attributeId: 1.2.840.113556.1.2.523 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 5fd424d6-1262-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +mapiID: 33201 + +cn: Proxy-Lifetime +ldapDisplayName: proxyLifetime +attributeId: 1.2.840.113556.1.4.103 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf967a07-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Public-Key-Policy +ldapDisplayName: publicKeyPolicy +attributeId: 1.2.840.113556.1.4.420 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 80a67e28-9f22-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Purported-Search +ldapDisplayName: purportedSearch +attributeId: 1.2.840.113556.1.4.886 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: b4b54e50-943a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 2048 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Pwd-History-Length +ldapDisplayName: pwdHistoryLength +attributeId: 1.2.840.113556.1.4.95 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967a09-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 65535 +attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Pwd-Last-Set +ldapDisplayName: pwdLastSet +attributeId: 1.2.840.113556.1.4.96 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf967a0a-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Pwd-Properties +ldapDisplayName: pwdProperties +attributeId: 1.2.840.113556.1.4.93 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967a0b-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Quality-Of-Service +ldapDisplayName: qualityOfService +attributeId: 1.2.840.113556.1.4.458 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 80a67e4e-9f22-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: a29b8a01-c7e8-11d0-9bae-00c04fd92ef5 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Query-Filter +ldapDisplayName: queryFilter +attributeId: 1.2.840.113556.1.4.1355 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: cbf70a26-7e78-11d2-9921-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: QueryPoint +ldapDisplayName: queryPoint +attributeId: 1.2.840.113556.1.4.680 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 7bfdcb86-4807-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Query-Policy-BL +ldapDisplayName: queryPolicyBL +attributeId: 1.2.840.113556.1.4.608 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: e1aea404-cd5b-11d0-afff-0000f80367c1 +systemOnly: TRUE +searchFlags: 0 +linkID: 69 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: Query-Policy-Object +ldapDisplayName: queryPolicyObject +attributeId: 1.2.840.113556.1.4.607 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: e1aea403-cd5b-11d0-afff-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +linkID: 68 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Range-Lower +ldapDisplayName: rangeLower +attributeId: 1.2.840.113556.1.2.34 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967a0c-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +mapiID: 33043 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Range-Upper +ldapDisplayName: rangeUpper +attributeId: 1.2.840.113556.1.2.35 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967a0d-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +mapiID: 33044 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: RDN +ldapDisplayName: name +attributeId: 1.2.840.113556.1.4.1 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967a0e-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: fPRESERVEONDELETE| fANR | fATTINDEX +rangeLower: 1 +rangeUpper: 255 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 33282 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: RDN-Att-ID +ldapDisplayName: rDNAttID +attributeId: 1.2.840.113556.1.2.26 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: TRUE +schemaIdGuid: bf967a0f-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Registered-Address +ldapDisplayName: registeredAddress +attributeId: 2.5.4.26 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: bf967a10-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 4096 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 33049 + +cn: Remote-Server-Name +ldapDisplayName: remoteServerName +attributeId: 1.2.840.113556.1.4.105 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: bf967a12-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Remote-Source +ldapDisplayName: remoteSource +attributeId: 1.2.840.113556.1.4.107 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967a14-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 1024 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Remote-Source-Type +ldapDisplayName: remoteSourceType +attributeId: 1.2.840.113556.1.4.108 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967a15-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Remote-Storage-GUID +ldapDisplayName: remoteStorageGUID +attributeId: 1.2.840.113556.1.4.809 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 2a39c5b0-8960-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Replica-Source +ldapDisplayName: replicaSource +attributeId: 1.2.840.113556.1.4.109 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967a18-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Repl-Interval +ldapDisplayName: replInterval +attributeId: 1.2.840.113556.1.4.1336 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 45ba9d1a-56fa-11d2-90d0-00c04fd91ab1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Repl-Property-Meta-Data +ldapDisplayName: replPropertyMetaData +attributeId: 1.2.840.113556.1.4.3 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 281416c0-1968-11d0-a28f-00aa003049e2 +systemOnly: TRUE +searchFlags: fPRESERVEONDELETE +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_OPERATIONAL |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Repl-Topology-Stay-Of-Execution +ldapDisplayName: replTopologyStayOfExecution +attributeId: 1.2.840.113556.1.4.677 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 7bfdcb83-4807-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Repl-UpToDate-Vector +ldapDisplayName: replUpToDateVector +attributeId: 1.2.840.113556.1.4.4 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf967a16-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Reports +ldapDisplayName: directReports +attributeId: 1.2.840.113556.1.2.436 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: bf967a1c-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +linkID: 43 +mapiID: 32782 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: Reps-From +ldapDisplayName: repsFrom +attributeId: 1.2.840.113556.1.2.91 +attributeSyntax: 2.5.5.10 +omSyntax: 127 +omObjectClass: 1.2.840.113556.1.1.1.6 +isSingleValued: FALSE +schemaIdGuid: bf967a1d-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Reps-To +ldapDisplayName: repsTo +attributeId: 1.2.840.113556.1.2.83 +attributeSyntax: 2.5.5.10 +omSyntax: 127 +omObjectClass: 1.2.840.113556.1.1.1.6 +isSingleValued: FALSE +schemaIdGuid: bf967a1e-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Required-Categories +ldapDisplayName: requiredCategories +attributeId: 1.2.840.113556.1.4.321 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 7d6c0e93-7e20-11d0-afd6-00c04fd930c9 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 16 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Retired-Repl-DSA-Signatures +ldapDisplayName: retiredReplDSASignatures +attributeId: 1.2.840.113556.1.4.673 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 7bfdcb7f-4807-11d1-a9c3-0000f80367c1 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Revision +ldapDisplayName: revision +attributeId: 1.2.840.113556.1.4.145 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967a21-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Rid +ldapDisplayName: rid +attributeId: 1.2.840.113556.1.4.153 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967a22-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: RID-Allocation-Pool +ldapDisplayName: rIDAllocationPool +attributeId: 1.2.840.113556.1.4.371 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 66171889-8f3c-11d0-afda-00c04fd930c9 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: RID-Available-Pool +ldapDisplayName: rIDAvailablePool +attributeId: 1.2.840.113556.1.4.370 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 66171888-8f3c-11d0-afda-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: RID-Manager-Reference +ldapDisplayName: rIDManagerReference +attributeId: 1.2.840.113556.1.4.368 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 66171886-8f3c-11d0-afda-00c04fd930c9 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: RID-Next-RID +ldapDisplayName: rIDNextRID +attributeId: 1.2.840.113556.1.4.374 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 6617188c-8f3c-11d0-afda-00c04fd930c9 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: RID-Previous-Allocation-Pool +ldapDisplayName: rIDPreviousAllocationPool +attributeId: 1.2.840.113556.1.4.372 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 6617188a-8f3c-11d0-afda-00c04fd930c9 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: RID-Set-References +ldapDisplayName: rIDSetReferences +attributeId: 1.2.840.113556.1.4.669 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 7bfdcb7b-4807-11d1-a9c3-0000f80367c1 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: RID-Used-Pool +ldapDisplayName: rIDUsedPool +attributeId: 1.2.840.113556.1.4.373 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 6617188b-8f3c-11d0-afda-00c04fd930c9 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Rights-Guid +ldapDisplayName: rightsGuid +attributeId: 1.2.840.113556.1.4.340 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 8297931c-86d3-11d0-afda-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 36 +rangeUpper: 36 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Role-Occupant +ldapDisplayName: roleOccupant +attributeId: 2.5.4.33 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: a8df7465-c5ea-11d1-bbcb-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +mapiID: 33061 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: roomNumber +ldapDisplayName: roomNumber +attributeId: 0.9.2342.19200300.100.1.6 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 81d7f8c2-e327-4a0d-91c6-b42d4009115f +systemOnly: FALSE +searchFlags: 0 + +cn: Root-Trust +ldapDisplayName: rootTrust +attributeId: 1.2.840.113556.1.4.674 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 7bfdcb80-4807-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: rpc-Ns-Annotation +ldapDisplayName: rpcNsAnnotation +attributeId: 1.2.840.113556.1.4.366 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 88611bde-8cf4-11d0-afda-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: rpc-Ns-Bindings +ldapDisplayName: rpcNsBindings +attributeId: 1.2.840.113556.1.4.113 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: bf967a23-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: rpc-Ns-Codeset +ldapDisplayName: rpcNsCodeset +attributeId: 1.2.840.113556.1.4.367 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 7a0ba0e0-8e98-11d0-afda-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: rpc-Ns-Entry-Flags +ldapDisplayName: rpcNsEntryFlags +attributeId: 1.2.840.113556.1.4.754 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 80212841-4bdc-11d1-a9c4-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: rpc-Ns-Group +ldapDisplayName: rpcNsGroup +attributeId: 1.2.840.113556.1.4.114 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: bf967a24-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: rpc-Ns-Interface-ID +ldapDisplayName: rpcNsInterfaceID +attributeId: 1.2.840.113556.1.4.115 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967a25-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fATTINDEX +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: rpc-Ns-Object-ID +ldapDisplayName: rpcNsObjectID +attributeId: 1.2.840.113556.1.4.312 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 29401c48-7a27-11d0-afd6-00c04fd930c9 +systemOnly: FALSE +searchFlags: fATTINDEX +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: rpc-Ns-Priority +ldapDisplayName: rpcNsPriority +attributeId: 1.2.840.113556.1.4.117 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: FALSE +schemaIdGuid: bf967a27-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: rpc-Ns-Profile-Entry +ldapDisplayName: rpcNsProfileEntry +attributeId: 1.2.840.113556.1.4.118 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967a28-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: rpc-Ns-Transfer-Syntax +ldapDisplayName: rpcNsTransferSyntax +attributeId: 1.2.840.113556.1.4.314 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 29401c4a-7a27-11d0-afd6-00c04fd930c9 +systemOnly: FALSE +searchFlags: fATTINDEX +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: SAM-Account-Name +ldapDisplayName: sAMAccountName +attributeId: 1.2.840.113556.1.4.221 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 3e0abfd0-126a-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: fPRESERVEONDELETE| fANR | fATTINDEX +rangeLower: 0 +rangeUpper: 256 +attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: SAM-Account-Type +ldapDisplayName: sAMAccountType +attributeId: 1.2.840.113556.1.4.302 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 6e7b626c-64f2-11d0-afd2-00c04fd930c9 +systemOnly: FALSE +searchFlags: fATTINDEX +attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: SAM-Domain-Updates +ldapDisplayName: samDomainUpdates +attributeId: 1.2.840.113556.1.4.1969 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 04d2d114-f799-4e9b-bcdc-90e8f5ba7ebe +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 1024 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Schedule +ldapDisplayName: schedule +attributeId: 1.2.840.113556.1.4.211 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: dd712224-10e4-11d0-a05f-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Schema-Flags-Ex +ldapDisplayName: schemaFlagsEx +attributeId: 1.2.840.113556.1.4.120 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967a2b-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Schema-ID-GUID +ldapDisplayName: schemaIDGUID +attributeId: 1.2.840.113556.1.4.148 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf967923-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +rangeLower: 16 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Schema-Info +ldapDisplayName: schemaInfo +attributeId: 1.2.840.113556.1.4.1358 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: f9fb64ae-93b4-11d2-9945-0000f87a57d4 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Schema-Update +ldapDisplayName: schemaUpdate +attributeId: 1.2.840.113556.1.4.481 +attributeSyntax: 2.5.5.11 +omSyntax: 24 +isSingleValued: TRUE +schemaIdGuid: 1e2d06b4-ac8f-11d0-afe3-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: Schema-Version +ldapDisplayName: schemaVersion +attributeId: 1.2.840.113556.1.2.471 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: FALSE +schemaIdGuid: bf967a2c-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +mapiID: 33148 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Scope-Flags +ldapDisplayName: scopeFlags +attributeId: 1.2.840.113556.1.4.1354 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 16f3a4c2-7e79-11d2-9921-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Script-Path +ldapDisplayName: scriptPath +attributeId: 1.2.840.113556.1.4.62 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf9679a8-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: SD-Rights-Effective +ldapDisplayName: sDRightsEffective +attributeId: 1.2.840.113556.1.4.1304 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: c3dbafa6-33df-11d2-98b2-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Search-Flags +ldapDisplayName: searchFlags +attributeId: 1.2.840.113556.1.2.334 +attributeSyntax: 2.5.5.9 +omSyntax: 10 +isSingleValued: TRUE +schemaIdGuid: bf967a2d-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +mapiID: 33069 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Search-Guide +ldapDisplayName: searchGuide +attributeId: 2.5.4.14 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: bf967a2e-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +mapiID: 33070 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: secretary +ldapDisplayName: secretary +attributeId: 0.9.2342.19200300.100.1.21 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 01072d9a-98ad-4a53-9744-e83e287278fb +systemOnly: FALSE +searchFlags: 0 + +cn: Security-Identifier +ldapDisplayName: securityIdentifier +attributeId: 1.2.840.113556.1.4.121 +attributeSyntax: 2.5.5.17 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf967a2f-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: See-Also +ldapDisplayName: seeAlso +attributeId: 2.5.4.34 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: bf967a31-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +mapiID: 33071 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Seq-Notification +ldapDisplayName: seqNotification +attributeId: 1.2.840.113556.1.4.504 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: ddac0cf2-af8f-11d0-afeb-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Serial-Number +ldapDisplayName: serialNumber +attributeId: 2.5.4.5 +attributeSyntax: 2.5.5.5 +omSyntax: 19 +isSingleValued: FALSE +schemaIdGuid: bf967a32-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 64 +mapiID: 33072 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Server-Name +ldapDisplayName: serverName +attributeId: 1.2.840.113556.1.4.223 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 09dcb7a0-165f-11d0-a064-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 1024 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Server-Reference +ldapDisplayName: serverReference +attributeId: 1.2.840.113556.1.4.515 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 26d9736d-6070-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +linkID: 94 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Server-Reference-BL +ldapDisplayName: serverReferenceBL +attributeId: 1.2.840.113556.1.4.516 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 26d9736e-6070-11d1-a9c6-0000f80367c1 +systemOnly: TRUE +searchFlags: 0 +linkID: 95 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Server-Role +ldapDisplayName: serverRole +attributeId: 1.2.840.113556.1.4.157 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967a33-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Server-State +ldapDisplayName: serverState +attributeId: 1.2.840.113556.1.4.154 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967a34-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Service-Binding-Information +ldapDisplayName: serviceBindingInformation +attributeId: 1.2.840.113556.1.4.510 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: b7b1311c-b82e-11d0-afee-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Service-Class-ID +ldapDisplayName: serviceClassID +attributeId: 1.2.840.113556.1.4.122 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf967a35-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Service-Class-Info +ldapDisplayName: serviceClassInfo +attributeId: 1.2.840.113556.1.4.123 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: bf967a36-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Service-Class-Name +ldapDisplayName: serviceClassName +attributeId: 1.2.840.113556.1.4.509 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: b7b1311d-b82e-11d0-afee-0000f80367c1 +systemOnly: FALSE +searchFlags: fATTINDEX +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Service-DNS-Name +ldapDisplayName: serviceDNSName +attributeId: 1.2.840.113556.1.4.657 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 28630eb8-41d5-11d1-a9c1-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Service-DNS-Name-Type +ldapDisplayName: serviceDNSNameType +attributeId: 1.2.840.113556.1.4.659 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 28630eba-41d5-11d1-a9c1-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 256 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Service-Instance-Version +ldapDisplayName: serviceInstanceVersion +attributeId: 1.2.840.113556.1.4.199 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf967a37-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 8 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Service-Principal-Name +ldapDisplayName: servicePrincipalName +attributeId: 1.2.840.113556.1.4.771 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: f3a64788-5306-11d1-a9c5-0000f80367c1 +systemOnly: FALSE +searchFlags: fATTINDEX +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Setup-Command +ldapDisplayName: setupCommand +attributeId: 1.2.840.113556.1.4.325 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 7d6c0e97-7e20-11d0-afd6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ShadowExpire +ldapDisplayName: shadowExpire +attributeId: 1.3.6.1.1.1.1.10 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 75159a00-1fff-4cf4-8bff-4ef2695cf643 +systemOnly: FALSE +searchFlags: 0 + +cn: ShadowFlag +ldapDisplayName: shadowFlag +attributeId: 1.3.6.1.1.1.1.11 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 8dfeb70d-c5db-46b6-b15e-a4389e6cee9b +systemOnly: FALSE +searchFlags: 0 + +cn: ShadowInactive +ldapDisplayName: shadowInactive +attributeId: 1.3.6.1.1.1.1.9 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 86871d1f-3310-4312-8efd-af49dcfb2671 +systemOnly: FALSE +searchFlags: 0 + +cn: ShadowLastChange +ldapDisplayName: shadowLastChange +attributeId: 1.3.6.1.1.1.1.5 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: f8f2689c-29e8-4843-8177-e8b98e15eeac +systemOnly: FALSE +searchFlags: 0 + +cn: ShadowMax +ldapDisplayName: shadowMax +attributeId: 1.3.6.1.1.1.1.7 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: f285c952-50dd-449e-9160-3b880d99988d +systemOnly: FALSE +searchFlags: 0 + +cn: ShadowMin +ldapDisplayName: shadowMin +attributeId: 1.3.6.1.1.1.1.6 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: a76b8737-e5a1-4568-b057-dc12e04be4b2 +systemOnly: FALSE +searchFlags: 0 + +cn: ShadowWarning +ldapDisplayName: shadowWarning +attributeId: 1.3.6.1.1.1.1.8 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 7ae89c9c-2976-4a46-bb8a-340f88560117 +systemOnly: FALSE +searchFlags: 0 + +cn: Shell-Context-Menu +ldapDisplayName: shellContextMenu +attributeId: 1.2.840.113556.1.4.615 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 553fd039-f32e-11d0-b0bc-00c04fd8dca6 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Shell-Property-Pages +ldapDisplayName: shellPropertyPages +attributeId: 1.2.840.113556.1.4.563 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 52458039-ca6a-11d0-afff-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Short-Server-Name +ldapDisplayName: shortServerName +attributeId: 1.2.840.113556.1.4.1209 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 45b01501-c419-11d1-bbc9-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Show-In-Address-Book +ldapDisplayName: showInAddressBook +attributeId: 1.2.840.113556.1.4.644 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 3e74f60e-3e73-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +searchFlags: fCOPY +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Show-In-Advanced-View-Only +ldapDisplayName: showInAdvancedViewOnly +attributeId: 1.2.840.113556.1.2.169 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: bf967984-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY| fATTINDEX +attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: SID-History +ldapDisplayName: sIDHistory +attributeId: 1.2.840.113556.1.4.609 +attributeSyntax: 2.5.5.17 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 17eb4278-d167-11d0-b002-0000f80367c1 +systemOnly: FALSE +searchFlags: fATTINDEX +attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Signature-Algorithms +ldapDisplayName: signatureAlgorithms +attributeId: 1.2.840.113556.1.4.824 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 2a39c5b2-8960-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Site-GUID +ldapDisplayName: siteGUID +attributeId: 1.2.840.113556.1.4.362 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 3e978924-8c01-11d0-afda-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 16 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Site-Link-List +ldapDisplayName: siteLinkList +attributeId: 1.2.840.113556.1.4.822 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: d50c2cdd-8951-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +linkID: 142 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Site-List +ldapDisplayName: siteList +attributeId: 1.2.840.113556.1.4.821 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: d50c2cdc-8951-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +linkID: 144 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Site-Object +ldapDisplayName: siteObject +attributeId: 1.2.840.113556.1.4.512 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 3e10944c-c354-11d0-aff8-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +linkID: 46 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Site-Object-BL +ldapDisplayName: siteObjectBL +attributeId: 1.2.840.113556.1.4.513 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 3e10944d-c354-11d0-aff8-0000f80367c1 +systemOnly: TRUE +searchFlags: 0 +linkID: 47 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED + +cn: Site-Server +ldapDisplayName: siteServer +attributeId: 1.2.840.113556.1.4.494 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 1be8f17c-a9ff-11d0-afe2-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: SMTP-Mail-Address +ldapDisplayName: mailAddress +attributeId: 1.2.840.113556.1.4.786 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 26d9736f-6070-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: SPN-Mappings +ldapDisplayName: sPNMappings +attributeId: 1.2.840.113556.1.4.1347 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 2ab0e76c-7041-11d2-9905-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: State-Or-Province-Name +ldapDisplayName: st +attributeId: 2.5.4.8 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967a39-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +rangeLower: 1 +rangeUpper: 128 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 14888 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Street-Address +ldapDisplayName: street +attributeId: 2.5.4.9 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967a3a-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +rangeLower: 1 +rangeUpper: 1024 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 33082 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Structural-Object-Class +ldapDisplayName: structuralObjectClass +attributeId: 2.5.21.9 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: FALSE +schemaIdGuid: 3860949f-f6a8-4b38-9950-81ecb6bc2982 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Sub-Class-Of +ldapDisplayName: subClassOf +attributeId: 1.2.840.113556.1.2.21 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: TRUE +schemaIdGuid: bf967a3b-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: fPRESERVEONDELETE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Sub-Refs +ldapDisplayName: subRefs +attributeId: 1.2.840.113556.1.2.7 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: bf967a3c-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +mapiID: 33083 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: SubSchemaSubEntry +ldapDisplayName: subSchemaSubEntry +attributeId: 2.5.18.10 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 9a7ad94d-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Superior-DNS-Root +ldapDisplayName: superiorDNSRoot +attributeId: 1.2.840.113556.1.4.532 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 5245801d-ca6a-11d0-afff-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Super-Scope-Description +ldapDisplayName: superScopeDescription +attributeId: 1.2.840.113556.1.4.711 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 963d274c-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Super-Scopes +ldapDisplayName: superScopes +attributeId: 1.2.840.113556.1.4.710 +attributeSyntax: 2.5.5.5 +omSyntax: 19 +isSingleValued: FALSE +schemaIdGuid: 963d274b-48be-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Supplemental-Credentials +ldapDisplayName: supplementalCredentials +attributeId: 1.2.840.113556.1.4.125 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: bf967a3f-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Supported-Application-Context +ldapDisplayName: supportedApplicationContext +attributeId: 2.5.4.30 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 1677588f-47f3-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +mapiID: 33085 + +cn: Surname +ldapDisplayName: sn +attributeId: 2.5.4.4 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967a41-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fANR | fATTINDEX +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 14865 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Sync-Attributes +ldapDisplayName: syncAttributes +attributeId: 1.2.840.113556.1.4.666 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 037651e4-441d-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Sync-Membership +ldapDisplayName: syncMembership +attributeId: 1.2.840.113556.1.4.665 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 037651e3-441d-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +linkID: 78 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Sync-With-Object +ldapDisplayName: syncWithObject +attributeId: 1.2.840.113556.1.4.664 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 037651e2-441d-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Sync-With-SID +ldapDisplayName: syncWithSID +attributeId: 1.2.840.113556.1.4.667 +attributeSyntax: 2.5.5.17 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 037651e5-441d-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: System-Auxiliary-Class +ldapDisplayName: systemAuxiliaryClass +attributeId: 1.2.840.113556.1.4.198 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: FALSE +schemaIdGuid: bf967a43-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: System-Flags +ldapDisplayName: systemFlags +attributeId: 1.2.840.113556.1.4.375 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: e0fa1e62-9b45-11d0-afdd-00c04fd930c9 +systemOnly: TRUE +searchFlags: fPRESERVEONDELETE +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: System-May-Contain +ldapDisplayName: systemMayContain +attributeId: 1.2.840.113556.1.4.196 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: FALSE +schemaIdGuid: bf967a44-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: System-Must-Contain +ldapDisplayName: systemMustContain +attributeId: 1.2.840.113556.1.4.197 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: FALSE +schemaIdGuid: bf967a45-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: System-Only +ldapDisplayName: systemOnly +attributeId: 1.2.840.113556.1.4.170 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: bf967a46-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: System-Poss-Superiors +ldapDisplayName: systemPossSuperiors +attributeId: 1.2.840.113556.1.4.195 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: FALSE +schemaIdGuid: bf967a47-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Telephone-Number +ldapDisplayName: telephoneNumber +attributeId: 2.5.4.20 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967a49-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 14856 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Teletex-Terminal-Identifier +ldapDisplayName: teletexTerminalIdentifier +attributeId: 2.5.4.22 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: bf967a4a-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 33091 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Telex-Number +ldapDisplayName: telexNumber +attributeId: 2.5.4.21 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: bf967a4b-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 32 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 14892 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Telex-Primary +ldapDisplayName: primaryTelexNumber +attributeId: 1.2.840.113556.1.4.648 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 0296c121-40da-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 64 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Template-Roots +ldapDisplayName: templateRoots +attributeId: 1.2.840.113556.1.4.1346 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: ed9de9a0-7041-11d2-9905-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Template-Roots2 +ldapDisplayName: templateRoots2 +attributeId: 1.2.840.113556.1.4.2048 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +linkId: 2126 +schemaIdGuid: b1cba91a-0682-4362-a659-153e201ef069 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Terminal-Server +ldapDisplayName: terminalServer +attributeId: 1.2.840.113556.1.4.885 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 6db69a1c-9422-11d1-aebd-0000f80367c1 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeUpper: 20480 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Text-Country +ldapDisplayName: co +attributeId: 1.2.840.113556.1.2.131 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: f0f8ffa7-1191-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: fCOPY +rangeLower: 1 +rangeUpper: 128 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 14886 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Text-Encoded-OR-Address +ldapDisplayName: textEncodedORAddress +attributeId: 0.9.2342.19200300.100.1.2 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: a8df7489-c5ea-11d1-bbcb-0080c76670c0 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 1024 +mapiID: 35969 + +cn: Time-Refresh +ldapDisplayName: timeRefresh +attributeId: 1.2.840.113556.1.4.503 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: ddac0cf1-af8f-11d0-afeb-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Time-Vol-Change +ldapDisplayName: timeVolChange +attributeId: 1.2.840.113556.1.4.502 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: ddac0cf0-af8f-11d0-afeb-00c04fd930c9 +systemOnly: FALSE +searchFlags: fATTINDEX +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Title +ldapDisplayName: title +attributeId: 2.5.4.12 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967a55-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 128 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +mapiID: 14871 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Token-Groups +ldapDisplayName: tokenGroups +attributeId: 1.2.840.113556.1.4.1301 +attributeSyntax: 2.5.5.17 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: b7c69e6d-2cc7-11d2-854e-00a0c983f608 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Token-Groups-Global-And-Universal +ldapDisplayName: tokenGroupsGlobalAndUniversal +attributeId: 1.2.840.113556.1.4.1418 +attributeSyntax: 2.5.5.17 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 46a9b11d-60ae-405a-b7e8-ff8a58d456d2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Token-Groups-No-GC-Acceptable +ldapDisplayName: tokenGroupsNoGCAcceptable +attributeId: 1.2.840.113556.1.4.1303 +attributeSyntax: 2.5.5.17 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 040fc392-33df-11d2-98b2-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939 +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Tombstone-Lifetime +ldapDisplayName: tombstoneLifetime +attributeId: 1.2.840.113556.1.2.54 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 16c3a860-1273-11d0-a060-00aa006c33ed +systemOnly: FALSE +searchFlags: 0 +mapiID: 33093 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Transport-Address-Attribute +ldapDisplayName: transportAddressAttribute +attributeId: 1.2.840.113556.1.4.895 +attributeSyntax: 2.5.5.2 +omSyntax: 6 +isSingleValued: TRUE +schemaIdGuid: c1dc867c-a261-11d1-b606-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Transport-DLL-Name +ldapDisplayName: transportDLLName +attributeId: 1.2.840.113556.1.4.789 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 26d97372-6070-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 1024 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Transport-Type +ldapDisplayName: transportType +attributeId: 1.2.840.113556.1.4.791 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: 26d97374-6070-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Treat-As-Leaf +ldapDisplayName: treatAsLeaf +attributeId: 1.2.840.113556.1.4.806 +attributeSyntax: 2.5.5.8 +omSyntax: 1 +isSingleValued: TRUE +schemaIdGuid: 8fd044e3-771f-11d1-aeae-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Tree-Name +ldapDisplayName: treeName +attributeId: 1.2.840.113556.1.4.660 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 28630ebd-41d5-11d1-a9c1-0000f80367c1 +systemOnly: TRUE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Trust-Attributes +ldapDisplayName: trustAttributes +attributeId: 1.2.840.113556.1.4.470 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 80a67e5a-9f22-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Trust-Auth-Incoming +ldapDisplayName: trustAuthIncoming +attributeId: 1.2.840.113556.1.4.129 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf967a59-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Trust-Auth-Outgoing +ldapDisplayName: trustAuthOutgoing +attributeId: 1.2.840.113556.1.4.135 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf967a5f-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Trust-Direction +ldapDisplayName: trustDirection +attributeId: 1.2.840.113556.1.4.132 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967a5c-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Trust-Parent +ldapDisplayName: trustParent +attributeId: 1.2.840.113556.1.4.471 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: TRUE +schemaIdGuid: b000ea7a-a086-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Trust-Partner +ldapDisplayName: trustPartner +attributeId: 1.2.840.113556.1.4.133 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967a5d-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 1 +rangeUpper: 1024 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Trust-Posix-Offset +ldapDisplayName: trustPosixOffset +attributeId: 1.2.840.113556.1.4.134 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967a5e-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Trust-Type +ldapDisplayName: trustType +attributeId: 1.2.840.113556.1.4.136 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967a60-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: UAS-Compat +ldapDisplayName: uASCompat +attributeId: 1.2.840.113556.1.4.155 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967a61-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: uid +ldapDisplayName: uid +attributeId: 0.9.2342.19200300.100.1.1 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 0bb0fca0-1e89-429f-901a-1413894d9f59 +systemOnly: FALSE +searchFlags: fPRESERVEONDELETE +attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf + +cn: UidNumber +ldapDisplayName: uidNumber +attributeId: 1.3.6.1.1.1.1.0 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 850fcc8f-9c6b-47e1-b671-7c654be4d5b3 +systemOnly: FALSE +searchFlags: fATTINDEX + +cn: UNC-Name +ldapDisplayName: uNCName +attributeId: 1.2.840.113556.1.4.137 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967a64-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fATTINDEX +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Unicode-Pwd +ldapDisplayName: unicodePwd +attributeId: 1.2.840.113556.1.4.90 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf9679e1-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: uniqueIdentifier +ldapDisplayName: uniqueIdentifier +attributeId: 0.9.2342.19200300.100.1.44 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: ba0184c7-38c5-4bed-a526-75421470580c +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 256 + +cn: uniqueMember +ldapDisplayName: uniqueMember +attributeId: 2.5.4.50 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 8f888726-f80a-44d7-b1ee-cb9df21392c8 +systemOnly: FALSE +searchFlags: 0 + +cn: UnixHomeDirectory +ldapDisplayName: unixHomeDirectory +attributeId: 1.3.6.1.1.1.1.3 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: TRUE +schemaIdGuid: bc2dba12-000f-464d-bf1d-0808465d8843 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 2048 + +cn: UnixUserPassword +ldapDisplayName: unixUserPassword +attributeId: 1.2.840.113556.1.4.1910 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 612cb747-c0e8-4f92-9221-fdd5f15b550d +systemOnly: FALSE +searchFlags:fCONFIDENTIAL +rangeLower: 1 +rangeUpper: 128 + +cn: unstructuredAddress +ldapDisplayName: unstructuredAddress +attributeId: 1.2.840.113549.1.9.8 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 50950839-cc4c-4491-863a-fcf942d684b7 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 256 + +cn: unstructuredName +ldapDisplayName: unstructuredName +attributeId: 1.2.840.113549.1.9.2 +attributeSyntax: 2.5.5.5 +omSyntax: 22 +isSingleValued: FALSE +schemaIdGuid: 9c8ef177-41cf-45c9-9673-7716c0c8901b +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 256 + +cn: Upgrade-Product-Code +ldapDisplayName: upgradeProductCode +attributeId: 1.2.840.113556.1.4.813 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: d9e18312-8939-11d1-aebc-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: UPN-Suffixes +ldapDisplayName: uPNSuffixes +attributeId: 1.2.840.113556.1.4.890 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 032160bf-9824-11d1-aec0-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: User-Account-Control +ldapDisplayName: userAccountControl +attributeId: 1.2.840.113556.1.4.8 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967a68-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY| fPRESERVEONDELETE | fATTINDEX +attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: User-Cert +ldapDisplayName: userCert +attributeId: 1.2.840.113556.1.4.645 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: bf967a69-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 14882 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: userClass +ldapDisplayName: userClass +attributeId: 0.9.2342.19200300.100.1.8 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 11732a8a-e14d-4cc5-b92f-d93f51c6d8e4 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 256 + +cn: User-Comment +ldapDisplayName: comment +attributeId: 1.2.840.113556.1.4.156 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967a6a-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: User-Parameters +ldapDisplayName: userParameters +attributeId: 1.2.840.113556.1.4.138 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967a6d-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 32767 +attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: User-Password +ldapDisplayName: userPassword +attributeId: 2.5.4.35 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: bf967a6e-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 128 +mapiID: 33107 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: userPKCS12 +ldapDisplayName: userPKCS12 +attributeId: 2.16.840.1.113730.3.1.216 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: 23998ab5-70f8-4007-a4c1-a84a38311f9a +systemOnly: FALSE +searchFlags: 0 + +cn: User-Principal-Name +ldapDisplayName: userPrincipalName +attributeId: 1.2.840.113556.1.4.656 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 28630ebb-41d5-11d1-a9c1-0000f80367c1 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeUpper: 1024 +attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: User-Shared-Folder +ldapDisplayName: userSharedFolder +attributeId: 1.2.840.113556.1.4.751 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 9a9a021f-4a5b-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: User-Shared-Folder-Other +ldapDisplayName: userSharedFolderOther +attributeId: 1.2.840.113556.1.4.752 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 9a9a0220-4a5b-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: User-SMIME-Certificate +ldapDisplayName: userSMIMECertificate +attributeId: 2.16.840.1.113730.3.140 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: e16a9db2-403c-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 32768 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 14960 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: User-Workstations +ldapDisplayName: userWorkstations +attributeId: 1.2.840.113556.1.4.86 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf9679d7-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: fCOPY +rangeLower: 0 +rangeUpper: 1024 +attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: USN-Changed +ldapDisplayName: uSNChanged +attributeId: 1.2.840.113556.1.2.120 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf967a6f-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: fPRESERVEONDELETE | fATTINDEX +mapiID: 32809 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: USN-Created +ldapDisplayName: uSNCreated +attributeId: 1.2.840.113556.1.2.19 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf967a70-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: fPRESERVEONDELETE | fATTINDEX +mapiID: 33108 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: USN-DSA-Last-Obj-Removed +ldapDisplayName: uSNDSALastObjRemoved +attributeId: 1.2.840.113556.1.2.267 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf967a71-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +mapiID: 33109 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: USN-Intersite +ldapDisplayName: USNIntersite +attributeId: 1.2.840.113556.1.2.469 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: a8df7498-c5ea-11d1-bbcb-0080c76670c0 +systemOnly: FALSE +searchFlags: fATTINDEX +mapiID: 33146 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: USN-Last-Obj-Rem +ldapDisplayName: uSNLastObjRem +attributeId: 1.2.840.113556.1.2.121 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: bf967a73-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +mapiID: 33110 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: USN-Source +ldapDisplayName: uSNSource +attributeId: 1.2.840.113556.1.4.896 +attributeSyntax: 2.5.5.16 +omSyntax: 65 +isSingleValued: TRUE +schemaIdGuid: 167758ad-47f3-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +mapiID: 33111 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Valid-Accesses +ldapDisplayName: validAccesses +attributeId: 1.2.840.113556.1.4.1356 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 4d2fa380-7f54-11d2-992a-0000f87a57d4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Vendor +ldapDisplayName: vendor +attributeId: 1.2.840.113556.1.4.255 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: 281416df-1968-11d0-a28f-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 512 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Version-Number +ldapDisplayName: versionNumber +attributeId: 1.2.840.113556.1.4.141 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: bf967a76-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Version-Number-Hi +ldapDisplayName: versionNumberHi +attributeId: 1.2.840.113556.1.4.328 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 7d6c0e9a-7e20-11d0-afd6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Version-Number-Lo +ldapDisplayName: versionNumberLo +attributeId: 1.2.840.113556.1.4.329 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 7d6c0e9b-7e20-11d0-afd6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Vol-Table-GUID +ldapDisplayName: volTableGUID +attributeId: 1.2.840.113556.1.4.336 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 1f0075fd-7e40-11d0-afd6-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 0 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Vol-Table-Idx-GUID +ldapDisplayName: volTableIdxGUID +attributeId: 1.2.840.113556.1.4.334 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 1f0075fb-7e40-11d0-afd6-00c04fd930c9 +systemOnly: FALSE +searchFlags: fATTINDEX +rangeLower: 0 +rangeUpper: 16 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Volume-Count +ldapDisplayName: volumeCount +attributeId: 1.2.840.113556.1.4.507 +attributeSyntax: 2.5.5.9 +omSyntax: 2 +isSingleValued: TRUE +schemaIdGuid: 34aaa217-b699-11d0-afee-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Wbem-Path +ldapDisplayName: wbemPath +attributeId: 1.2.840.113556.1.4.301 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 244b2970-5abd-11d0-afd2-00c04fd930c9 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Well-Known-Objects +ldapDisplayName: wellKnownObjects +attributeId: 1.2.840.113556.1.4.618 +attributeSyntax: 2.5.5.7 +omSyntax: 127 +omObjectClass: 1.2.840.113556.1.1.1.11 +isSingleValued: FALSE +schemaIdGuid: 05308983-7688-11d1-aded-00c04fd8d5cd +systemOnly: TRUE +searchFlags: 0 +rangeLower: 16 +rangeUpper: 16 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: When-Changed +ldapDisplayName: whenChanged +attributeId: 1.2.840.113556.1.2.3 +attributeSyntax: 2.5.5.11 +omSyntax: 24 +isSingleValued: TRUE +schemaIdGuid: bf967a77-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +mapiID: 12296 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: When-Created +ldapDisplayName: whenCreated +attributeId: 1.2.840.113556.1.2.2 +attributeSyntax: 2.5.5.11 +omSyntax: 24 +isSingleValued: TRUE +schemaIdGuid: bf967a78-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +searchFlags: 0 +mapiID: 12295 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + +cn: Winsock-Addresses +ldapDisplayName: winsockAddresses +attributeId: 1.2.840.113556.1.4.142 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: bf967a79-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: WWW-Home-Page +ldapDisplayName: wWWHomePage +attributeId: 1.2.840.113556.1.2.464 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: TRUE +schemaIdGuid: bf967a7a-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 2048 +attributeSecurityGuid: e45795b3-9455-11d1-aebd-0000f80367c1 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: WWW-Page-Other +ldapDisplayName: url +attributeId: 1.2.840.113556.1.4.749 +attributeSyntax: 2.5.5.12 +omSyntax: 64 +isSingleValued: FALSE +schemaIdGuid: 9a9a0221-4a5b-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +searchFlags: 0 +attributeSecurityGuid: e45795b3-9455-11d1-aebd-0000f80367c1 +mapiID: 33141 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: X121-Address +ldapDisplayName: x121Address +attributeId: 2.5.4.24 +attributeSyntax: 2.5.5.6 +omSyntax: 18 +isSingleValued: FALSE +schemaIdGuid: bf967a7b-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeLower: 1 +rangeUpper: 15 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 33112 +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: x500uniqueIdentifier +ldapDisplayName: x500uniqueIdentifier +attributeId: 2.5.4.45 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: d07da11f-8a3d-42b6-b0aa-76c962be719a +systemOnly: FALSE +searchFlags: 0 + +cn: X509-Cert +ldapDisplayName: userCertificate +attributeId: 2.5.4.36 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: FALSE +schemaIdGuid: bf967a7f-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +searchFlags: 0 +rangeUpper: 32768 +attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 +mapiID: 35946 +isMemberOfPartialAttributeSet: TRUE +systemFlags: FLAG_SCHEMA_BASE_OBJECT + diff --git a/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt b/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt new file mode 100644 index 0000000000..68dfa797f5 --- /dev/null +++ b/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt @@ -0,0 +1,3533 @@ +#Intellectual Property Rights Notice for Protocol Documentation +#• Copyrights. This protocol documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the protocols, and may distribute portions of it in your implementations of the protocols or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the protocol documentation. +#• No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. +#• Patents. Microsoft has patents that may cover your implementations of the protocols. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, the protocols may be covered by Microsoft’s Open Specification Promise (available here: http://www.microsoft.com/interop/osp). If you would prefer a written license, or if the protocols are not covered by the OSP, patent licenses are available by contacting protocol@microsoft.com. +#• Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights. +#Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise. +#Tools. This protocol documentation is intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it. A protocol specification does not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. +# + + +cn: account +ldapDisplayName: account +governsId: 0.9.2342.19200300.100.4.5 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mayContain: uid, host, ou, o, l, seeAlso, description +possSuperiors: organizationalUnit, container +schemaIdGuid:2628a46a-a6ad-4ae0-b854-2b12d9fe6f9e +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=account,CN=Schema,CN=Configuration, + +cn: ACS-Policy +ldapDisplayName: aCSPolicy +governsId: 1.2.840.113556.1.5.137 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: aCSTotalNoOfFlows, aCSTimeOfDay, aCSServiceType,aCSPriority, aCSPermissionBits, aCSMinimumDelayVariation,aCSMinimumLatency, aCSMaximumSDUSize, aCSMinimumPolicedSize,aCSMaxTokenRatePerFlow, aCSMaxTokenBucketPerFlow,aCSMaxPeakBandwidthPerFlow, aCSMaxDurationPerFlow,aCSMaxAggregatePeakRatePerUser, aCSIdentityName, aCSDirection,aCSAggregateTokenRatePerUser +systemPossSuperiors: container +schemaIdGuid:7f561288-5301-11d1-a9c5-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ACS-Policy,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Resource-Limits +ldapDisplayName: aCSResourceLimits +governsId: 1.2.840.113556.1.5.191 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: aCSMaxTokenRatePerFlow, aCSServiceType,aCSMaxPeakBandwidthPerFlow, aCSMaxPeakBandwidth,aCSAllocableRSVPBandwidth +systemPossSuperiors: container +schemaIdGuid:2e899b04-2834-11d3-91d4-0000f87a57d4 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ACS-Resource-Limits,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ACS-Subnet +ldapDisplayName: aCSSubnet +governsId: 1.2.840.113556.1.5.138 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: aCSServerList, aCSRSVPLogFilesLocation,aCSRSVPAccountFilesLocation, aCSNonReservedTxSize,aCSNonReservedTxLimit, aCSNonReservedTokenSize,aCSNonReservedPeakRate, aCSNonReservedMinPolicedSize,aCSNonReservedMaxSDUSize, aCSMaxTokenRatePerFlow,aCSMaxSizeOfRSVPLogFile, aCSMaxSizeOfRSVPAccountFile,aCSMaxPeakBandwidthPerFlow, aCSMaxPeakBandwidth, aCSMaxNoOfLogFiles,aCSMaxNoOfAccountFiles, aCSMaxDurationPerFlow, aCSEventLogLevel,aCSEnableRSVPMessageLogging, aCSEnableRSVPAccounting,aCSEnableACSService, aCSDSBMRefresh, aCSDSBMPriority,aCSDSBMDeadTime, aCSCacheTimeout, aCSAllocableRSVPBandwidth +systemPossSuperiors: container +schemaIdGuid:7f561289-5301-11d1-a9c5-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ACS-Subnet,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Address-Book-Container +ldapDisplayName: addressBookContainer +governsId: 1.2.840.113556.1.5.125 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: displayName +systemMayContain: purportedSearch +systemPossSuperiors: addressBookContainer, configuration +schemaIdGuid:3e74f60f-3e73-11d1-a9c0-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;CR;a1990816-4298-11d1-ade2-00c04fd8d5cd;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Address-Book-Container,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Address-Template +ldapDisplayName: addressTemplate +governsId: 1.2.840.113556.1.3.58 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: displayTemplate +systemMustContain: displayName +systemMayContain: proxyGenerationEnabled, perRecipDialogDisplayTable,perMsgDialogDisplayTable, addressType, addressSyntax +systemPossSuperiors: container +schemaIdGuid:5fd4250a-1262-11d0-a060-00aa006c33ed +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Address-Template,CN=Schema,CN=Configuration, + +cn: Application-Entity +ldapDisplayName: applicationEntity +governsId: 2.5.6.12 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: presentationAddress, cn +systemMayContain: supportedApplicationContext, seeAlso, ou, o, l +systemPossSuperiors: applicationProcess, organizationalUnit,container +schemaIdGuid:3fdfee4f-47f4-11d1-a9c3-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Application-Entity,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Application-Process +ldapDisplayName: applicationProcess +governsId: 2.5.6.11 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: cn +systemMayContain: seeAlso, ou, l +systemPossSuperiors: organizationalUnit, organization, container,computer +schemaIdGuid:5fd4250b-1262-11d0-a060-00aa006c33ed +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: TRUE +defaultObjectCategory: CN=Application-Process,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Application-Settings +ldapDisplayName: applicationSettings +governsId: 1.2.840.113556.1.5.7000.49 +objectClassCategory: 2 +rdnAttId: cn +subClassOf: top +systemMayContain: notificationList, msDS-Settings, applicationName +systemPossSuperiors: server +schemaIdGuid:f780acc1-56f0-11d1-a9c6-0000f80367c1 +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Application-Settings,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Application-Site-Settings +ldapDisplayName: applicationSiteSettings +governsId: 1.2.840.113556.1.5.68 +objectClassCategory: 2 +rdnAttId: cn +subClassOf: top +systemMayContain: notificationList, applicationName +systemPossSuperiors: site +schemaIdGuid:19195a5c-6da0-11d0-afd3-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Application-Site-Settings,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Application-Version +ldapDisplayName: applicationVersion +governsId: 1.2.840.113556.1.5.216 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: applicationSettings +mayContain: owner, managedBy, keywords, versionNumberLo,versionNumberHi, versionNumber, vendor, appSchemaVersion +possSuperiors: organizationalUnit, computer, container +schemaIdGuid:ddc790ac-af4d-442a-8f0f-a1d4caa7dd92 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Application-Version,CN=Schema,CN=Configuration, + +cn: Attribute-Schema +ldapDisplayName: attributeSchema +governsId: 1.2.840.113556.1.3.14 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: schemaIDGUID, oMSyntax, lDAPDisplayName,isSingleValued, cn, attributeSyntax, attributeID +systemMayContain: systemOnly, searchFlags, schemaFlagsEx, rangeUpper,rangeLower, oMObjectClass, msDs-Schema-Extensions, msDS-IntId,mAPIID, linkID, isMemberOfPartialAttributeSet, isEphemeral,isDefunct, extendedCharsAllowed, classDisplayName,attributeSecurityGUID +systemPossSuperiors: dMD +schemaIdGuid:bf967a80-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:S: +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_DOMAIN_DISALLOW_RENAME + +cn: BootableDevice +ldapDisplayName: bootableDevice +governsId: 1.3.6.1.1.1.2.12 +objectClassCategory: 3 +rdnAttId: cn +subClassOf: top +mayContain: cn, bootParameter, bootFile +schemaIdGuid:4bcb2477-4bb3-4545-a9fc-fb66e136b435 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=BootableDevice,CN=Schema,CN=Configuration, + +cn: Builtin-Domain +ldapDisplayName: builtinDomain +governsId: 1.2.840.113556.1.5.4 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemAuxiliaryClass: samDomainBase +systemPossSuperiors: domainDNS +schemaIdGuid:bf967a81-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Category-Registration +ldapDisplayName: categoryRegistration +governsId: 1.2.840.113556.1.5.74 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: leaf +systemMayContain: managedBy, localizedDescription, localeID,categoryId +systemPossSuperiors: classStore +schemaIdGuid:7d6c0e9d-7e20-11d0-afd6-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Category-Registration,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Certification-Authority +ldapDisplayName: certificationAuthority +governsId: 2.5.6.16 +objectClassCategory: 0 +rdnAttId: cn +subClassOf: top +systemMustContain: cn, certificateRevocationList, cACertificate,authorityRevocationList +systemMayContain: teletexTerminalIdentifier,supportedApplicationContext, signatureAlgorithms, searchGuide,previousParentCA, previousCACertificates, pendingParentCA,pendingCACertificates, parentCACertificateChain, parentCA,enrollmentProviders, domainPolicyObject, domainID, dNSHostName,deltaRevocationList, currentParentCA, crossCertificatePair,cRLObject, certificateTemplates, cAWEBURL, cAUsages, cAConnect,cACertificateDN +systemPossSuperiors: container +schemaIdGuid:3fdfee50-47f4-11d1-a9c3-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Certification-Authority,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Class-Registration +ldapDisplayName: classRegistration +governsId: 1.2.840.113556.1.5.10 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: leaf +systemMayContain: requiredCategories, managedBy,implementedCategories, cOMTreatAsClassId, cOMProgID,cOMOtherProgId, cOMInterfaceID, cOMCLSID +systemPossSuperiors: classStore +schemaIdGuid:bf967a82-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Class-Registration,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Class-Schema +ldapDisplayName: classSchema +governsId: 1.2.840.113556.1.3.13 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: subClassOf, schemaIDGUID, objectClassCategory,governsID, defaultObjectCategory, cn +systemMayContain: systemPossSuperiors, systemOnly, systemMustContain,systemMayContain, systemAuxiliaryClass, schemaFlagsEx, rDNAttID,possSuperiors, mustContain, msDs-Schema-Extensions, msDS-IntId,mayContain, lDAPDisplayName, isDefunct, defaultSecurityDescriptor,defaultHidingValue, classDisplayName, auxiliaryClass +systemPossSuperiors: dMD +schemaIdGuid:bf967a83-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:S: +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Class-Schema,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_DOMAIN_DISALLOW_RENAME + +cn: Class-Store +ldapDisplayName: classStore +governsId: 1.2.840.113556.1.5.44 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: versionNumber, nextLevelStore, lastUpdateSequence,appSchemaVersion +systemPossSuperiors: domainPolicy, computer, group, user, classStore,organizationalUnit, domainDNS, container +schemaIdGuid:bf967a84-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Class-Store,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Com-Connection-Point +ldapDisplayName: comConnectionPoint +governsId: 1.2.840.113556.1.5.11 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: connectionPoint +systemMustContain: cn +systemMayContain: monikerDisplayName, moniker, marshalledInterface +systemPossSuperiors: container +schemaIdGuid:bf967a85-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Com-Connection-Point,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Computer +ldapDisplayName: computer +governsId: 1.2.840.113556.1.3.30 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: user +auxiliaryClass: ipHost +mayContain: msSFU30Aliases, msSFU30NisDomain, nisMapName,msSFU30Name +systemMayContain: msTSEndpointData, msTSEndpointType,msTS-EndpointPlugin, msDS-HostServiceAccount,msDS-IsUserCachableAtRodc, msTSProperty02,msTSProperty01, msTPM-OwnerInformation, msDS-RevealOnDemandGroup,msDS-NeverRevealGroup, msDS-PromotionSettings, msDS-SiteName,msDS-isRODC, msDS-isGC, msDS-AuthenticatedAtDC, msDS-RevealedList,msDS-RevealedUsers, msDS-ExecuteScriptPassword, msDS-KrbTgtLink,volumeCount, siteGUID, rIDSetReferences, policyReplicationFlags,physicalLocationObject, operatingSystemVersion,operatingSystemServicePack, operatingSystemHotfix, operatingSystem,networkAddress, netbootSIFFile, netbootMirrorDataFile,netbootMachineFilePath, netbootInitialization, netbootGUID,msDS-AdditionalSamAccountName, msDS-AdditionalDnsHostName,managedBy, machineRole, location, localPolicyFlags, dNSHostName,defaultLocalPolicyObject, cn, catalogs +systemPossSuperiors: container, organizationalUnit, domainDNS +schemaIdGuid:bf967a86-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(A;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560) +defaultHidingValue: FALSE +systemOnly: FALSE +defaultObjectCategory: CN=Computer,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Configuration +ldapDisplayName: configuration +governsId: 1.2.840.113556.1.5.12 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: cn +systemMayContain: msDS-USNLastSyncSuccess, gPOptions, gPLink +systemPossSuperiors: domainDNS +schemaIdGuid:bf967a87-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: TRUE +defaultObjectCategory: CN=Configuration,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Connection-Point +ldapDisplayName: connectionPoint +governsId: 1.2.840.113556.1.5.14 +objectClassCategory: 2 +rdnAttId: cn +subClassOf: leaf +systemMustContain: cn +systemMayContain: msDS-Settings, managedBy, keywords +systemPossSuperiors: container, computer +schemaIdGuid:5cb41ecf-0e4c-11d0-a286-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Connection-Point,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Contact +ldapDisplayName: contact +governsId: 1.2.840.113556.1.5.15 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: organizationalPerson +systemAuxiliaryClass: mailRecipient +systemMustContain: cn +mayContain: msDS-SourceObjectDN +systemMayContain: notes +systemPossSuperiors: organizationalUnit, domainDNS +schemaIdGuid:5cb41ed0-0e4c-11d0-a286-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: FALSE +systemOnly: FALSE +defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Container +ldapDisplayName: container +governsId: 1.2.840.113556.1.3.23 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: cn +mayContain: msDS-ObjectReference +systemMayContain: schemaVersion, defaultClassStore +systemPossSuperiors: msDS-AzScope, msDS-AzApplication,msDS-AzAdminManager, subnet, server, nTDSService, domainDNS,organization, configuration, container, organizationalUnit +schemaIdGuid:bf967a8b-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Container,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Control-Access-Right +ldapDisplayName: controlAccessRight +governsId: 1.2.840.113556.1.5.77 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: validAccesses, rightsGuid, localizationDisplayId,appliesTo +systemPossSuperiors: container +schemaIdGuid:8297931e-86d3-11d0-afda-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Control-Access-Right,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Country +ldapDisplayName: country +governsId: 2.5.6.2 +objectClassCategory: 0 +rdnAttId: c +subClassOf: top +systemMustContain: c +systemMayContain: co, searchGuide +systemPossSuperiors: domainDNS, organization +schemaIdGuid:bf967a8c-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Country,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: CRL-Distribution-Point +ldapDisplayName: cRLDistributionPoint +governsId: 2.5.6.19 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: cn +systemMayContain: deltaRevocationList, cRLPartitionedRevocationList,certificateRevocationList, certificateAuthorityObject,authorityRevocationList +systemPossSuperiors: container +schemaIdGuid:167758ca-47f3-11d1-a9c3-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=CRL-Distribution-Point,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Cross-Ref +ldapDisplayName: crossRef +governsId: 1.2.840.113556.1.3.11 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: nCName, dnsRoot, cn +systemMayContain: msDS-NC-RO-Replica-Locations, trustParent,superiorDNSRoot, rootTrust, nTMixedDomain, nETBIOSName, Enabled,msDS-SDReferenceDomain,msDS-Replication-Notify-Subsequent-DSA-Delay,msDS-Replication-Notify-First-DSA-Delay, msDS-NC-Replica-Locations,msDS-DnsRootAlias, msDS-Behavior-Version +systemPossSuperiors: crossRefContainer +schemaIdGuid:bf967a8d-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Cross-Ref-Container +ldapDisplayName: crossRefContainer +governsId: 1.2.840.113556.1.5.7000.53 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: msDS-EnabledFeature, msDS-SPNSuffixes, uPNSuffixes,msDS-UpdateScript, msDS-ExecuteScriptPassword, msDS-Behavior-Version +systemPossSuperiors: configuration +schemaIdGuid:ef9e60e0-56f7-11d1-a9c6-0000f80367c1 +defaultSecurityDescriptor: D:(A;;GA;;;SY) +defaultHidingValue: FALSE +systemOnly: TRUE +defaultObjectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Device +ldapDisplayName: device +governsId: 2.5.6.14 +objectClassCategory: 0 +rdnAttId: cn +subClassOf: top +auxiliaryClass: ipHost, ieee802Device, bootableDevice +systemMustContain: cn +mayContain: msSFU30Name, msSFU30NisDomain, nisMapName, msSFU30Aliases +systemMayContain: serialNumber, seeAlso, owner, ou, o, l +systemPossSuperiors: domainDNS, organizationalUnit, organization,container +schemaIdGuid:bf967a8e-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Device,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Dfs-Configuration +ldapDisplayName: dfsConfiguration +governsId: 1.2.840.113556.1.5.42 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemPossSuperiors: container, domainDNS +schemaIdGuid:8447f9f2-1027-11d0-a05f-00aa006c33ed +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Dfs-Configuration,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: DHCP-Class +ldapDisplayName: dHCPClass +governsId: 1.2.840.113556.1.5.132 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: dhcpUniqueKey, dhcpType, dhcpIdentification,dhcpFlags +systemMayContain: superScopes, superScopeDescription,optionsLocation, optionDescription, networkAddress, mscopeId,dhcpUpdateTime, dhcpSubnets, dhcpState, dhcpSites, dhcpServers,dhcpReservations, dhcpRanges, dhcpProperties, dhcpOptions,dhcpObjName, dhcpObjDescription, dhcpMaxKey, dhcpMask, dhcpClasses +systemPossSuperiors: container +schemaIdGuid:963d2756-48be-11d1-a9c3-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=DHCP-Class,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Display-Specifier +ldapDisplayName: displaySpecifier +governsId: 1.2.840.113556.1.5.84 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: treatAsLeaf, shellPropertyPages, shellContextMenu,scopeFlags, queryFilter, iconPath, extraColumns, creationWizard,createWizardExt, createDialog, contextMenu, classDisplayName,attributeDisplayNames, adminPropertyPages,adminMultiselectPropertyPages, adminContextMenu +systemPossSuperiors: container +schemaIdGuid:e0fa1e8a-9b45-11d0-afdd-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Display-Specifier,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Display-Template +ldapDisplayName: displayTemplate +governsId: 1.2.840.113556.1.3.59 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: cn +systemMayContain: originalDisplayTableMSDOS, originalDisplayTable,helpFileName, helpData32, helpData16, addressEntryDisplayTableMSDOS,addressEntryDisplayTable +systemPossSuperiors: container +schemaIdGuid:5fd4250c-1262-11d0-a060-00aa006c33ed +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Display-Template,CN=Schema,CN=Configuration, + +cn: DMD +ldapDisplayName: dMD +governsId: 1.2.840.113556.1.3.9 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: cn +systemMayContain: msDS-USNLastSyncSuccess, schemaUpdate, schemaInfo,prefixMap, msDs-Schema-Extensions, msDS-IntId, dmdName +systemPossSuperiors: configuration +schemaIdGuid:bf967a8f-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: TRUE +defaultObjectCategory: CN=DMD,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Dns-Node +ldapDisplayName: dnsNode +governsId: 1.2.840.113556.1.5.86 +objectClassCategory: 1 +rdnAttId: dc +subClassOf: top +systemMustContain: dc +systemMayContain: dNSTombstoned, dnsRecord, dNSProperty +systemPossSuperiors: dnsZone +schemaIdGuid:e0fa1e8c-9b45-11d0-afdd-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;WD) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Dns-Node,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Dns-Zone +ldapDisplayName: dnsZone +governsId: 1.2.840.113556.1.5.85 +objectClassCategory: 1 +rdnAttId: dc +subClassOf: top +systemMustContain: dc +systemMayContain: managedBy, dnsSecureSecondaries, dNSProperty,dnsNotifySecondaries, dnsAllowXFR, dnsAllowDynamic +systemPossSuperiors: container +schemaIdGuid:e0fa1e8b-9b45-11d0-afdd-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Dns-Zone,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: document +ldapDisplayName: document +governsId: 0.9.2342.19200300.100.4.6 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mayContain: documentIdentifier, documentPublisher, documentLocation,documentAuthor, documentVersion, documentTitle, ou, o, l, seeAlso,description, cn +possSuperiors: organizationalUnit, container +schemaIdGuid:39bad96d-c2d6-4baf-88ab-7e4207600117 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=document,CN=Schema,CN=Configuration, + +cn: documentSeries +ldapDisplayName: documentSeries +governsId: 0.9.2342.19200300.100.4.9 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mustContain: cn +mayContain: telephoneNumber, ou, o, l, seeAlso, description +possSuperiors: organizationalUnit, container +schemaIdGuid:7a2be07c-302f-4b96-bc90-0795d66885f8 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=documentSeries,CN=Schema,CN=Configuration, + +cn: Domain +ldapDisplayName: domain +governsId: 1.2.840.113556.1.5.66 +objectClassCategory: 2 +rdnAttId: dc +subClassOf: top +systemMustContain: dc +systemPossSuperiors: domain, organization +schemaIdGuid:19195a5a-6da0-11d0-afd3-00c04fd930c9 +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Domain-DNS +ldapDisplayName: domainDNS +governsId: 1.2.840.113556.1.5.67 +objectClassCategory: 1 +rdnAttId: dc +subClassOf: domain +systemAuxiliaryClass: samDomain +systemMayContain: msDS-EnabledFeature, msDS-USNLastSyncSuccess,msDS-Behavior-Version, msDS-AllowedDNSSuffixes, managedBy +systemPossSuperiors: domainDNS +schemaIdGuid:19195a5b-6da0-11d0-afd3-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) +defaultHidingValue: FALSE +systemOnly: FALSE +defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Domain-Policy +ldapDisplayName: domainPolicy +governsId: 1.2.840.113556.1.5.18 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: leaf +systemMayContain: qualityOfService, pwdProperties, pwdHistoryLength,publicKeyPolicy, proxyLifetime, minTicketAge, minPwdLength,minPwdAge, maxTicketAge, maxRenewAge, maxPwdAge, managedBy,lockoutThreshold, lockoutDuration, lockOutObservationWindow,ipsecPolicyReference, forceLogoff, eFSPolicy, domainWidePolicy,domainPolicyReference, domainCAs, defaultLocalPolicyObject,authenticationOptions +systemPossSuperiors: organizationalUnit, domainDNS, container +schemaIdGuid:bf967a99-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Domain-Policy,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: domainRelatedObject +ldapDisplayName: domainRelatedObject +governsId: 0.9.2342.19200300.100.4.17 +objectClassCategory: 3 +rdnAttId: cn +subClassOf: top +mayContain: associatedDomain +schemaIdGuid:8bfd2d3d-efda-4549-852c-f85e137aedc6 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=domainRelatedObject,CN=Schema,CN=Configuration, + +cn: DSA +ldapDisplayName: dSA +governsId: 2.5.6.13 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: applicationEntity +systemMayContain: knowledgeInformation +systemPossSuperiors: server, computer +schemaIdGuid:3fdfee52-47f4-11d1-a9c3-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=DSA,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: DS-UI-Settings +ldapDisplayName: dSUISettings +governsId: 1.2.840.113556.1.5.183 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: msDS-Non-Security-Group-Extra-Classes,msDS-Security-Group-Extra-Classes, msDS-FilterContainers,dSUIShellMaximum, dSUIAdminNotification, dSUIAdminMaximum +systemPossSuperiors: container +schemaIdGuid:09b10f14-6f93-11d2-9905-0000f87a57d4 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=DS-UI-Settings,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Dynamic-Object +ldapDisplayName: dynamicObject +governsId: 1.3.6.1.4.1.1466.101.119.2 +objectClassCategory: 3 +rdnAttId: cn +subClassOf: top +systemMayContain: msDS-Entry-Time-To-Die, entryTTL +schemaIdGuid:66d51249-3355-4c1f-b24e-81f252aca23b +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Dynamic-Object,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: File-Link-Tracking +ldapDisplayName: fileLinkTracking +governsId: 1.2.840.113556.1.5.52 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemPossSuperiors: container +schemaIdGuid:dd712229-10e4-11d0-a05f-00aa006c33ed +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=File-Link-Tracking,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: File-Link-Tracking-Entry +ldapDisplayName: fileLinkTrackingEntry +governsId: 1.2.840.113556.1.5.59 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemPossSuperiors: fileLinkTracking +schemaIdGuid:8e4eb2ed-4712-11d0-a1a0-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=File-Link-Tracking-Entry,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Foreign-Security-Principal +ldapDisplayName: foreignSecurityPrincipal +governsId: 1.2.840.113556.1.5.76 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: objectSid +systemMayContain: foreignIdentifier +systemPossSuperiors: container +schemaIdGuid:89e31c12-8530-11d0-afda-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: friendlyCountry +ldapDisplayName: friendlyCountry +governsId: 0.9.2342.19200300.100.4.18 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: country +mustContain: co +schemaIdGuid:c498f152-dc6b-474a-9f52-7cdba3d7d351 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=friendlyCountry,CN=Schema,CN=Configuration, + +cn: FT-Dfs +ldapDisplayName: fTDfs +governsId: 1.2.840.113556.1.5.43 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: remoteServerName, pKTGuid, pKT +systemMayContain: uNCName, managedBy, keywords +systemPossSuperiors: dfsConfiguration +schemaIdGuid:8447f9f3-1027-11d0-a05f-00aa006c33ed +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=FT-Dfs,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Group +ldapDisplayName: group +governsId: 1.2.840.113556.1.5.8 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +auxiliaryClass: posixGroup +systemAuxiliaryClass: mailRecipient, securityPrincipal +systemMustContain: groupType +mayContain: msSFU30Name, msSFU30NisDomain, msSFU30PosixMember +systemMayContain: msDS-AzApplicationData,msDS-AzLastImportedBizRulePath, msDS-AzBizRuleLanguage,msDS-AzBizRule, msDS-AzGenericData, msDS-AzObjectGuid,primaryGroupToken, operatorCount, nTGroupMembers, nonSecurityMember,msDS-NonMembers, msDS-AzLDAPQuery, member, managedBy,groupMembershipSAM, groupAttributes, mail, desktopProfile,controlAccessRights, adminCount +systemPossSuperiors: msDS-AzScope, msDS-AzApplication,msDS-AzAdminManager, container, builtinDomain, organizationalUnit,domainDNS +schemaIdGuid:bf967a9c-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560) +defaultHidingValue: FALSE +systemOnly: FALSE +defaultObjectCategory: CN=Group,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Group-Of-Names +ldapDisplayName: groupOfNames +governsId: 2.5.6.9 +objectClassCategory: 0 +rdnAttId: cn +subClassOf: top +systemMustContain: member, cn +systemMayContain: seeAlso, owner, ou, o, businessCategory +systemPossSuperiors: organizationalUnit, locality, organization,container +schemaIdGuid:bf967a9d-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Group-Of-Names,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: groupOfUniqueNames +ldapDisplayName: groupOfUniqueNames +governsId: 2.5.6.17 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mustContain: uniqueMember, cn +mayContain: seeAlso, owner, ou, o, description, businessCategory +possSuperiors: domainDNS, organizationalUnit, container +schemaIdGuid:0310a911-93a3-4e21-a7a3-55d85ab2c48b +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=groupOfUniqueNames,CN=Schema,CN=Configuration, + +cn: Group-Policy-Container +ldapDisplayName: groupPolicyContainer +governsId: 1.2.840.113556.1.5.157 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: container +systemMayContain: versionNumber, gPCWQLFilter, gPCUserExtensionNames,gPCMachineExtensionNames, gPCFunctionalityVersion, gPCFileSysPath,flags +schemaIdGuid:f30e3bc2-9ff0-11d1-b603-0000f80367c1 +defaultSecurityDescriptor: D:P(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;EA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;LCRPLORC;;;ED) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Group-Policy-Container,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: IEEE802Device +ldapDisplayName: ieee802Device +governsId: 1.3.6.1.1.1.2.11 +objectClassCategory: 3 +rdnAttId: cn +subClassOf: top +mayContain: cn, macAddress +schemaIdGuid:a699e529-a637-4b7d-a0fb-5dc466a0b8a7 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=IEEE802Device,CN=Schema,CN=Configuration, + +cn: Index-Server-Catalog +ldapDisplayName: indexServerCatalog +governsId: 1.2.840.113556.1.5.130 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: connectionPoint +systemMustContain: creator +systemMayContain: uNCName, queryPoint, indexedScopes, friendlyNames +systemPossSuperiors: organizationalUnit, container +schemaIdGuid:7bfdcb8a-4807-11d1-a9c3-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Index-Server-Catalog,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: inetOrgPerson +ldapDisplayName: inetOrgPerson +governsId: 2.16.840.1.113730.3.2.2 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: user +mayContain: x500uniqueIdentifier, userSMIMECertificate, userPKCS12,userCertificate, uid, secretary, roomNumber, preferredLanguage,photo, pager, o, mobile, manager, mail, labeledURI, jpegPhoto,initials, homePostalAddress, homePhone, givenName, employeeType,employeeNumber, displayName, departmentNumber, carLicense,businessCategory, audio +possSuperiors: domainDNS, organizationalUnit, container +schemaIdGuid:4828cc14-1437-45bc-9b07-ad6f015e5f28 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561) +defaultHidingValue: FALSE +systemOnly: FALSE +defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration, + +cn: Infrastructure-Update +ldapDisplayName: infrastructureUpdate +governsId: 1.2.840.113556.1.5.175 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: dNReferenceUpdate +systemPossSuperiors: infrastructureUpdate, domain +schemaIdGuid:2df90d89-009f-11d2-aa4c-00c04fd7d83a +defaultSecurityDescriptor: D:(A;;GA;;;SY) +defaultHidingValue: TRUE +systemOnly: TRUE +defaultObjectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Intellimirror-Group +ldapDisplayName: intellimirrorGroup +governsId: 1.2.840.113556.1.5.152 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemPossSuperiors: domainDNS, organizationalUnit, container +schemaIdGuid:07383086-91df-11d1-aebc-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;CCDC;;;CO)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Intellimirror-Group,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Intellimirror-SCP +ldapDisplayName: intellimirrorSCP +governsId: 1.2.840.113556.1.5.151 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: serviceAdministrationPoint +systemMayContain: netbootTools, netbootServer, netbootNewMachineOU,netbootNewMachineNamingPolicy, netbootMaxClients,netbootMachineFilePath, netbootLocallyInstalledOSes,netbootLimitClients, netbootIntelliMirrorOSes,netbootCurrentClientCount, netbootAnswerRequests,netbootAnswerOnlyValidClients, netbootAllowNewClients +systemPossSuperiors: computer, intellimirrorGroup +schemaIdGuid:07383085-91df-11d1-aebc-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Intellimirror-SCP,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Inter-Site-Transport +ldapDisplayName: interSiteTransport +governsId: 1.2.840.113556.1.5.141 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: transportDLLName, transportAddressAttribute +systemMayContain: replInterval, options +systemPossSuperiors: interSiteTransportContainer +schemaIdGuid:26d97376-6070-11d1-a9c6-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Inter-Site-Transport,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Inter-Site-Transport-Container +ldapDisplayName: interSiteTransportContainer +governsId: 1.2.840.113556.1.5.140 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemPossSuperiors: sitesContainer +schemaIdGuid:26d97375-6070-11d1-a9c6-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Inter-Site-Transport-Container,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: IpHost +ldapDisplayName: ipHost +governsId: 1.3.6.1.1.1.2.6 +objectClassCategory: 3 +rdnAttId: cn +subClassOf: top +mayContain: manager, cn, description, ipHostNumber, uid, l +schemaIdGuid:ab911646-8827-4f95-8780-5a8f008eb68f +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=IpHost,CN=Schema,CN=Configuration, + +cn: IpNetwork +ldapDisplayName: ipNetwork +governsId: 1.3.6.1.1.1.2.7 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mustContain: cn, ipNetworkNumber +mayContain: manager, description, ipNetmaskNumber, uid, l,msSFU30Name, msSFU30NisDomain, nisMapName, msSFU30Aliases +possSuperiors: domainDNS, nisMap, container, organizationalUnit +schemaIdGuid:d95836c3-143e-43fb-992a-b057f1ecadf9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=IpNetwork,CN=Schema,CN=Configuration, + +cn: IpProtocol +ldapDisplayName: ipProtocol +governsId: 1.3.6.1.1.1.2.4 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mustContain: cn, ipProtocolNumber +mayContain: description, msSFU30Name, msSFU30NisDomain, nisMapName,msSFU30Aliases +possSuperiors: domainDNS, nisMap, container, organizationalUnit +schemaIdGuid:9c2dcbd2-fbf0-4dc7-ace0-8356dcd0f013 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=IpProtocol,CN=Schema,CN=Configuration, + +cn: Ipsec-Base +ldapDisplayName: ipsecBase +governsId: 1.2.840.113556.1.5.7000.56 +objectClassCategory: 2 +rdnAttId: cn +subClassOf: top +systemMayContain: ipsecOwnersReference, ipsecName, ipsecID,ipsecDataType, ipsecData +schemaIdGuid:b40ff825-427a-11d1-a9c2-0000f80367c1 +defaultSecurityDescriptor: D: +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Ipsec-Base,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Ipsec-Filter +ldapDisplayName: ipsecFilter +governsId: 1.2.840.113556.1.5.118 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: ipsecBase +systemPossSuperiors: organizationalUnit, computer, container +schemaIdGuid:b40ff826-427a-11d1-a9c2-0000f80367c1 +defaultSecurityDescriptor: D: +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Ipsec-Filter,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Ipsec-ISAKMP-Policy +ldapDisplayName: ipsecISAKMPPolicy +governsId: 1.2.840.113556.1.5.120 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: ipsecBase +systemPossSuperiors: container, computer, organizationalUnit +schemaIdGuid:b40ff828-427a-11d1-a9c2-0000f80367c1 +defaultSecurityDescriptor: D: +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Ipsec-Negotiation-Policy +ldapDisplayName: ipsecNegotiationPolicy +governsId: 1.2.840.113556.1.5.119 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: ipsecBase +systemMayContain: iPSECNegotiationPolicyType,iPSECNegotiationPolicyAction +systemPossSuperiors: organizationalUnit, computer, container +schemaIdGuid:b40ff827-427a-11d1-a9c2-0000f80367c1 +defaultSecurityDescriptor: D: +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Ipsec-NFA +ldapDisplayName: ipsecNFA +governsId: 1.2.840.113556.1.5.121 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: ipsecBase +systemMayContain: ipsecNegotiationPolicyReference,ipsecFilterReference +systemPossSuperiors: container, computer, organizationalUnit +schemaIdGuid:b40ff829-427a-11d1-a9c2-0000f80367c1 +defaultSecurityDescriptor: D: +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Ipsec-NFA,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Ipsec-Policy +ldapDisplayName: ipsecPolicy +governsId: 1.2.840.113556.1.5.98 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: ipsecBase +systemMayContain: ipsecNFAReference, ipsecISAKMPReference +systemPossSuperiors: organizationalUnit, computer, container +schemaIdGuid:b7b13121-b82e-11d0-afee-0000f80367c1 +defaultSecurityDescriptor: D: +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Ipsec-Policy,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: IpService +ldapDisplayName: ipService +governsId: 1.3.6.1.1.1.2.3 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mustContain: ipServiceProtocol, ipServicePort, cn +mayContain: description, msSFU30Name, msSFU30NisDomain,msSFU30Aliases, nisMapName +possSuperiors: domainDNS, nisMap, container, organizationalUnit +schemaIdGuid:2517fadf-fa97-48ad-9de6-79ac5721f864 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=IpService,CN=Schema,CN=Configuration, + +cn: Leaf +ldapDisplayName: leaf +governsId: 1.2.840.113556.1.5.20 +objectClassCategory: 2 +rdnAttId: cn +subClassOf: top +schemaIdGuid:bf967a9e-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Leaf,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Licensing-Site-Settings +ldapDisplayName: licensingSiteSettings +governsId: 1.2.840.113556.1.5.78 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: applicationSiteSettings +systemMayContain: siteServer +systemPossSuperiors: site +schemaIdGuid:1be8f17d-a9ff-11d0-afe2-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Licensing-Site-Settings,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Link-Track-Object-Move-Table +ldapDisplayName: linkTrackObjectMoveTable +governsId: 1.2.840.113556.1.5.91 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: fileLinkTracking +systemPossSuperiors: fileLinkTracking +schemaIdGuid:ddac0cf5-af8f-11d0-afeb-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Link-Track-Object-Move-Table,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Link-Track-OMT-Entry +ldapDisplayName: linkTrackOMTEntry +governsId: 1.2.840.113556.1.5.93 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: leaf +systemMayContain: timeRefresh, oMTIndxGuid, oMTGuid, currentLocation,birthLocation +systemPossSuperiors: linkTrackObjectMoveTable +schemaIdGuid:ddac0cf7-af8f-11d0-afeb-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Link-Track-OMT-Entry,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Link-Track-Vol-Entry +ldapDisplayName: linkTrackVolEntry +governsId: 1.2.840.113556.1.5.92 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: leaf +systemMayContain: volTableIdxGUID, volTableGUID, timeVolChange,timeRefresh, seqNotification, objectCount, linkTrackSecret,currMachineId +systemPossSuperiors: linkTrackVolumeTable +schemaIdGuid:ddac0cf6-af8f-11d0-afeb-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Link-Track-Vol-Entry,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Link-Track-Volume-Table +ldapDisplayName: linkTrackVolumeTable +governsId: 1.2.840.113556.1.5.90 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: fileLinkTracking +systemPossSuperiors: fileLinkTracking +schemaIdGuid:ddac0cf4-af8f-11d0-afeb-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Link-Track-Volume-Table,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Locality +ldapDisplayName: locality +governsId: 2.5.6.3 +objectClassCategory: 1 +rdnAttId: l +subClassOf: top +systemMustContain: l +systemMayContain: street, st, seeAlso, searchGuide +systemPossSuperiors: domainDNS, country, organizationalUnit,organization, locality +schemaIdGuid:bf967aa0-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: FALSE +systemOnly: FALSE +defaultObjectCategory: CN=Locality,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Lost-And-Found +ldapDisplayName: lostAndFound +governsId: 1.2.840.113556.1.5.139 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: moveTreeState +systemPossSuperiors: configuration, domainDNS, dMD +schemaIdGuid:52ab8671-5709-11d1-a9c6-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Lost-And-Found,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Mail-Recipient +ldapDisplayName: mailRecipient +governsId: 1.2.840.113556.1.3.46 +objectClassCategory: 3 +rdnAttId: cn +subClassOf: top +systemMustContain: cn +mayContain: msDS-PhoneticDisplayName, userSMIMECertificate,secretary, msExchLabeledURI, msExchAssistantName, labeledURI +systemMayContain: userCertificate, userCert, textEncodedORAddress,telephoneNumber, showInAddressBook, legacyExchangeDN,garbageCollPeriod, info +systemPossSuperiors: container +schemaIdGuid:bf967aa1-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Mail-Recipient,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Meeting +ldapDisplayName: meeting +governsId: 1.2.840.113556.1.5.104 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: meetingName +systemMayContain: meetingURL, meetingType, meetingStartTime,meetingScope, meetingRecurrence, meetingRating, meetingProtocol,meetingOwner, meetingOriginator, meetingMaxParticipants,meetingLocation, meetingLanguage, meetingKeyword,meetingIsEncrypted, meetingIP, meetingID, meetingEndTime,meetingDescription, meetingContactInfo, meetingBlob,meetingBandwidth, meetingApplication, meetingAdvertiseScope +systemPossSuperiors: container +schemaIdGuid:11b6cc94-48c4-11d1-a9c3-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Meeting,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-COM-Partition +ldapDisplayName: msCOM-Partition +governsId: 1.2.840.113556.1.5.193 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: msCOM-ObjectId +systemPossSuperiors: domainDNS, organizationalUnit, container +schemaIdGuid:c9010e74-4e58-49f7-8a89-5e3e2340fcf8 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-COM-Partition,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-COM-PartitionSet +ldapDisplayName: msCOM-PartitionSet +governsId: 1.2.840.113556.1.5.194 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: msCOM-PartitionLink, msCOM-DefaultPartitionLink,msCOM-ObjectId +systemPossSuperiors: domainDNS, organizationalUnit, container +schemaIdGuid:250464ab-c417-497a-975a-9e0d459a7ca1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-COM-PartitionSet,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DFS-Deleted-Link-v2 +ldapDisplayName: msDFS-DeletedLinkv2 +governsId: 1.2.840.113556.1.5.260 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: msDFS-NamespaceIdentityGUIDv2,msDFS-LinkIdentityGUIDv2, msDFS-LastModifiedv2, msDFS-LinkPathv2 +systemMayContain: msDFS-Commentv2, msDFS-ShortNameLinkPathv2 +systemPossSuperiors: msDFS-Namespacev2 +schemaIdGuid: 25173408-04ca-40e8-865e-3f9ce9bf1bd3 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DFS-Deleted-Link-v2, CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DFS-Link-v2 +ldapDisplayName: msDFS-Linkv2 +governsId: 1.2.840.113556.1.5.259 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: msDFS-GenerationGUIDv2,msDFS-NamespaceIdentityGUIDv2, msDFS-LinkIdentityGUIDv2,msDFS-LastModifiedv2, msDFS-Ttlv2, msDFS-TargetListv2,msDFS-Propertiesv2, msDFS-LinkPathv2 +systemMayContain: msDFS-Commentv2, msDFS-LinkSecurityDescriptorv2,msDFS-ShortNameLinkPathv2 +systemPossSuperiors: msDFS-Namespacev2 +schemaIdGuid: 7769fb7a-1159-4e96-9ccd-68bc487073eb +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DFS-Link-v2, CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DFS-Namespace-Anchor +ldapDisplayName: msDFS-NamespaceAnchor +governsId: 1.2.840.113556.1.5.257 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: msDFS-SchemaMajorVersion +systemPossSuperiors: dfsConfiguration +schemaIdGuid: da73a085-6e64-4d61-b064-015d04164795 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DFS-Namespace-Anchor, CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DFS-Namespace-v2 +ldapDisplayName: msDFS-Namespacev2 +governsId: 1.2.840.113556.1.5.258 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: msDFS-SchemaMajorVersion,msDFS-SchemaMinorVersion, msDFS-GenerationGUIDv2,msDFS-NamespaceIdentityGUIDv2, msDFS-LastModifiedv2, msDFS-Ttlv2,msDFS-TargetListv2, msDFS-Propertiesv2 +systemMayContain: msDFS-Commentv2 +systemPossSuperiors: msDFS-NamespaceAnchor +schemaIdGuid: 21cb8628-f3c3-4bbf-bff6-060b2d8f299a +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DFS-Namespace-v2, CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DFSR-Connection +ldapDisplayName: msDFSR-Connection +governsId: 1.2.840.113556.1.6.13.4.10 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mustContain: fromServer +mayContain: msDFSR-Options2, msDFSR-DisablePacketPrivacy,msDFSR-Priority, msDFSR-Enabled, msDFSR-RdcEnabled,msDFSR-RdcMinFileSizeInKb, msDFSR-Keywords, msDFSR-Schedule,msDFSR-Flags, msDFSR-Options, msDFSR-Extension +possSuperiors: msDFSR-Member +schemaIdGuid:e58f972e-64b5-46ef-8d8b-bbc3e1897eab +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration, + +cn: ms-DFSR-Content +ldapDisplayName: msDFSR-Content +governsId: 1.2.840.113556.1.6.13.4.6 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mayContain: msDFSR-Options2, msDFSR-Flags, msDFSR-Options,msDFSR-Extension +possSuperiors: msDFSR-ReplicationGroup +schemaIdGuid:64759b35-d3a1-42e4-b5f1-a3de162109b3 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DFSR-Content,CN=Schema,CN=Configuration, + +cn: ms-DFSR-ContentSet +ldapDisplayName: msDFSR-ContentSet +governsId: 1.2.840.113556.1.6.13.4.7 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mayContain: msDFSR-Options2, msDFSR-OnDemandExclusionDirectoryFilter,msDFSR-OnDemandExclusionFileFilter,msDFSR-DefaultCompressionExclusionFilter, msDFSR-DeletedSizeInMb,msDFSR-Priority, msDFSR-ConflictSizeInMb, msDFSR-StagingSizeInMb,msDFSR-RootSizeInMb, description, msDFSR-DfsPath, msDFSR-FileFilter,msDFSR-DirectoryFilter, msDFSR-Flags, msDFSR-Options,msDFSR-Extension +possSuperiors: msDFSR-Content +schemaIdGuid:4937f40d-a6dc-4d48-97ca-06e5fbfd3f16 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration, + +cn: ms-DFSR-GlobalSettings +ldapDisplayName: msDFSR-GlobalSettings +governsId: 1.2.840.113556.1.6.13.4.4 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mayContain: msDFSR-Options2, msDFSR-Flags, msDFSR-Options,msDFSR-Extension +possSuperiors: container +schemaIdGuid:7b35dbad-b3ec-486a-aad4-2fec9d6ea6f6 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration, + +cn: ms-DFSR-LocalSettings +ldapDisplayName: msDFSR-LocalSettings +governsId: 1.2.840.113556.1.6.13.4.1 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mayContain: msDFSR-StagingCleanupTriggerInPercent,msDFSR-CommonStagingSizeInMb, msDFSR-CommonStagingPath,msDFSR-Options2, msDFSR-Version, msDFSR-Flags, msDFSR-Options,msDFSR-Extension +possSuperiors: computer +schemaIdGuid:fa85c591-197f-477e-83bd-ea5a43df2239 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration, + +cn: ms-DFSR-Member +ldapDisplayName: msDFSR-Member +governsId: 1.2.840.113556.1.6.13.4.9 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mustContain: msDFSR-ComputerReference +mayContain: msDFSR-Options2, serverReference, msDFSR-Keywords,msDFSR-Flags, msDFSR-Options, msDFSR-Extension +possSuperiors: msDFSR-Topology +schemaIdGuid:4229c897-c211-437c-a5ae-dbf705b696e5 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DFSR-Member,CN=Schema,CN=Configuration, + +cn: ms-DFSR-ReplicationGroup +ldapDisplayName: msDFSR-ReplicationGroup +governsId: 1.2.840.113556.1.6.13.4.5 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mustContain: msDFSR-ReplicationGroupType +mayContain: msDFSR-Options2, msDFSR-OnDemandExclusionDirectoryFilter,msDFSR-OnDemandExclusionFileFilter,msDFSR-DefaultCompressionExclusionFilter, msDFSR-DeletedSizeInMb,msDFSR-DirectoryFilter, msDFSR-FileFilter, msDFSR-ConflictSizeInMb,msDFSR-StagingSizeInMb, msDFSR-RootSizeInMb, description,msDFSR-TombstoneExpiryInMin, msDFSR-Flags, msDFSR-Options,msDFSR-Extension, msDFSR-Schedule, msDFSR-Version +possSuperiors: msDFSR-GlobalSettings +schemaIdGuid:1c332fe0-0c2a-4f32-afca-23c5e45a9e77 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration, + +cn: ms-DFSR-Subscriber +ldapDisplayName: msDFSR-Subscriber +governsId: 1.2.840.113556.1.6.13.4.2 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mustContain: msDFSR-MemberReference, msDFSR-ReplicationGroupGuid +mayContain: msDFSR-Options2, msDFSR-Flags, msDFSR-Options,msDFSR-Extension +possSuperiors: msDFSR-LocalSettings +schemaIdGuid:e11505d7-92c4-43e7-bf5c-295832ffc896 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration, + +cn: ms-DFSR-Subscription +ldapDisplayName: msDFSR-Subscription +governsId: 1.2.840.113556.1.6.13.4.3 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mustContain: msDFSR-ContentSetGuid, msDFSR-ReplicationGroupGuid +mayContain: msDFSR-StagingCleanupTriggerInPercent, msDFSR-Options2,msDFSR-OnDemandExclusionDirectoryFilter,msDFSR-OnDemandExclusionFileFilter, msDFSR-MaxAgeInCacheInMin,msDFSR-MinDurationCacheInMin, msDFSR-CachePolicy, msDFSR-ReadOnly,msDFSR-DeletedSizeInMb, msDFSR-DeletedPath, msDFSR-RootPath,msDFSR-RootSizeInMb, msDFSR-StagingPath, msDFSR-StagingSizeInMb,msDFSR-ConflictPath, msDFSR-ConflictSizeInMb, msDFSR-Enabled,msDFSR-RootFence, msDFSR-DfsLinkTarget, msDFSR-Flags,msDFSR-Options, msDFSR-Extension +possSuperiors: msDFSR-Subscriber +schemaIdGuid:67212414-7bcc-4609-87e0-088dad8abdee +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration, + +cn: ms-DFSR-Topology +ldapDisplayName: msDFSR-Topology +governsId: 1.2.840.113556.1.6.13.4.8 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mayContain: msDFSR-Options2, msDFSR-Flags, msDFSR-Options,msDFSR-Extension +possSuperiors: msDFSR-ReplicationGroup +schemaIdGuid:04828aa9-6e42-4e80-b962-e2fe00754d17 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration, + +cn: ms-DS-App-Configuration +ldapDisplayName: msDS-App-Configuration +governsId: 1.2.840.113556.1.5.220 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: applicationSettings +mayContain: owner, msDS-ObjectReference, msDS-Integer, msDS-DateTime,msDS-ByteArray, managedBy, keywords +possSuperiors: organizationalUnit, computer, container +schemaIdGuid:90df3c3e-1854-4455-a5d7-cad40d56657a +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration, + +cn: ms-DS-App-Data +ldapDisplayName: msDS-AppData +governsId: 1.2.840.113556.1.5.241 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: applicationSettings +mayContain: owner, msDS-ObjectReference, msDS-Integer, msDS-DateTime,msDS-ByteArray, managedBy, keywords +possSuperiors: organizationalUnit, computer, container +schemaIdGuid:9e67d761-e327-4d55-bc95-682f875e2f8e +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DS-App-Data,CN=Schema,CN=Configuration, + +cn: ms-DS-Az-Admin-Manager +ldapDisplayName: msDS-AzAdminManager +governsId: 1.2.840.113556.1.5.234 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzMinorVersion, msDS-AzMajorVersion, msDS-AzApplicationData,msDS-AzGenerateAudits, msDS-AzScriptTimeout,msDS-AzScriptEngineCacheMax, msDS-AzDomainTimeout, description +systemPossSuperiors: domainDNS, organizationalUnit, container +schemaIdGuid:cfee1051-5f28-4bae-a863-5d0cc18a8ed1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Application +ldapDisplayName: msDS-AzApplication +governsId: 1.2.840.113556.1.5.235 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, msDS-AzGenerateAudits,msDS-AzApplicationVersion, msDS-AzClassId, msDS-AzApplicationName,description +systemPossSuperiors: msDS-AzAdminManager +schemaIdGuid:ddf8de9b-cba5-4e12-842e-28d8b66f75ec +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Operation +ldapDisplayName: msDS-AzOperation +governsId: 1.2.840.113556.1.5.236 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: msDS-AzOperationID +systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, description +systemPossSuperiors: container, msDS-AzApplication +schemaIdGuid:860abe37-9a9b-4fa4-b3d2-b8ace5df9ec5 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Role +ldapDisplayName: msDS-AzRole +governsId: 1.2.840.113556.1.5.239 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, msDS-TasksForAzRole,msDS-OperationsForAzRole, msDS-MembersForAzRole, description +systemPossSuperiors: container, msDS-AzScope, msDS-AzApplication +schemaIdGuid:8213eac9-9d55-44dc-925c-e9a52b927644 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Scope +ldapDisplayName: msDS-AzScope +governsId: 1.2.840.113556.1.5.237 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: msDS-AzScopeName +systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, description +systemPossSuperiors: msDS-AzApplication +schemaIdGuid:4feae054-ce55-47bb-860e-5b12063a51de +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Az-Task +ldapDisplayName: msDS-AzTask +governsId: 1.2.840.113556.1.5.238 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-TasksForAzTask, msDS-OperationsForAzTask,msDS-AzApplicationData, msDS-AzTaskIsRoleDefinition,msDS-AzLastImportedBizRulePath, msDS-AzBizRuleLanguage,msDS-AzBizRule, description +systemPossSuperiors: container, msDS-AzScope, msDS-AzApplication +schemaIdGuid:1ed3a473-9b1b-418a-bfa0-3a37b95a5306 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Managed-Service-Account +ldapDisplayName: msDS-ManagedServiceAccount +governsId: 1.2.840.113556.1.5.264 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: computer +systemPossSuperiors: domainDNS,organizationalUnit,container +schemaIdGuid: ce206244-5827-4a86-ba1c-1c0c386c1b64 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;;ED) +defaultHidingValue: FALSE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Optional-Feature +ldapDisplayName: msDS-Optional-Feature +governsId: 1.2.840.113556.1.5.265 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: msDS-OptionalFeatureFlags,msDS-OptionalFeatureGuid +systemMayContain: msDS-RequiredDomainBehaviorVersion,msDS-RequiredForestBehaviorVersion +systemPossSuperiors: container +schemaIdGuid: 44f00041-35af-468b-b20a-6ce8737c580b +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: TRUE +defaultObjectCategory: CN=ms-DS-Optional-Feature,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Password-Settings +ldapDisplayName: msDS-PasswordSettings +governsId: 1.2.840.113556.1.5.255 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: msDS-MaximumPasswordAge, msDS-MinimumPasswordAge,msDS-MinimumPasswordLength, msDS-PasswordComplexityEnabled,msDS-LockoutObservationWindow, msDS-LockoutDuration,msDS-LockoutThreshold, msDS-PasswordReversibleEncryptionEnabled,msDS-PasswordSettingsPrecedence, msDS-PasswordHistoryLength +systemMayContain: msDS-PSOAppliesTo +systemPossSuperiors: msDS-PasswordSettingsContainer +schemaIdGuid: 3bcd9db8-f84b-451c-952f-6c52b81f9ec6 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) +systemOnly: FALSE +defaultObjectCategory: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Password-Settings-Container +ldapDisplayName: msDS-PasswordSettingsContainer +governsId: 1.2.840.113556.1.5.256 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemPossSuperiors: container +schemaIdGuid: 5b06b06a-4cf3-44c0-bd16-43bc10a987da +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) +systemOnly: FALSE +defaultObjectCategory: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Quota-Container +ldapDisplayName: msDS-QuotaContainer +governsId: 1.2.840.113556.1.5.242 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: cn +systemMayContain: msDS-TopQuotaUsage, msDS-QuotaUsed,msDS-QuotaEffective, msDS-TombstoneQuotaFactor, msDS-DefaultQuota +systemPossSuperiors: configuration, domainDNS +schemaIdGuid:da83fc4f-076f-4aea-b4dc-8f4dab9b5993 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)(OA;;CR;4ecc03fe-ffc0-4947-b630-eb672a8a9dbc;;WD) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-DS-Quota-Control +ldapDisplayName: msDS-QuotaControl +governsId: 1.2.840.113556.1.5.243 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: msDS-QuotaAmount, msDS-QuotaTrustee, cn +systemPossSuperiors: msDS-QuotaContainer +schemaIdGuid:de91fc26-bd02-4b52-ae26-795999e96fc7 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-DS-Quota-Control,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-Exch-Configuration-Container +ldapDisplayName: msExchConfigurationContainer +governsId: 1.2.840.113556.1.5.176 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: container +systemMayContain: templateRoots, addressBookRoots, globalAddressList,templateRoots2, addressBookRoots2, globalAddressList2 +schemaIdGuid:d03d6858-06f4-11d2-aa53-00c04fd7d83a +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-Exch-Configuration-Container,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-FVE-RecoveryInformation +ldapDisplayName: msFVE-RecoveryInformation +governsId: 1.2.840.113556.1.5.253 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: msFVE-RecoveryPassword, msFVE-RecoveryGuid +mayContain: msFVE-KeyPackage, msFVE-VolumeGuid +systemPossSuperiors: computer +schemaIdGuid:ea715d30-8f53-40d0-bd1e-6109186d782c +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-ieee-80211-Policy +ldapDisplayName: msieee80211-Policy +governsId: 1.2.840.113556.1.5.240 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: msieee80211-ID, msieee80211-DataType,msieee80211-Data +systemPossSuperiors: organizationalUnit, container, computer +schemaIdGuid:7b9a2d92-b7eb-4382-9772-c3e0f9baaf94 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-ieee-80211-Policy,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-Imaging-PostScanProcess +ldapDisplayName: msImaging-PostScanProcess +governsId: 1.2.840.113556.1.5.263 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: msImaging-PSPString, serverName +systemMustContain: displayName, msImaging-PSPIdentifier +systemPossSuperiors: msImaging-PSPs +schemaIdGuid: 1f7c257c-b8a3-4525-82f8-11ccc7bee36e +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-Imaging-PostScanProcess,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-Imaging-PSPs +ldapDisplayName: msImaging-PSPs +governsId: 1.2.840.113556.1.5.262 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: container +systemPossSuperiors: container +schemaIdGuid: a0ed2ac1-970c-4777-848e-ec63a0ec44fc +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-Imaging-PSPs,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Configuration +ldapDisplayName: mSMQConfiguration +governsId: 1.2.840.113556.1.5.162 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: mSMQSites, mSMQSignKey, mSMQServiceType,mSMQRoutingServices, mSMQQuota, mSMQOwnerID, mSMQOutRoutingServers,mSMQOSType, mSMQJournalQuota, mSMQInRoutingServers, mSMQForeign,mSMQEncryptKey, mSMQDsServices, mSMQDependentClientServices,mSMQComputerTypeEx, mSMQComputerType +systemPossSuperiors: computer +schemaIdGuid:9a0dc344-c100-11d1-bbc5-0080c76670c0 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=MSMQ-Configuration,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Custom-Recipient +ldapDisplayName: msMQ-Custom-Recipient +governsId: 1.2.840.113556.1.5.218 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: msMQ-Recipient-FormatName +systemPossSuperiors: organizationalUnit, domainDNS, container +schemaIdGuid:876d6817-35cc-436c-acea-5ef7174dd9be +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: FALSE +systemOnly: FALSE +defaultObjectCategory: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Enterprise-Settings +ldapDisplayName: mSMQEnterpriseSettings +governsId: 1.2.840.113556.1.5.163 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: mSMQVersion, mSMQNameStyle, mSMQLongLived,mSMQInterval2, mSMQInterval1, mSMQCSPName +systemPossSuperiors: container +schemaIdGuid:9a0dc345-c100-11d1-bbc5-0080c76670c0 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Group +ldapDisplayName: msMQ-Group +governsId: 1.2.840.113556.1.5.219 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: member +systemPossSuperiors: organizationalUnit +schemaIdGuid:46b27aac-aafa-4ffb-b773-e5bf621ee87b +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=MSMQ-Group,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Migrated-User +ldapDisplayName: mSMQMigratedUser +governsId: 1.2.840.113556.1.5.179 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: mSMQUserSid, mSMQSignCertificatesMig,mSMQSignCertificates, mSMQDigestsMig, mSMQDigests, objectSid +systemPossSuperiors: organizationalUnit, domainDNS, builtinDomain +schemaIdGuid:50776997-3c3d-11d2-90cc-00c04fd91ab1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Queue +ldapDisplayName: mSMQQueue +governsId: 1.2.840.113556.1.5.161 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: mSMQTransactional, MSMQ-SecuredSource,mSMQQueueType, mSMQQueueQuota, mSMQQueueNameExt,mSMQQueueJournalQuota, mSMQPrivacyLevel, mSMQOwnerID,MSMQ-MulticastAddress, mSMQLabelEx, mSMQLabel, mSMQJournal,mSMQBasePriority, mSMQAuthenticate +systemPossSuperiors: mSMQConfiguration +schemaIdGuid:9a0dc343-c100-11d1-bbc5-0080c76670c0 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: FALSE +systemOnly: FALSE +defaultObjectCategory: CN=MSMQ-Queue,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Settings +ldapDisplayName: mSMQSettings +governsId: 1.2.840.113556.1.5.165 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: mSMQSiteNameEx, mSMQSiteName, mSMQServices,mSMQRoutingService, mSMQQMID, mSMQOwnerID, mSMQNt4Flags,mSMQMigrated, mSMQDsService, mSMQDependentClientService +systemPossSuperiors: server +schemaIdGuid:9a0dc347-c100-11d1-bbc5-0080c76670c0 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=MSMQ-Settings,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MSMQ-Site-Link +ldapDisplayName: mSMQSiteLink +governsId: 1.2.840.113556.1.5.164 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: mSMQSite2, mSMQSite1, mSMQCost +systemMayContain: mSMQSiteGatesMig, mSMQSiteGates +systemPossSuperiors: mSMQEnterpriseSettings +schemaIdGuid:9a0dc346-c100-11d1-bbc5-0080c76670c0 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: FALSE +systemOnly: FALSE +defaultObjectCategory: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-net-ieee-80211-GroupPolicy +lDAPDisplayName: ms-net-ieee-80211-GroupPolicy +governsID: 1.2.840.113556.1.5.251 +objectClassCategory: 1 +rDNAttID: cn +subClassOf: top +systemMayContain: ms-net-ieee-80211-GP-PolicyReserved,ms-net-ieee-80211-GP-PolicyData, ms-net-ieee-80211-GP-PolicyGUID +systemPossSuperiors: computer, container, person +schemaIDGUID: 1cb81863-b822-4379-9ea2-5ff7bdc6386d +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-net-ieee-80211-GroupPolicy,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-net-ieee-8023-GroupPolicy +lDAPDisplayName: ms-net-ieee-8023-GroupPolicy +governsID: 1.2.840.113556.1.5.252 +objectClassCategory: 1 +rDNAttID: cn +subClassOf: top +systemMayContain: ms-net-ieee-8023-GP-PolicyReserved,ms-net-ieee-8023-GP-PolicyData, ms-net-ieee-8023-GP-PolicyGUID +systemPossSuperiors: computer, container, person +schemaIDGUID: 99a03a6a-ab19-4446-9350-0cb878ed2d9b +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-net-ieee-8023-GroupPolicy,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-Enterprise-Oid +ldapDisplayName: msPKI-Enterprise-Oid +governsId: 1.2.840.113556.1.5.196 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: msDS-OIDToGroupLink, msPKI-OID-User-Notice,msPKI-OIDLocalizedName, msPKI-OID-CPS, msPKI-OID-Attribute,msPKI-Cert-Template-OID +systemPossSuperiors: msPKI-Enterprise-Oid, container +schemaIdGuid:37cfd85c-6719-4ad8-8f9e-8678ba627563 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-Key-Recovery-Agent +ldapDisplayName: msPKI-Key-Recovery-Agent +governsId: 1.2.840.113556.1.5.195 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: user +systemPossSuperiors: container +schemaIdGuid:26ccf238-a08e-4b86-9a82-a8c9ac7ee5cb +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-PKI-Key-Recovery-Agent,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-PKI-Private-Key-Recovery-Agent +ldapDisplayName: msPKI-PrivateKeyRecoveryAgent +governsId: 1.2.840.113556.1.5.223 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: userCertificate +systemPossSuperiors: container +schemaIdGuid:1562a632-44b9-4a7e-a2d3-e426c96a3acc +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-PKI-Private-Key-Recovery-Agent,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-Print-ConnectionPolicy +ldapDisplayName: msPrint-ConnectionPolicy +governsId: 1.2.840.113556.1.6.23.2 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mustContain: cn +mayContain: printerName, printAttributes, serverName, uNCName +possSuperiors: container +schemaIdGuid:a16f33c7-7fd6-4828-9364-435138fda08d +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-Print-ConnectionPolicy,CN=Schema,CN=Configuration, + +cn: msSFU-30-Domain-Info +ldapDisplayName: msSFU30DomainInfo +governsId: 1.2.840.113556.1.6.18.2.215 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mayContain: msSFU30Domains, msSFU30YpServers, msSFU30SearchContainer,msSFU30IsValidContainer, msSFU30MasterServerName,msSFU30OrderNumber, msSFU30MaxGidNumber, msSFU30MaxUidNumber,msSFU30CryptMethod +possSuperiors: container +schemaIdGuid:36297dce-656b-4423-ab65-dabb2770819e +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=msSFU-30-Domain-Info,CN=Schema,CN=Configuration, + +cn: msSFU-30-Mail-Aliases +ldapDisplayName: msSFU30MailAliases +governsId: 1.2.840.113556.1.6.18.2.211 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mayContain: msSFU30Name, msSFU30NisDomain, msSFU30Aliases, nisMapName +possSuperiors: domainDNS, nisMap, container +schemaIdGuid:d6710785-86ff-44b7-85b5-f1f8689522ce +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration, + +cn: msSFU-30-Net-Id +ldapDisplayName: msSFU30NetId +governsId: 1.2.840.113556.1.6.18.2.212 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mayContain: msSFU30KeyValues, msSFU30Name, msSFU30NisDomain,nisMapName +possSuperiors: domainDNS, nisMap, container +schemaIdGuid:e263192c-2a02-48df-9792-94f2328781a0 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration, + +cn: msSFU-30-Network-User +ldapDisplayName: msSFU30NetworkUser +governsId: 1.2.840.113556.1.6.18.2.216 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mayContain: msSFU30KeyValues, msSFU30Name, msSFU30NisDomain,nisMapName +possSuperiors: domainDNS, nisMap, container +schemaIdGuid:e15334a3-0bf0-4427-b672-11f5d84acc92 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration, + +cn: msSFU-30-NIS-Map-Config +ldapDisplayName: msSFU30NISMapConfig +governsId: 1.2.840.113556.1.6.18.2.217 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mayContain: msSFU30KeyAttributes, msSFU30FieldSeparator,msSFU30NSMAPFieldPosition, msSFU30IntraFieldSeparator,msSFU30SearchAttributes, msSFU30ResultAttributes, msSFU30MapFilter +possSuperiors: container +schemaIdGuid:faf733d0-f8eb-4dcf-8d75-f1753af6a50b +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=msSFU-30-NIS-Map-Config,CN=Schema,CN=Configuration, + +cn: MS-SQL-OLAPCube +ldapDisplayName: mS-SQL-OLAPCube +governsId: 1.2.840.113556.1.5.190 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: mS-SQL-Keywords, mS-SQL-PublicationURL,mS-SQL-InformationURL, mS-SQL-Status, mS-SQL-LastUpdatedDate,mS-SQL-Size, mS-SQL-Description, mS-SQL-Contact, mS-SQL-Name +systemPossSuperiors: mS-SQL-OLAPDatabase +schemaIdGuid:09f0506a-cd28-11d2-9993-0000f87a57d4 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=MS-SQL-OLAPCube,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-OLAPDatabase +ldapDisplayName: mS-SQL-OLAPDatabase +governsId: 1.2.840.113556.1.5.189 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: mS-SQL-Keywords, mS-SQL-PublicationURL,mS-SQL-ConnectionURL, mS-SQL-InformationURL, mS-SQL-Status,mS-SQL-Applications, mS-SQL-LastBackupDate, mS-SQL-LastUpdatedDate,mS-SQL-Size, mS-SQL-Type, mS-SQL-Description, mS-SQL-Contact,mS-SQL-Name +systemPossSuperiors: mS-SQL-OLAPServer +schemaIdGuid:20af031a-ccef-11d2-9993-0000f87a57d4 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=MS-SQL-OLAPDatabase,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-OLAPServer +ldapDisplayName: mS-SQL-OLAPServer +governsId: 1.2.840.113556.1.5.185 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: serviceConnectionPoint +systemMayContain: mS-SQL-Keywords, mS-SQL-PublicationURL,mS-SQL-InformationURL, mS-SQL-Status, mS-SQL-Language,mS-SQL-ServiceAccount, mS-SQL-Contact, mS-SQL-RegisteredOwner,mS-SQL-Build, mS-SQL-Version, mS-SQL-Name +systemPossSuperiors: serviceConnectionPoint +schemaIdGuid:0c7e18ea-ccef-11d2-9993-0000f87a57d4 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=MS-SQL-OLAPServer,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-SQLDatabase +ldapDisplayName: mS-SQL-SQLDatabase +governsId: 1.2.840.113556.1.5.188 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: mS-SQL-Keywords, mS-SQL-InformationURL,mS-SQL-Status, mS-SQL-Applications, mS-SQL-LastDiagnosticDate,mS-SQL-LastBackupDate, mS-SQL-CreationDate, mS-SQL-Size,mS-SQL-Contact, mS-SQL-Alias, mS-SQL-Description, mS-SQL-Name +systemPossSuperiors: mS-SQL-SQLServer +schemaIdGuid:1d08694a-ccef-11d2-9993-0000f87a57d4 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=MS-SQL-SQLDatabase,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-SQLPublication +ldapDisplayName: mS-SQL-SQLPublication +governsId: 1.2.840.113556.1.5.187 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: mS-SQL-ThirdParty,mS-SQL-AllowSnapshotFilesFTPDownloading,mS-SQL-AllowQueuedUpdatingSubscription,mS-SQL-AllowImmediateUpdatingSubscription,mS-SQL-AllowKnownPullSubscription, mS-SQL-Publisher,mS-SQL-AllowAnonymousSubscription, mS-SQL-Database, mS-SQL-Type,mS-SQL-Status, mS-SQL-Description, mS-SQL-Name +systemPossSuperiors: mS-SQL-SQLServer +schemaIdGuid:17c2f64e-ccef-11d2-9993-0000f87a57d4 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=MS-SQL-SQLPublication,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-SQLRepository +ldapDisplayName: mS-SQL-SQLRepository +governsId: 1.2.840.113556.1.5.186 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: mS-SQL-InformationDirectory, mS-SQL-Version,mS-SQL-Description, mS-SQL-Status, mS-SQL-Build, mS-SQL-Contact,mS-SQL-Name +systemPossSuperiors: mS-SQL-SQLServer +schemaIdGuid:11d43c5c-ccef-11d2-9993-0000f87a57d4 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=MS-SQL-SQLRepository,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: MS-SQL-SQLServer +ldapDisplayName: mS-SQL-SQLServer +governsId: 1.2.840.113556.1.5.184 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: serviceConnectionPoint +systemMayContain: mS-SQL-Keywords, mS-SQL-GPSHeight,mS-SQL-GPSLongitude, mS-SQL-GPSLatitude, mS-SQL-InformationURL,mS-SQL-LastUpdatedDate, mS-SQL-Status, mS-SQL-Vines,mS-SQL-AppleTalk, mS-SQL-TCPIP, mS-SQL-SPX, mS-SQL-MultiProtocol,mS-SQL-NamedPipe, mS-SQL-Clustered, mS-SQL-UnicodeSortOrder,mS-SQL-SortOrder, mS-SQL-CharacterSet, mS-SQL-ServiceAccount,mS-SQL-Build, mS-SQL-Memory, mS-SQL-Location, mS-SQL-Contact,mS-SQL-RegisteredOwner, mS-SQL-Name +systemPossSuperiors: serviceConnectionPoint +schemaIdGuid:05f6c878-ccef-11d2-9993-0000f87a57d4 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=MS-SQL-SQLServer,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TAPI-Rt-Conference +ldapDisplayName: msTAPI-RtConference +governsId: 1.2.840.113556.1.5.221 +objectClassCategory: 1 +rdnAttId: msTAPI-uid +subClassOf: top +systemMustContain: msTAPI-uid +systemMayContain: msTAPI-ConferenceBlob, msTAPI-ProtocolId +systemPossSuperiors: organizationalUnit +schemaIdGuid:ca7b9735-4b2a-4e49-89c3-99025334dc94 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-TAPI-Rt-Person +ldapDisplayName: msTAPI-RtPerson +governsId: 1.2.840.113556.1.5.222 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: msTAPI-uid, msTAPI-IpAddress +systemPossSuperiors: organization, organizationalUnit +schemaIdGuid:53ea1cb5-b704-4df9-818f-5cb4ec86cac1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-IntRangeParam +ldapDisplayName: msWMI-IntRangeParam +governsId: 1.2.840.113556.1.5.205 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: msWMI-RangeParam +systemMustContain: msWMI-IntDefault +systemMayContain: msWMI-IntMax, msWMI-IntMin +systemPossSuperiors: msWMI-MergeablePolicyTemplate +schemaIdGuid:50ca5d7d-5c8b-4ef3-b9df-5b66d491e526 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-WMI-IntRangeParam,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-IntSetParam +ldapDisplayName: msWMI-IntSetParam +governsId: 1.2.840.113556.1.5.206 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: msWMI-RangeParam +systemMustContain: msWMI-IntDefault +systemMayContain: msWMI-IntValidValues +systemPossSuperiors: msWMI-MergeablePolicyTemplate +schemaIdGuid:292f0d9a-cf76-42b0-841f-b650f331df62 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-WMI-IntSetParam,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-MergeablePolicyTemplate +ldapDisplayName: msWMI-MergeablePolicyTemplate +governsId: 1.2.840.113556.1.5.202 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: msWMI-PolicyTemplate +systemPossSuperiors: container +schemaIdGuid:07502414-fdca-4851-b04a-13645b11d226 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-ObjectEncoding +ldapDisplayName: msWMI-ObjectEncoding +governsId: 1.2.840.113556.1.5.217 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: msWMI-Class, msWMI-ScopeGuid, msWMI-Parm1,msWMI-Parm2, msWMI-Parm3, msWMI-Parm4, msWMI-Genus, msWMI-intFlags1,msWMI-intFlags2, msWMI-intFlags3, msWMI-intFlags4, msWMI-ID,msWMI-TargetObject +systemPossSuperiors: container +schemaIdGuid:55dd81c9-c312-41f9-a84d-c6adbdf1e8e1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-WMI-ObjectEncoding,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-PolicyTemplate +ldapDisplayName: msWMI-PolicyTemplate +governsId: 1.2.840.113556.1.5.200 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: msWMI-NormalizedClass, msWMI-TargetPath,msWMI-TargetClass, msWMI-TargetNameSpace, msWMI-Name, msWMI-ID +systemMayContain: msWMI-TargetType, msWMI-SourceOrganization,msWMI-Parm4, msWMI-Parm3, msWMI-Parm2, msWMI-Parm1, msWMI-intFlags4,msWMI-intFlags3, msWMI-intFlags2, msWMI-intFlags1,msWMI-CreationDate, msWMI-ChangeDate, msWMI-Author +systemPossSuperiors: container +schemaIdGuid:e2bc80f1-244a-4d59-acc6-ca5c4f82e6e1 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-PolicyType +ldapDisplayName: msWMI-PolicyType +governsId: 1.2.840.113556.1.5.211 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: msWMI-TargetObject, msWMI-ID +systemMayContain: msWMI-SourceOrganization, msWMI-Parm4,msWMI-Parm3, msWMI-Parm2, msWMI-Parm1, msWMI-intFlags4,msWMI-intFlags3, msWMI-intFlags2, msWMI-intFlags1,msWMI-CreationDate, msWMI-ChangeDate, msWMI-Author +systemPossSuperiors: container +schemaIdGuid:595b2613-4109-4e77-9013-a3bb4ef277c7 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-RangeParam +ldapDisplayName: msWMI-RangeParam +governsId: 1.2.840.113556.1.5.203 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: msWMI-TargetType, msWMI-TargetClass,msWMI-PropertyName +systemPossSuperiors: msWMI-MergeablePolicyTemplate +schemaIdGuid:45fb5a57-5018-4d0f-9056-997c8c9122d9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-WMI-RangeParam,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-RealRangeParam +ldapDisplayName: msWMI-RealRangeParam +governsId: 1.2.840.113556.1.5.209 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: msWMI-RangeParam +systemMustContain: msWMI-Int8Default +systemMayContain: msWMI-Int8Max, msWMI-Int8Min +systemPossSuperiors: msWMI-MergeablePolicyTemplate +schemaIdGuid:6afe8fe2-70bc-4cce-b166-a96f7359c514 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-WMI-RealRangeParam,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-Rule +ldapDisplayName: msWMI-Rule +governsId: 1.2.840.113556.1.5.214 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: msWMI-QueryLanguage, msWMI-TargetNameSpace,msWMI-Query +systemPossSuperiors: msWMI-Som, container +schemaIdGuid:3c7e6f83-dd0e-481b-a0c2-74cd96ef2a66 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-WMI-Rule,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-ShadowObject +ldapDisplayName: msWMI-ShadowObject +governsId: 1.2.840.113556.1.5.212 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: msWMI-TargetObject +systemPossSuperiors: msWMI-PolicyType +schemaIdGuid:f1e44bdf-8dd3-4235-9c86-f91f31f5b569 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-WMI-ShadowObject,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-SimplePolicyTemplate +ldapDisplayName: msWMI-SimplePolicyTemplate +governsId: 1.2.840.113556.1.5.201 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: msWMI-PolicyTemplate +systemMustContain: msWMI-TargetObject +systemPossSuperiors: container +schemaIdGuid:6cc8b2b5-12df-44f6-8307-e74f5cdee369 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-WMI-SimplePolicyTemplate,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-Som +ldapDisplayName: msWMI-Som +governsId: 1.2.840.113556.1.5.213 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: msWMI-Name, msWMI-ID +systemMayContain: msWMI-SourceOrganization, msWMI-Parm4, msWMI-Parm3,msWMI-Parm2, msWMI-Parm1, msWMI-intFlags4, msWMI-intFlags3,msWMI-intFlags2, msWMI-intFlags1, msWMI-CreationDate,msWMI-ChangeDate, msWMI-Author +systemPossSuperiors: container +schemaIdGuid:ab857078-0142-4406-945b-34c9b6b13372 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-WMI-Som,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-StringSetParam +ldapDisplayName: msWMI-StringSetParam +governsId: 1.2.840.113556.1.5.210 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: msWMI-RangeParam +systemMustContain: msWMI-StringDefault +systemMayContain: msWMI-StringValidValues +systemPossSuperiors: msWMI-MergeablePolicyTemplate +schemaIdGuid:0bc579a2-1da7-4cea-b699-807f3b9d63a4 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-WMI-StringSetParam,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-UintRangeParam +ldapDisplayName: msWMI-UintRangeParam +governsId: 1.2.840.113556.1.5.207 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: msWMI-RangeParam +systemMustContain: msWMI-IntDefault +systemMayContain: msWMI-IntMax, msWMI-IntMin +systemPossSuperiors: msWMI-MergeablePolicyTemplate +schemaIdGuid:d9a799b2-cef3-48b3-b5ad-fb85f8dd3214 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-WMI-UintRangeParam,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-UintSetParam +ldapDisplayName: msWMI-UintSetParam +governsId: 1.2.840.113556.1.5.208 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: msWMI-RangeParam +systemMustContain: msWMI-IntDefault +systemMayContain: msWMI-IntValidValues +systemPossSuperiors: msWMI-MergeablePolicyTemplate +schemaIdGuid:8f4beb31-4e19-46f5-932e-5fa03c339b1d +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-WMI-UintSetParam,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-UnknownRangeParam +ldapDisplayName: msWMI-UnknownRangeParam +governsId: 1.2.840.113556.1.5.204 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: msWMI-RangeParam +systemMustContain: msWMI-TargetObject, msWMI-NormalizedClass +systemPossSuperiors: msWMI-MergeablePolicyTemplate +schemaIdGuid:b82ac26b-c6db-4098-92c6-49c18a3336e1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-WMI-UnknownRangeParam,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ms-WMI-WMIGPO +ldapDisplayName: msWMI-WMIGPO +governsId: 1.2.840.113556.1.5.215 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: msWMI-TargetClass +systemMayContain: msWMI-Parm4, msWMI-Parm3, msWMI-Parm2, msWMI-Parm1,msWMI-intFlags4, msWMI-intFlags3, msWMI-intFlags2, msWMI-intFlags1 +systemPossSuperiors: container +schemaIdGuid:05630000-3927-4ede-bf27-ca91f275c26f +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: NisMap +ldapDisplayName: nisMap +governsId: 1.3.6.1.1.1.2.9 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mustContain: cn, nisMapName +mayContain: description +possSuperiors: domainDNS, container, organizationalUnit +schemaIdGuid:7672666c-02c1-4f33-9ecf-f649c1dd9b7c +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=NisMap,CN=Schema,CN=Configuration, + +cn: NisNetgroup +ldapDisplayName: nisNetgroup +governsId: 1.3.6.1.1.1.2.8 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mustContain: cn +mayContain: description, memberNisNetgroup, nisNetgroupTriple,msSFU30Name, msSFU30NisDomain, nisMapName,msSFU30NetgroupHostAtDomain, msSFU30NetgroupUserAtDomain +possSuperiors: domainDNS, nisMap, container, organizationalUnit +schemaIdGuid:72efbf84-6e7b-4a5c-a8db-8a75a7cad254 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=NisNetgroup,CN=Schema,CN=Configuration, + +cn: NisObject +ldapDisplayName: nisObject +governsId: 1.3.6.1.1.1.2.10 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mustContain: cn, nisMapName, nisMapEntry +mayContain: description, msSFU30Name, msSFU30NisDomain +possSuperiors: domainDNS, nisMap, container, organizationalUnit +schemaIdGuid:904f8a93-4954-4c5f-b1e1-53c097a31e13 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=NisObject,CN=Schema,CN=Configuration, + +cn: NTDS-Connection +ldapDisplayName: nTDSConnection +governsId: 1.2.840.113556.1.5.71 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: leaf +systemMustContain: options, fromServer, enabledConnection +systemMayContain: transportType, schedule, mS-DS-ReplicatesNCReason,generatedConnection +systemPossSuperiors: nTFRSMember, nTFRSReplicaSet, nTDSDSA +schemaIdGuid:19195a60-6da0-11d0-afd3-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=NTDS-Connection,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: NTDS-DSA +ldapDisplayName: nTDSDSA +governsId: 1.2.840.113556.1.5.7000.47 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: applicationSettings +systemMayContain: msDS-IsUserCachableAtRodc, msDS-Sitename,msDS-isRODC, msDS-isGC, msDS-RevealedUsers,msDS-NeverRevealGroup, msDS-RevealOnDemandGroup,msDS-hasFullReplicaNCs, serverReference,msDS-RetiredReplNCSignatures, retiredReplDSASignatures,queryPolicyObject, options, networkAddress, msDS-ReplicationEpoch,msDS-HasInstantiatedNCs, msDS-hasMasterNCs, msDS-HasDomainNCs,msDS-Behavior-Version, managedBy, lastBackupRestorationTime,invocationId, hasPartialReplicaNCs, hasMasterNCs, fRSRootPath,dMDLocation +systemPossSuperiors: organization, server +schemaIdGuid:f0f8ffab-1191-11d0-a060-00aa006c33ed +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: TRUE +defaultObjectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: NTDS-DSA-RO +ldapDisplayName: nTDSDSARO +governsId: 1.2.840.113556.1.5.254 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: nTDSDSA +systemPossSuperiors: server, organization +schemaIdGuid:85d16ec1-0791-4bc8-8ab3-70980602ff8c +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: TRUE +defaultObjectCategory: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: NTDS-Service +ldapDisplayName: nTDSService +governsId: 1.2.840.113556.1.5.72 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: msDS-DeletedObjectLifetime, tombstoneLifetime,sPNMappings, replTopologyStayOfExecution, msDS-Other-Settings,garbageCollPeriod, dSHeuristics +systemPossSuperiors: container +schemaIdGuid:19195a5f-6da0-11d0-afd3-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: NTDS-Site-Settings +ldapDisplayName: nTDSSiteSettings +governsId: 1.2.840.113556.1.5.69 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: applicationSiteSettings +systemMayContain: schedule, queryPolicyObject, options,msDS-Preferred-GC-Site, managedBy, interSiteTopologyRenew,interSiteTopologyGenerator, interSiteTopologyFailover +systemPossSuperiors: site +schemaIdGuid:19195a5d-6da0-11d0-afd3-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: NTFRS-Member +ldapDisplayName: nTFRSMember +governsId: 1.2.840.113556.1.5.153 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: serverReference, fRSUpdateTimeout,fRSServiceCommand, fRSRootSecurity, fRSPartnerAuthLevel, fRSFlags,fRSExtensions, fRSControlOutboundBacklog, fRSControlInboundBacklog,fRSControlDataCreation, frsComputerReference +systemPossSuperiors: nTFRSReplicaSet +schemaIdGuid:2a132586-9373-11d1-aebc-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=NTFRS-Member,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: NTFRS-Replica-Set +ldapDisplayName: nTFRSReplicaSet +governsId: 1.2.840.113556.1.5.102 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: schedule, msFRS-Topology-Pref, msFRS-Hub-Member,managedBy, fRSVersionGUID, fRSServiceCommand, fRSRootSecurity,fRSReplicaSetType, fRSReplicaSetGUID, fRSPrimaryMember,fRSPartnerAuthLevel, fRSLevelLimit, fRSFlags, fRSFileFilter,fRSExtensions, fRSDSPoll, fRSDirectoryFilter +systemPossSuperiors: nTFRSSettings +schemaIdGuid:5245803a-ca6a-11d0-afff-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(OA;;CCDC;2a132586-9373-11d1-aebc-0000f80367c1;;ED) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: NTFRS-Settings +ldapDisplayName: nTFRSSettings +governsId: 1.2.840.113556.1.5.89 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: applicationSettings +systemMayContain: managedBy, fRSExtensions +systemPossSuperiors: nTFRSSettings, container, organizationalUnit,organization +schemaIdGuid:f780acc2-56f0-11d1-a9c6-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=NTFRS-Settings,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: NTFRS-Subscriber +ldapDisplayName: nTFRSSubscriber +governsId: 1.2.840.113556.1.5.155 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: fRSStagingPath, fRSRootPath +systemMayContain: schedule, fRSUpdateTimeout,fRSTimeLastConfigChange, fRSTimeLastCommand,fRSServiceCommandStatus, fRSServiceCommand, fRSMemberReference,fRSFlags, fRSFaultCondition, fRSExtensions +systemPossSuperiors: nTFRSSubscriptions +schemaIdGuid:2a132588-9373-11d1-aebc-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: NTFRS-Subscriptions +ldapDisplayName: nTFRSSubscriptions +governsId: 1.2.840.113556.1.5.154 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: fRSWorkingPath, fRSVersion, fRSExtensions +systemPossSuperiors: user, computer, nTFRSSubscriptions +schemaIdGuid:2a132587-9373-11d1-aebc-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: OncRpc +ldapDisplayName: oncRpc +governsId: 1.3.6.1.1.1.2.5 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mustContain: cn, oncRpcNumber +mayContain: description, msSFU30Name, msSFU30NisDomain, nisMapName,msSFU30Aliases +possSuperiors: domainDNS, nisMap, container, organizationalUnit +schemaIdGuid:cadd1e5e-fefc-4f3f-b5a9-70e994204303 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=OncRpc,CN=Schema,CN=Configuration, + +cn: Organization +ldapDisplayName: organization +governsId: 2.5.6.4 +objectClassCategory: 1 +rdnAttId: o +subClassOf: top +systemMustContain: o +systemMayContain: x121Address, userPassword, telexNumber,teletexTerminalIdentifier, telephoneNumber, street, st, seeAlso,searchGuide, registeredAddress, preferredDeliveryMethod, postalCode,postalAddress, postOfficeBox, physicalDeliveryOfficeName, l,internationalISDNNumber, facsimileTelephoneNumber,destinationIndicator, businessCategory +systemPossSuperiors: locality, country, domainDNS +schemaIdGuid:bf967aa3-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: FALSE +systemOnly: FALSE +defaultObjectCategory: CN=Organization,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Organizational-Person +ldapDisplayName: organizationalPerson +governsId: 2.5.6.7 +objectClassCategory: 0 +rdnAttId: cn +subClassOf: person +mayContain: msDS-HABSeniorityIndex, msDS-PhoneticDisplayName,msDS-PhoneticCompanyName, msDS-PhoneticDepartment,msDS-PhoneticLastName, msDS-PhoneticFirstName, houseIdentifier,msExchHouseIdentifier, homePostalAddress +systemMayContain: x121Address, comment, title, co,primaryTelexNumber, telexNumber, teletexTerminalIdentifier, street,st, registeredAddress, preferredDeliveryMethod, postalCode,postalAddress, postOfficeBox, thumbnailPhoto,physicalDeliveryOfficeName, pager, otherPager, otherTelephone,mobile, otherMobile, primaryInternationalISDNNumber, ipPhone,otherIpPhone, otherHomePhone, homePhone,otherFacsimileTelephoneNumber, personalTitle, middleName,otherMailbox, ou, o, mhsORAddress, msDS-AllowedToDelegateTo,manager, thumbnailLogo, l, internationalISDNNumber, initials,givenName, generationQualifier, facsimileTelephoneNumber,employeeID, mail, division, destinationIndicator, department, c,countryCode, company, assistant, streetAddress +systemPossSuperiors: organizationalUnit, organization, container +schemaIdGuid:bf967aa4-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Organizational-Role +ldapDisplayName: organizationalRole +governsId: 2.5.6.8 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: cn +systemMayContain: x121Address, telexNumber,teletexTerminalIdentifier, telephoneNumber, street, st, seeAlso,roleOccupant, registeredAddress, preferredDeliveryMethod,postalCode, postalAddress, postOfficeBox,physicalDeliveryOfficeName, ou, l, internationalISDNNumber,facsimileTelephoneNumber, destinationIndicator +systemPossSuperiors: organizationalUnit, organization, container +schemaIdGuid:a8df74bf-c5ea-11d1-bbcb-0080c76670c0 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Organizational-Role,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Organizational-Unit +ldapDisplayName: organizationalUnit +governsId: 2.5.6.5 +objectClassCategory: 1 +rdnAttId: ou +subClassOf: top +systemMustContain: ou +systemMayContain: x121Address, userPassword, uPNSuffixes, co,telexNumber, teletexTerminalIdentifier, telephoneNumber, street, st,seeAlso, searchGuide, registeredAddress, preferredDeliveryMethod,postalCode, postalAddress, postOfficeBox,physicalDeliveryOfficeName, msCOM-UserPartitionSetLink, managedBy,thumbnailLogo, l, internationalISDNNumber, gPOptions, gPLink,facsimileTelephoneNumber, destinationIndicator, desktopProfile,defaultGroup, countryCode, c, businessCategory +systemPossSuperiors: country, organization, organizationalUnit,domainDNS +schemaIdGuid:bf967aa5-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO) +defaultHidingValue: FALSE +systemOnly: FALSE +defaultObjectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Package-Registration +ldapDisplayName: packageRegistration +governsId: 1.2.840.113556.1.5.49 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: versionNumberLo, versionNumberHi, vendor,upgradeProductCode, setupCommand, productCode, packageType,packageName, packageFlags, msiScriptSize, msiScriptPath,msiScriptName, msiScript, msiFileList, managedBy,machineArchitecture, localeID, lastUpdateSequence, installUiLevel,iconPath, fileExtPriority, cOMTypelibId, cOMProgID, cOMInterfaceID,cOMClassID, categories, canUpgradeScript +systemPossSuperiors: classStore +schemaIdGuid:bf967aa6-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Package-Registration,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Person +ldapDisplayName: person +governsId: 2.5.6.6 +objectClassCategory: 0 +rdnAttId: cn +subClassOf: top +systemMustContain: cn +mayContain: attributeCertificateAttribute +systemMayContain: userPassword, telephoneNumber, sn, serialNumber,seeAlso +systemPossSuperiors: organizationalUnit, container +schemaIdGuid:bf967aa7-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Physical-Location +ldapDisplayName: physicalLocation +governsId: 1.2.840.113556.1.5.97 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: locality +systemMayContain: managedBy +systemPossSuperiors: physicalLocation, configuration +schemaIdGuid:b7b13122-b82e-11d0-afee-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Physical-Location,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: PKI-Certificate-Template +ldapDisplayName: pKICertificateTemplate +governsId: 1.2.840.113556.1.5.177 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: pKIOverlapPeriod, pKIMaxIssuingDepth, pKIKeyUsage,pKIExtendedKeyUsage, pKIExpirationPeriod, pKIEnrollmentAccess,pKIDefaultCSPs, pKIDefaultKeySpec, pKICriticalExtensions,msPKI-RA-Signature, msPKI-RA-Policies,msPKI-RA-Application-Policies, msPKI-Template-Schema-Version,msPKI-Template-Minor-Revision, msPKI-Supersede-Templates,msPKI-Private-Key-Flag, msPKI-Minimal-Key-Size,msPKI-Enrollment-Flag, msPKI-Certificate-Policy,msPKI-Certificate-Name-Flag, msPKI-Certificate-Application-Policy,msPKI-Cert-Template-OID, flags, displayName +systemPossSuperiors: container +schemaIdGuid:e5209ca2-3bba-11d2-90cc-00c04fd91ab1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: PKI-Enrollment-Service +ldapDisplayName: pKIEnrollmentService +governsId: 1.2.840.113556.1.5.178 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: msPKI-Enrollment-Servers, msPKI-Site-Name,signatureAlgorithms, enrollmentProviders, dNSHostName,certificateTemplates, cACertificateDN, cACertificate +systemPossSuperiors: container +schemaIdGuid:ee4aa692-3bba-11d2-90cc-00c04fd91ab1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: PosixAccount +ldapDisplayName: posixAccount +governsId: 1.3.6.1.1.1.2.0 +objectClassCategory: 3 +rdnAttId: uid +subClassOf: top +mayContain: uid, cn, uidNumber, gidNumber, unixHomeDirectory,homeDirectory, userPassword, unixUserPassword, loginShell, gecos,description +schemaIdGuid:ad44bb41-67d5-4d88-b575-7b20674e76d8 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=PosixAccount,CN=Schema,CN=Configuration, + +cn: PosixGroup +ldapDisplayName: posixGroup +governsId: 1.3.6.1.1.1.2.2 +objectClassCategory: 3 +rdnAttId: cn +subClassOf: top +mayContain: cn, userPassword, unixUserPassword, description,gidNumber, memberUid +schemaIdGuid:2a9350b8-062c-4ed0-9903-dde10d06deba +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=PosixGroup,CN=Schema,CN=Configuration, + +cn: Print-Queue +ldapDisplayName: printQueue +governsId: 1.2.840.113556.1.5.23 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: connectionPoint +systemMustContain: versionNumber, uNCName, shortServerName,serverName, printerName +systemMayContain: priority, printStatus, printStartTime,printStaplingSupported, printSpooling, printShareName,printSeparatorFile, printRateUnit, printRate, printPagesPerMinute,printOwner, printOrientationsSupported, printNumberUp, printNotify,printNetworkAddress, printMinYExtent, printMinXExtent, printMemory,printMediaSupported, printMediaReady, printMaxYExtent,printMaxXExtent, printMaxResolutionSupported, printMaxCopies,printMACAddress, printLanguage, printKeepPrintedJobs, printFormName,printEndTime, printDuplexSupported, printColor, printCollate,printBinNames, printAttributes, portName, physicalLocationObject,operatingSystemVersion, operatingSystemServicePack,operatingSystemHotfix, operatingSystem, location, driverVersion,driverName, defaultPriority, bytesPerMinute, assetNumber +systemPossSuperiors: organizationalUnit, domainDNS, container,computer +schemaIdGuid:bf967aa8-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;PO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU) +defaultHidingValue: FALSE +systemOnly: FALSE +defaultObjectCategory: CN=Print-Queue,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Query-Policy +ldapDisplayName: queryPolicy +governsId: 1.2.840.113556.1.5.106 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: lDAPIPDenyList, lDAPAdminLimits +systemPossSuperiors: container +schemaIdGuid:83cc7075-cca7-11d0-afff-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Query-Policy,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Remote-Mail-Recipient +ldapDisplayName: remoteMailRecipient +governsId: 1.2.840.113556.1.5.24 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemAuxiliaryClass: mailRecipient +systemMayContain: remoteSourceType, remoteSource, managedBy +systemPossSuperiors: organizationalUnit, domainDNS +schemaIdGuid:bf967aa9-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Remote-Mail-Recipient,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Remote-Storage-Service-Point +ldapDisplayName: remoteStorageServicePoint +governsId: 1.2.840.113556.1.5.146 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: serviceAdministrationPoint +systemMayContain: remoteStorageGUID +systemPossSuperiors: computer +schemaIdGuid:2a39c5bd-8960-11d1-aebc-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Residential-Person +ldapDisplayName: residentialPerson +governsId: 2.5.6.10 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: person +systemMayContain: x121Address, title, telexNumber,teletexTerminalIdentifier, street, st, registeredAddress,preferredDeliveryMethod, postalCode, postalAddress, postOfficeBox,physicalDeliveryOfficeName, ou, l, internationalISDNNumber,facsimileTelephoneNumber, destinationIndicator, businessCategory +systemPossSuperiors: locality, container +schemaIdGuid:a8df74d6-c5ea-11d1-bbcb-0080c76670c0 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Residential-Person,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: rFC822LocalPart +ldapDisplayName: rFC822LocalPart +governsId: 0.9.2342.19200300.100.4.14 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: domain +mayContain: x121Address, telexNumber, teletexTerminalIdentifier,telephoneNumber, street, sn, seeAlso, registeredAddress,preferredDeliveryMethod, postOfficeBox, postalCode, postalAddress,physicalDeliveryOfficeName, internationalISDNNumber,facsimileTelephoneNumber, destinationIndicator, description, cn +possSuperiors: organizationalUnit, container +schemaIdGuid:b93e3a78-cbae-485e-a07b-5ef4ae505686 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=rFC822LocalPart,CN=Schema,CN=Configuration, + +cn: RID-Manager +ldapDisplayName: rIDManager +governsId: 1.2.840.113556.1.5.83 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: rIDAvailablePool +systemPossSuperiors: container +schemaIdGuid:6617188d-8f3c-11d0-afda-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)S:(AU;SA;CRWP;;;WD) +defaultHidingValue: TRUE +systemOnly: TRUE +defaultObjectCategory: CN=RID-Manager,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: RID-Set +ldapDisplayName: rIDSet +governsId: 1.2.840.113556.1.5.129 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: rIDUsedPool, rIDPreviousAllocationPool,rIDNextRID, rIDAllocationPool +systemPossSuperiors: user, container, computer +schemaIdGuid:7bfdcb89-4807-11d1-a9c3-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: TRUE +defaultObjectCategory: CN=RID-Set,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: room +ldapDisplayName: room +governsId: 0.9.2342.19200300.100.4.7 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +mustContain: cn +mayContain: location, telephoneNumber, seeAlso, description,roomNumber +possSuperiors: organizationalUnit, container +schemaIdGuid:7860e5d2-c8b0-4cbb-bd45-d9455beb9206 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=room,CN=Schema,CN=Configuration, + +cn: Rpc-Container +ldapDisplayName: rpcContainer +governsId: 1.2.840.113556.1.5.136 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: container +systemMayContain: nameServiceFlags +systemPossSuperiors: container +schemaIdGuid:80212842-4bdc-11d1-a9c4-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Rpc-Container,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: rpc-Entry +ldapDisplayName: rpcEntry +governsId: 1.2.840.113556.1.5.27 +objectClassCategory: 2 +rdnAttId: cn +subClassOf: connectionPoint +systemPossSuperiors: container +schemaIdGuid:bf967aac-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=rpc-Entry,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: rpc-Group +ldapDisplayName: rpcGroup +governsId: 1.2.840.113556.1.5.80 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: rpcEntry +systemMayContain: rpcNsObjectID, rpcNsGroup +systemPossSuperiors: container +schemaIdGuid:88611bdf-8cf4-11d0-afda-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=rpc-Group,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: rpc-Profile +ldapDisplayName: rpcProfile +governsId: 1.2.840.113556.1.5.82 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: rpcEntry +systemPossSuperiors: container +schemaIdGuid:88611be1-8cf4-11d0-afda-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=rpc-Profile,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: rpc-Profile-Element +ldapDisplayName: rpcProfileElement +governsId: 1.2.840.113556.1.5.26 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: rpcEntry +systemMustContain: rpcNsPriority, rpcNsInterfaceID +systemMayContain: rpcNsProfileEntry, rpcNsAnnotation +systemPossSuperiors: rpcProfile +schemaIdGuid:f29653cf-7ad0-11d0-afd6-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=rpc-Profile-Element,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: rpc-Server +ldapDisplayName: rpcServer +governsId: 1.2.840.113556.1.5.81 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: rpcEntry +systemMayContain: rpcNsObjectID, rpcNsEntryFlags, rpcNsCodeset +systemPossSuperiors: container +schemaIdGuid:88611be0-8cf4-11d0-afda-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=rpc-Server,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: rpc-Server-Element +ldapDisplayName: rpcServerElement +governsId: 1.2.840.113556.1.5.73 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: rpcEntry +systemMustContain: rpcNsTransferSyntax, rpcNsInterfaceID,rpcNsBindings +systemPossSuperiors: rpcServer +schemaIdGuid:f29653d0-7ad0-11d0-afd6-00c04fd930c9 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=rpc-Server-Element,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: RRAS-Administration-Connection-Point +ldapDisplayName: rRASAdministrationConnectionPoint +governsId: 1.2.840.113556.1.5.150 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: serviceAdministrationPoint +systemMayContain: msRRASAttribute +systemPossSuperiors: computer +schemaIdGuid:2a39c5be-8960-11d1-aebc-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: RRAS-Administration-Dictionary +ldapDisplayName: rRASAdministrationDictionary +governsId: 1.2.840.113556.1.5.156 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: msRRASVendorAttributeEntry +systemPossSuperiors: container +schemaIdGuid:f39b98ae-938d-11d1-aebd-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Sam-Domain +ldapDisplayName: samDomain +governsId: 1.2.840.113556.1.5.3 +objectClassCategory: 3 +rdnAttId: cn +subClassOf: top +systemAuxiliaryClass: samDomainBase +systemMayContain: treeName, rIDManagerReference, replicaSource,pwdProperties, pwdHistoryLength, privateKey, pekList,pekKeyChangeInterval, nTMixedDomain, nextRid, nETBIOSName,msDS-PerUserTrustTombstonesQuota, msDS-PerUserTrustQuota,ms-DS-MachineAccountQuota, msDS-LogonTimeSyncInterval,msDS-AllUsersTrustQuota, modifiedCountAtLastProm, minPwdLength,minPwdAge, maxPwdAge, lSAModifiedCount, lSACreationTime,lockoutThreshold, lockoutDuration, lockOutObservationWindow,gPOptions, gPLink, eFSPolicy, domainPolicyObject, desktopProfile,description, defaultLocalPolicyObject, creationTime,controlAccessRights, cACertificate, builtinModifiedCount,builtinCreationTime, auditingPolicy +schemaIdGuid:bf967a90-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Sam-Domain,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Sam-Domain-Base +ldapDisplayName: samDomainBase +governsId: 1.2.840.113556.1.5.2 +objectClassCategory: 3 +rdnAttId: cn +subClassOf: top +systemMayContain: uASCompat, serverState, serverRole, revision,pwdProperties, pwdHistoryLength, oEMInformation, objectSid,nTSecurityDescriptor, nextRid, modifiedCountAtLastProm,modifiedCount, minPwdLength, minPwdAge, maxPwdAge, lockoutThreshold,lockoutDuration, lockOutObservationWindow, forceLogoff,domainReplica, creationTime +schemaIdGuid:bf967a91-0de6-11d0-a285-00aa003049e2 +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Sam-Domain-Base,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Sam-Server +ldapDisplayName: samServer +governsId: 1.2.840.113556.1.5.5 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: securityObject +systemMayContain: samDomainUpdates +systemPossSuperiors: domainDNS +schemaIdGuid:bf967aad-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPLCLORC;;;RU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;AU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;RU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Sam-Server,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Secret +ldapDisplayName: secret +governsId: 1.2.840.113556.1.5.28 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: leaf +systemMayContain: priorValue, priorSetTime, lastSetTime, currentValue +systemPossSuperiors: container +schemaIdGuid:bf967aae-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Secret,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Security-Object +ldapDisplayName: securityObject +governsId: 1.2.840.113556.1.5.1 +objectClassCategory: 2 +rdnAttId: cn +subClassOf: top +systemMustContain: cn +systemPossSuperiors: container +schemaIdGuid:bf967aaf-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Security-Object,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Security-Principal +ldapDisplayName: securityPrincipal +governsId: 1.2.840.113556.1.5.6 +objectClassCategory: 3 +rdnAttId: cn +subClassOf: top +systemMustContain: sAMAccountName, objectSid +systemMayContain: supplementalCredentials, sIDHistory,securityIdentifier, sAMAccountType, rid, tokenGroupsNoGCAcceptable,tokenGroupsGlobalAndUniversal, tokenGroups, nTSecurityDescriptor,msDS-KeyVersionNumber, altSecurityIdentities, accountNameHistory +schemaIdGuid:bf967ab0-0de6-11d0-a285-00aa003049e2 +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Security-Principal,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Server +ldapDisplayName: server +governsId: 1.2.840.113556.1.5.17 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: msDS-IsUserCachableAtRodc, msDS-SiteName,msDS-isRODC, msDS-isGC, mailAddress, serverReference, serialNumber,managedBy, dNSHostName, bridgeheadTransportList +systemPossSuperiors: serversContainer +schemaIdGuid:bf967a92-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Server,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Servers-Container +ldapDisplayName: serversContainer +governsId: 1.2.840.113556.1.5.7000.48 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemPossSuperiors: site +schemaIdGuid:f780acc0-56f0-11d1-a9c6-0000f80367c1 +defaultSecurityDescriptor: D:(A;;CC;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Servers-Container,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Service-Administration-Point +ldapDisplayName: serviceAdministrationPoint +governsId: 1.2.840.113556.1.5.94 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: serviceConnectionPoint +systemPossSuperiors: computer +schemaIdGuid:b7b13123-b82e-11d0-afee-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Service-Administration-Point,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Service-Class +ldapDisplayName: serviceClass +governsId: 1.2.840.113556.1.5.29 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: leaf +systemMustContain: serviceClassID, displayName +systemMayContain: serviceClassInfo +systemPossSuperiors: container +schemaIdGuid:bf967ab1-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Service-Class,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Service-Connection-Point +ldapDisplayName: serviceConnectionPoint +governsId: 1.2.840.113556.1.5.126 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: connectionPoint +systemMayContain: versionNumberLo, versionNumberHi, versionNumber,vendor, serviceDNSNameType, serviceDNSName, serviceClassName,serviceBindingInformation, appSchemaVersion +systemPossSuperiors: organizationalUnit, container, computer +schemaIdGuid:28630ec1-41d5-11d1-a9c1-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Service-Connection-Point,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Service-Instance +ldapDisplayName: serviceInstance +governsId: 1.2.840.113556.1.5.30 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: connectionPoint +systemMustContain: serviceClassID, displayName +systemMayContain: winsockAddresses, serviceInstanceVersion +systemPossSuperiors: container +schemaIdGuid:bf967ab2-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Service-Instance,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: ShadowAccount +ldapDisplayName: shadowAccount +governsId: 1.3.6.1.1.1.2.1 +objectClassCategory: 3 +rdnAttId: uid +subClassOf: top +mayContain: uid, userPassword, description, shadowLastChange,shadowMin, shadowMax, shadowWarning, shadowInactive, shadowExpire,shadowFlag +schemaIdGuid:5b6d8467-1a18-4174-b350-9cc6e7b4ac8d +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=ShadowAccount,CN=Schema,CN=Configuration, + +cn: simpleSecurityObject +ldapDisplayName: simpleSecurityObject +governsId: 0.9.2342.19200300.100.4.19 +objectClassCategory: 3 +rdnAttId: cn +subClassOf: top +mayContain: userPassword +schemaIdGuid:5fe69b0b-e146-4f15-b0ab-c1e5d488e094 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=simpleSecurityObject,CN=Schema,CN=Configuration, + +cn: Site +ldapDisplayName: site +governsId: 1.2.840.113556.1.5.31 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: notificationList, mSMQSiteID, mSMQSiteForeign,mSMQNt4Stub, mSMQInterval2, mSMQInterval1, managedBy, location,gPOptions, gPLink, msDS-BridgeHeadServersUsed +systemPossSuperiors: sitesContainer +schemaIdGuid:bf967ab3-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Site,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Site-Link +ldapDisplayName: siteLink +governsId: 1.2.840.113556.1.5.147 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: siteList +systemMayContain: schedule, replInterval, options, cost +systemPossSuperiors: interSiteTransport +schemaIdGuid:d50c2cde-8951-11d1-aebc-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: FALSE +systemOnly: FALSE +defaultObjectCategory: CN=Site-Link,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Site-Link-Bridge +ldapDisplayName: siteLinkBridge +governsId: 1.2.840.113556.1.5.148 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMustContain: siteLinkList +systemPossSuperiors: interSiteTransport +schemaIdGuid:d50c2cdf-8951-11d1-aebc-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: FALSE +systemOnly: FALSE +defaultObjectCategory: CN=Site-Link-Bridge,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Sites-Container +ldapDisplayName: sitesContainer +governsId: 1.2.840.113556.1.5.107 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemPossSuperiors: configuration +schemaIdGuid:7a4117da-cd67-11d0-afff-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Sites-Container,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Storage +ldapDisplayName: storage +governsId: 1.2.840.113556.1.5.33 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: connectionPoint +systemMayContain: monikerDisplayName, moniker, iconPath +systemPossSuperiors: container +schemaIdGuid:bf967ab5-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Storage,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Subnet +ldapDisplayName: subnet +governsId: 1.2.840.113556.1.5.96 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: siteObject, physicalLocationObject, location +systemPossSuperiors: subnetContainer +schemaIdGuid:b7b13124-b82e-11d0-afee-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Subnet,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Subnet-Container +ldapDisplayName: subnetContainer +governsId: 1.2.840.113556.1.5.95 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemPossSuperiors: sitesContainer +schemaIdGuid:b7b13125-b82e-11d0-afee-0000f80367c1 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Subnet-Container,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: SubSchema +ldapDisplayName: subSchema +governsId: 2.5.20.1 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: objectClasses, modifyTimeStamp, extendedClassInfo,extendedAttributeInfo, dITContentRules, attributeTypes +systemPossSuperiors: dMD +schemaIdGuid:5a8b3261-c38d-11d1-bbc9-0080c76670c0 +defaultSecurityDescriptor: D:S: +defaultHidingValue: TRUE +systemOnly: TRUE +defaultObjectCategory: CN=SubSchema,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_DOMAIN_DISALLOW_RENAME + +cn: Top +ldapDisplayName: top +governsId: 2.5.6.0 +objectClassCategory: 2 +rdnAttId: cn +subClassOf: top +systemMustContain: objectClass, objectCategory, nTSecurityDescriptor,instanceType +mayContain: msSFU30PosixMemberOf, msDFSR-ComputerReferenceBL,msDFSR-MemberReferenceBL, msDS-ObjectReferenceBL +systemMayContain: msTSPrimaryDesktopBL, msTSSecondaryDesktopsBL,msDS-EnabledFeatureBL, msDS-LastKnownRDN, msDS-HostServiceAccountBL,msDS-OIDToGroupLinkBl, msDS-LocalEffectiveRecycleTime,msDS-LocalEffectiveDeletionTime, isRecyled, msDS-NcType,msDS-PSOApplied, msDS-PrincipalName,msDS-RevealedListBL, msDS-AuthenticatedToAccountlist,msDS-IsPartialReplicaFor, msDS-IsDomainFor, msDS-IsFullReplicaFor,msDS-RevealedDSAs, msDS-KrbTgtLinkBl, url, wWWHomePage, whenCreated,whenChanged, wellKnownObjects, wbemPath, uSNSource, uSNLastObjRem,USNIntersite, uSNDSALastObjRemoved, uSNCreated, uSNChanged,systemFlags, subSchemaSubEntry, subRefs, structuralObjectClass,siteObjectBL, serverReferenceBL, sDRightsEffective, revision,repsTo, repsFrom, directReports, replUpToDateVector,replPropertyMetaData, name, queryPolicyBL, proxyAddresses,proxiedObjectName, possibleInferiors, partialAttributeSet,partialAttributeDeletionList, otherWellKnownObjects, objectVersion,objectGUID, distinguishedName, nonSecurityMemberBL, netbootSCPBL,ownerBL, msDS-ReplValueMetaData, msDS-ReplAttributeMetaData,msDS-NonMembersBL, msDS-NCReplOutboundNeighbors,msDS-NCReplInboundNeighbors, msDS-NCReplCursors,msDS-TasksForAzRoleBL, msDS-TasksForAzTaskBL,msDS-OperationsForAzRoleBL, msDS-OperationsForAzTaskBL,msDS-MembersForAzRoleBL, msDs-masteredBy, mS-DS-ConsistencyGuid,mS-DS-ConsistencyChildCount, msDS-Approx-Immed-Subordinates,msCOM-PartitionSetLink, msCOM-UserLink, modifyTimeStamp, masteredBy,managedObjects, lastKnownParent, isPrivilegeHolder, memberOf,isDeleted, isCriticalSystemObject, showInAdvancedViewOnly,fSMORoleOwner, fRSMemberReferenceBL, frsComputerReferenceBL,fromEntry, flags, extensionName, dSASignature,dSCorePropagationData, displayNamePrintable, displayName,description, createTimeStamp, cn, canonicalName,bridgeheadServerListBL, allowedChildClassesEffective,allowedChildClasses, allowedAttributesEffective, allowedAttributes,adminDisplayName, adminDescription, msDS-NC-RO-Replica-Locations-BL +systemPossSuperiors: lostAndFound +schemaIdGuid:bf967ab7-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: TRUE +defaultObjectCategory: CN=Top,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Trusted-Domain +ldapDisplayName: trustedDomain +governsId: 1.2.840.113556.1.5.34 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: leaf +systemMayContain: msDS-SupportedEncryptionTypes, trustType,trustPosixOffset, trustPartner, trustDirection, trustAuthOutgoing,trustAuthIncoming, trustAttributes, securityIdentifier,msDS-TrustForestTrustInfo, mS-DS-CreatorSID, initialAuthOutgoing,initialAuthIncoming, flatName, domainIdentifier, domainCrossRef,additionalTrustedServiceNames +systemPossSuperiors: container +schemaIdGuid:bf967ab8-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-a285-00aa003049e2;CO)(A;;SD;;;CO) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Trusted-Domain,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Type-Library +ldapDisplayName: typeLibrary +governsId: 1.2.840.113556.1.5.53 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: top +systemMayContain: cOMUniqueLIBID, cOMInterfaceID, cOMClassID +systemPossSuperiors: classStore +schemaIdGuid:281416e2-1968-11d0-a28f-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: TRUE +systemOnly: FALSE +defaultObjectCategory: CN=Type-Library,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: User +ldapDisplayName: user +governsId: 1.2.840.113556.1.5.9 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: organizationalPerson +auxiliaryClass: shadowAccount, posixAccount +systemAuxiliaryClass: securityPrincipal, mailRecipient +mayContain: msSFU30NisDomain, msSFU30Name, msDS-SourceObjectDN,x500uniqueIdentifier, userSMIMECertificate, userPKCS12, uid,secretary, roomNumber, preferredLanguage, photo, labeledURI,jpegPhoto, homePostalAddress, givenName, employeeType,employeeNumber, displayName, departmentNumber, carLicense, audio +systemMayContain: msTSPrimaryDesktop, msTSSecondaryDesktops,msPKI-CredentialRoamingTokens, msDS-ResultantPSO, MSTSLSProperty01,MSTSLSProperty02, msTSManagingLS2, msTSManagingLS3, msTSManagingLS4,msTSLicenseVersion2, msTSLicenseVersion3, msTSLicenseVersion4,msTSExpireDate2, msTSExpireDate3, msTSExpireDate4,msDS-AuthenticatedAtDC, msDS-UserPasswordExpiryTimeComputed,msTSManagingLS, msTSLicenseVersion, msTSExpireDate, msTSProperty02,msTSProperty01, msTSInitialProgram, msTSWorkDirectory,msTSDefaultToMainPrinter, msTSConnectPrinterDrives,msTSConnectClientDrives, msTSBrokenConnectionAction,msTSReconnectionAction, msTSMaxIdleTime, msTSMaxConnectionTime,msTSMaxDisconnectionTime, msTSRemoteControl, msTSAllowLogon,msTSHomeDrive, msTSHomeDirectory, msTSProfilePath,msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon,msDS-FailedInteractiveLogonCount,msDS-LastFailedInteractiveLogonTime,msDS-LastSuccessfulInteractiveLogonTime,msRADIUS-SavedFramedIpv6Route, msRADIUS-FramedIpv6Route,msRADIUS-SavedFramedIpv6Prefix, msRADIUS-FramedIpv6Prefix,msRADIUS-SavedFramedInterfaceId, msRADIUS-FramedInterfaceId,msPKIAccountCredentials, msPKIDPAPIMasterKeys,msPKIRoamingTimeStamp, msDS-SupportedEncryptionTypes,msDS-SecondaryKrbTgtNumber, pager, o, mobile, manager, mail,initials, homePhone, businessCategory, userCertificate,userWorkstations, userSharedFolderOther, userSharedFolder,userPrincipalName, userParameters, userAccountControl, unicodePwd,terminalServer, servicePrincipalName, scriptPath, pwdLastSet,profilePath, primaryGroupID, preferredOU, otherLoginWorkstations,operatorCount, ntPwdHistory, networkAddress, msRASSavedFramedRoute,msRASSavedFramedIPAddress, msRASSavedCallbackNumber,msRADIUSServiceType, msRADIUSFramedRoute, msRADIUSFramedIPAddress,msRADIUSCallbackNumber, msNPSavedCallingStationID,msNPCallingStationID, msNPAllowDialin, mSMQSignCertificatesMig,mSMQSignCertificates, mSMQDigestsMig, mSMQDigests, msIIS-FTPRoot,msIIS-FTPDir, msDS-User-Account-Control-Computed,msDS-Site-Affinity, mS-DS-CreatorSID,msDS-Cached-Membership-Time-Stamp, msDS-Cached-Membership,msDRM-IdentityCertificate, msCOM-UserPartitionSetLink, maxStorage,logonWorkstation, logonHours, logonCount, lockoutTime, localeID,lmPwdHistory, lastLogonTimestamp, lastLogon, lastLogoff, homeDrive,homeDirectory, groupsToIgnore, groupPriority, groupMembershipSAM,dynamicLDAPServer, desktopProfile, defaultClassStore, dBCSPwd,controlAccessRights, codePage, badPwdCount, badPasswordTime,adminCount, aCSPolicyName, accountExpires +schemaIdGuid:bf967aba-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561) +systemPossSuperiors: builtinDomain, organizationalUnit, domainDNS +defaultHidingValue: FALSE +systemOnly: FALSE +defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + +cn: Volume +ldapDisplayName: volume +governsId: 1.2.840.113556.1.5.36 +objectClassCategory: 1 +rdnAttId: cn +subClassOf: connectionPoint +systemMustContain: uNCName +systemMayContain: lastContentIndexed, contentIndexingAllowed +systemPossSuperiors: organizationalUnit, domainDNS +schemaIdGuid:bf967abb-0de6-11d0-a285-00aa003049e2 +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: FALSE +systemOnly: FALSE +defaultObjectCategory: CN=Volume,CN=Schema,CN=Configuration, +systemFlags: FLAG_SCHEMA_BASE_OBJECT + -- cgit From c93a182a0d14862d960aee57f9af4baabe518549 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 16:57:56 +1100 Subject: s4-schema: added some debug for bad attributes --- source4/dsdb/schema/schema_init.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 99d41069b7..77b4e2a473 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -619,10 +619,14 @@ WERROR dsdb_attribute_from_ldb(struct ldb_context *ldb, attr->syntax = dsdb_syntax_for_attribute(attr); if (!attr->syntax) { + DEBUG(0,(__location__ ": Unknown schema syntax for %s\n", + attr->lDAPDisplayName)); return WERR_DS_ATT_SCHEMA_REQ_SYNTAX; } if (dsdb_schema_setup_ldb_schema_attribute(ldb, attr) != LDB_SUCCESS) { + DEBUG(0,(__location__ ": Unknown schema syntax for %s\n", + attr->lDAPDisplayName)); return WERR_DS_ATT_SCHEMA_REQ_SYNTAX; } @@ -1064,10 +1068,14 @@ WERROR dsdb_attribute_from_drsuapi(struct ldb_context *ldb, attr->syntax = dsdb_syntax_for_attribute(attr); if (!attr->syntax) { + DEBUG(0,(__location__ ": Unknown schema syntax for %s\n", + attr->lDAPDisplayName)); return WERR_DS_ATT_SCHEMA_REQ_SYNTAX; } if (dsdb_schema_setup_ldb_schema_attribute(ldb, attr) != LDB_SUCCESS) { + DEBUG(0,(__location__ ": Unknown schema syntax for %s\n", + attr->lDAPDisplayName)); return WERR_DS_ATT_SCHEMA_REQ_SYNTAX; } -- cgit From d371b0eabe360f7c184a10282f63a64b0cfc550f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 16:59:27 +1100 Subject: s4-schema: added adminDisplayName and adminDescription These are missing from the WSPP schemas Pair-Programmed-With: Andrew Bartlett --- source4/scripting/python/samba/ms_schema.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4') diff --git a/source4/scripting/python/samba/ms_schema.py b/source4/scripting/python/samba/ms_schema.py index a4eed581c6..9f5ebcf8cc 100644 --- a/source4/scripting/python/samba/ms_schema.py +++ b/source4/scripting/python/samba/ms_schema.py @@ -229,6 +229,8 @@ def __transform_entry(entry, objectClass): entry.insert(1, ["objectClass", ["top", objectClass]]) entry.insert(2, ["cn", cn]) entry.insert(2, ["objectGUID", str(uuid.uuid4())]) + entry.insert(2, ["adminDescription", cn]) + entry.insert(2, ["adminDisplayName", cn]) for l in entry: key = l[0].lower() -- cgit From 38909a4ae5a2dc3b18a797933586d35cc679d667 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 17:00:28 +1100 Subject: s4-schema: switch to W2K8-R2 schema Pair-Programmed-With: Andrew Bartlett --- source4/scripting/python/samba/schema.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/scripting/python/samba/schema.py b/source4/scripting/python/samba/schema.py index 8913e53b00..67c48e8e58 100644 --- a/source4/scripting/python/samba/schema.py +++ b/source4/scripting/python/samba/schema.py @@ -64,8 +64,8 @@ class Schema(object): self.schemadn = schemadn self.ldb = Ldb() - self.schema_data = read_ms_schema(setup_path('ad-schema/MS-AD_Schema_2K8_Attributes.txt'), - setup_path('ad-schema/MS-AD_Schema_2K8_Classes.txt')) + self.schema_data = read_ms_schema(setup_path('ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt'), + setup_path('ad-schema/MS-AD_Schema_2K8_R2_Classes.txt')) if files is not None: for file in files: -- cgit From ce21151d226829a33b2b7f6524f36b7d7f04c50e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 17:00:54 +1100 Subject: s4-schema: fixed attributes of aggregate schema Pair-Programmed-With: Andrew Bartlett --- source4/setup/aggregate_schema.ldif | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4') diff --git a/source4/setup/aggregate_schema.ldif b/source4/setup/aggregate_schema.ldif index 2726704719..662f1abd00 100644 --- a/source4/setup/aggregate_schema.ldif +++ b/source4/setup/aggregate_schema.ldif @@ -1,3 +1,5 @@ dn: CN=Aggregate,${SCHEMADN} objectClass: top objectClass: subSchema +showInAdvancedViewOnly: FALSE +systemFlags: 134217728 -- cgit From ebec49965b70795d610be70fe1bab91ac2c19765 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 17:01:32 +1100 Subject: s4-schema: added msDS-NcType to schema container Pair-Programmed-With: Andrew Bartlett --- source4/setup/provision_schema_basedn.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4') diff --git a/source4/setup/provision_schema_basedn.ldif b/source4/setup/provision_schema_basedn.ldif index 6fe0b0ea93..77720fa82b 100644 --- a/source4/setup/provision_schema_basedn.ldif +++ b/source4/setup/provision_schema_basedn.ldif @@ -7,3 +7,4 @@ objectClass: dMD cn: Schema nTSecurityDescriptor:: ${DESCRIPTOR} instanceType: 13 +msDS-NcType: 0 -- cgit From ad11deb9bd825d699e2b6799b40d98c28c95910e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 17:58:26 +1100 Subject: s4-schema: fixes for W2K8-R2 schema The schema from WSPP had a number of typos that prevented it from working. These changes allow it to work with Samba, and allow w2k8r2 to run DCPROMO against Samba successfully Pair-Programmed-With: Andrew Bartlett --- .../ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt | 108 ++++++++++++++++----- .../ad-schema/MS-AD_Schema_2K8_R2_Classes.txt | 70 ++++++++++--- 2 files changed, 143 insertions(+), 35 deletions(-) (limited to 'source4') diff --git a/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt b/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt index 6917c7078c..fef134794e 100644 --- a/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt +++ b/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt @@ -593,7 +593,7 @@ rangeLower: 1 rangeUpper: 4096 attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 mapiID: 14941 -systemFlags: FLAG_SCHEMA_BASE_OBJECT +systemFlags: 0 cn: Address-Syntax ldapDisplayName: addressSyntax @@ -880,6 +880,7 @@ isSingleValued: FALSE schemaIdGuid: fa4693bb-7bc2-4cb9-81a8-c99c43b7905e systemOnly: FALSE searchFlags: 0 +systemFlags: 0 cn: Attribute-Display-Names ldapDisplayName: attributeDisplayNames @@ -953,6 +954,7 @@ systemOnly: FALSE searchFlags: 0 rangeUpper: 250000 showInAdvancedViewOnly: FALSE +systemFlags: 0 cn: Auditing-Policy ldapDisplayName: auditingPolicy @@ -1220,6 +1222,7 @@ schemaIdGuid: d4159c92-957d-4a87-8a67-8d2934e01649 systemOnly: FALSE searchFlags: 0 showInAdvancedViewOnly: FALSE +systemFlags: 0 cn: Catalogs ldapDisplayName: catalogs @@ -1857,6 +1860,7 @@ schemaIdGuid: be9ef6ee-cbc7-4f22-b27b-96967e7ee585 systemOnly: FALSE searchFlags: 0 showInAdvancedViewOnly: FALSE +systemFlags: 0 cn: Description ldapDisplayName: description @@ -2662,7 +2666,7 @@ searchFlags: 0 rangeLower: 1 rangeUpper: 512 mapiID: 35943 -systemFlags: FLAG_SCHEMA_BASE_OBJECT +systemFlags: 0 cn: Employee-Type ldapDisplayName: employeeType @@ -2676,7 +2680,7 @@ searchFlags: fCOPY rangeLower: 1 rangeUpper: 256 mapiID: 35945 -systemFlags: FLAG_SCHEMA_BASE_OBJECT +systemFlags: 0 cn: Enabled ldapDisplayName: Enabled @@ -3609,6 +3613,7 @@ isSingleValued: TRUE schemaIdGuid: ec05b750-a977-4efe-8e8d-ba6c1a6e33a8 systemOnly: FALSE searchFlags: 0 +systemFlags: 0 cn: Home-Directory ldapDisplayName: homeDirectory @@ -4129,6 +4134,7 @@ systemOnly: TRUE searchFlags: fPRESERVEONDELETE systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER schemaFlagsEx: FLAG_ATTR_IS_CRITICAL +isMemberOfPartialAttributeSet: TRUE cn: Is-Single-Valued ldapDisplayName: isSingleValued @@ -4153,6 +4159,7 @@ schemaIdGuid: bac80572-09c4-4fa9-9ae6-7628d7adbe0e systemOnly: FALSE searchFlags: 0 showInAdvancedViewOnly: FALSE +systemFlags: 0 cn: Keywords ldapDisplayName: keywords @@ -4190,6 +4197,7 @@ schemaIdGuid: c569bb46-c680-44bc-a273-e6c227d71b45 systemOnly: FALSE searchFlags: 0 showInAdvancedViewOnly: FALSE +systemFlags: 0 cn: Last-Backup-Restoration-Time ldapDisplayName: lastBackupRestorationTime @@ -4264,6 +4272,7 @@ searchFlags: fATTINDEX attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf systemFlags: FLAG_SCHEMA_BASE_OBJECT schemaFlagsEx: FLAG_ATTR_IS_CRITICAL +isMemberOfPartialAttributeSet: TRUE cn: Last-Set-Time ldapDisplayName: lastSetTime @@ -5330,6 +5339,7 @@ isMemberOfPartialAttributeSet: FALSE searchFlags: 0 rangeLower: 0 rangeUpper: 32766 +systemFlags: FLAG_SCHEMA_BASE_OBJECT cn: ms-DFS-Generation-GUID-v2 ldapDisplayName: msDFS-GenerationGUIDv2 @@ -5342,6 +5352,7 @@ isMemberOfPartialAttributeSet: FALSE searchFlags: 0 rangeLower: 16 rangeUpper: 16 +systemFlags: 16 cn: ms-DFS-Last-Modified-v2 ldapDisplayName: msDFS-LastModifiedv2 @@ -5352,6 +5363,7 @@ isSingleValued: TRUE schemaIdGuid: 3c095e8a-314e-465b-83f5-ab8277bcf29b isMemberOfPartialAttributeSet: FALSE searchFlags: 0 +systemFlags: 16 cn: ms-DFS-Link-Identity-GUID-v2 ldapDisplayName: msDFS-LinkIdentityGUIDv2 @@ -5364,6 +5376,7 @@ isMemberOfPartialAttributeSet: FALSE searchFlags: 0 rangeLower:16 rangeUpper: 16 +systemFlags: 16 cn: ms-DFS-Link-Path-v2 ldapDisplayName: msDFS-LinkPathv2 @@ -5376,6 +5389,7 @@ isMemberOfPartialAttributeSet: FALSE searchFlags: 0 rangeLower: 0 rangeUpper: 32766 +systemFlags: 16 cn: ms-DFS-Link-Security-Descriptor-v2 ldapDisplayName: msDFS-LinkSecurityDescriptorv2 @@ -5386,6 +5400,7 @@ isSingleValued: TRUE schemaIdGuid: 57cf87f7-3426-4841-b322-02b3b6e9eba8 isMemberOfPartialAttributeSet: FALSE searchFlags: 0 +systemFlags: 16 cn: ms-DFS-Namespace-Identity-GUID-v2 ldapDisplayName: msDFS-NamespaceIdentityGUIDv2 @@ -5398,6 +5413,7 @@ isMemberOfPartialAttributeSet: FALSE searchFlags: 0 rangeLower: 16 rangeUpper: 16 +systemFlags: 16 cn: ms-DFS-Properties-v2 ldapDisplayName: msDFS-Propertiesv2 @@ -5410,6 +5426,7 @@ isMemberOfPartialAttributeSet: FALSE searchFlags: 0 rangeLower: 0 rangeUpper: 1024 +systemFlags: 16 cn: ms-DFSR-CachePolicy ldapDisplayName: msDFSR-CachePolicy @@ -5792,7 +5809,6 @@ isSingleValued: TRUE schemaIdGuid: 90b769ac-4413-43cf-ad7a-867142e740a3 searchFlags: 0 rangeLower: 0 -rangeUpper: -1 cn: ms-DFSR-Schedule ldapDisplayName: msDFSR-Schedule @@ -5868,6 +5884,7 @@ isMemberOfPartialAttributeSet: FALSE searchFlags: 0 rangeLower: 2 rangeUpper: 2 +systemFlags: 16 cn: ms-DFS-Schema-Minor-Version ldapDisplayName: msDFS-SchemaMinorVersion @@ -5880,6 +5897,7 @@ isMemberOfPartialAttributeSet: FALSE searchFlags: 0 rangeLower: 0 rangeUpper: 0 +systemFlags: 16 cn: ms-DFS-Short-Name-Link-Path-v2 ldapDisplayName: msDFS-ShortNameLinkPathv2 @@ -5892,6 +5910,7 @@ isMemberOfPartialAttributeSet: FALSE searchFlags: 0 rangeLower: 0 rangeUpper: 32766 +systemFlags: 16 cn: ms-DFS-Target-List-v2 ldapDisplayName: msDFS-TargetListv2 @@ -5904,6 +5923,7 @@ isMemberOfPartialAttributeSet: FALSE searchFlags: 0 rangeLower: 0 rangeUpper: 2097152 +systemFlags: 16 cn: ms-DFS-Ttl-v2 ldapDisplayName: msDFS-Ttlv2 @@ -5913,6 +5933,7 @@ omSyntax: 2 isSingleValued: TRUE schemaIdGuid: ea944d31-864a-4349-ada5-062e2c614f5e isMemberOfPartialAttributeSet: FALSE +systemFlags: FLAG_SCHEMA_BASE_OBJECT searchFlags: 0 cn: MS-DRM-Identity-Certificate @@ -5926,6 +5947,7 @@ searchFlags: 0 rangeLower: 1 rangeUpper: 10240 systemFlags: FLAG_SCHEMA_BASE_OBJECT +isMemberOfPartialAttributeSet: TRUE cn: ms-DS-Additional-Dns-Host-Name ldapDisplayName: msDS-AdditionalDnsHostName @@ -6321,6 +6343,7 @@ schemaIdGuid: f0d8972e-dd5b-40e5-a51d-044c7c17ece7 systemOnly: FALSE searchFlags: 0 rangeUpper: 1000000 +showInAdvancedViewOnly: FALSE cn: ms-DS-Cached-Membership ldapDisplayName: msDS-Cached-Membership @@ -6389,6 +6412,7 @@ isSingleValued: FALSE schemaIdGuid: 234fcbd8-fb52-4908-a328-fd9f6e58e403 systemOnly: FALSE searchFlags: 0 +showInAdvancedViewOnly: FALSE cn: ms-DS-Default-Quota ldapDisplayName: msDS-DefaultQuota @@ -6452,7 +6476,6 @@ omObjectClass: 1.3.12.2.1011.28.0.714 linkId: 2169 isSingleValued: FALSE schemaIdGuid: ce5b01bc-17c6-44b8-9dc1-a9668b00901b -isMemberOfPartialAttributeSet: TRUE systemOnly: TRUE searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT|FLAG_ATTR_NOT_REPLICATED @@ -6558,6 +6581,7 @@ searchFlags: fATTINDEX attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 mapiID: 36000 systemFlags: FLAG_SCHEMA_BASE_OBJECT +isMemberOfPartialAttributeSet: TRUE cn: ms-DS-Has-Domain-NCs ldapDisplayName: msDS-HasDomainNCs @@ -6628,7 +6652,6 @@ omObjectClass: 1.3.12.2.1011.28.0.714 isSingleValued: FALSE schemaIdGuid: 80641043-15a2-40e1-92a2-8ca866f70776 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 -systemOnly: FALSE searchFlags: 0 linkID: 2166 systemFlags: FLAG_SCHEMA_BASE_OBJECT @@ -6642,7 +6665,6 @@ omSyntax: 127 omObjectClass: 1.3.12.2.1011.28.0.714 isSingleValued: FALSE schemaIdGuid: 79abe4eb-88f3-48e7-89d6-f4bc7e98c331 -systemOnly: TRUE searchFlags: 0 linkID: 2167 systemFlags: FLAG_SCHEMA_BASE_OBJECT|FLAG_ATTR_NOT_REPLICATED @@ -6657,6 +6679,7 @@ isSingleValued: FALSE schemaIdGuid: 7bc64cea-c04e-4318-b102-3e0729371a65 systemOnly: FALSE searchFlags: 0 +showInAdvancedViewOnly: FALSE cn: ms-DS-IntId ldapDisplayName: msDS-IntId @@ -6809,6 +6832,8 @@ systemOnly: TRUE searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT schemaFlagsEx: FLAG_ATTR_IS_CRITICAL +rangeLower: 1 +rangeUpper: 255 cn: ms-DS-Last-Successful-Interactive-Logon-Time ldapDisplayName: msDS-LastSuccessfulInteractiveLogonTime @@ -7092,7 +7117,6 @@ systemOnly: TRUE searchFlags: 0 schemaIdGuid: 5a2eacd7-cc2b-48cf-9d9a-b6f1a0024de9 showInAdvancedViewOnly: TRUE -isMemberOfPartialAttributeSet: TRUE systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED schemaFlagsEx: FLAG_ATTR_IS_CRITICAL @@ -7187,7 +7211,7 @@ linkID: 2164 systemFlags: FLAG_SCHEMA_BASE_OBJECT schemaFlagsEx: FLAG_ATTR_IS_CRITICAL -cn: ms-DS-OIDToGroup-Link-Bl +cn: ms-DS-OIDToGroup-Link-BL ldapDisplayName: msDS-OIDToGroupLinkBl attributeId: 1.2.840.113556.1.4.2052 attributeSyntax: 2.5.5.1 @@ -7195,7 +7219,7 @@ omSyntax: 127 omObjectClass: 1.3.12.2.1011.28.0.714 isSingleValued: FALSE schemaIdGuid: 1a3d0d20-5844-4199-ad25-0f5039a76ada -systemOnly: FALSE +systemOnly: TRUE searchFlags: 0 linkID: 2165 systemFlags: FLAG_SCHEMA_BASE_OBJECT|FLAG_ATTR_NOT_REPLICATED @@ -7265,8 +7289,8 @@ searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT schemaFlagsEx: FLAG_ATTR_IS_CRITICAL -cn: ms-DS-Optional-Feature-Guid -ldapDisplayName: msDS-OptionalFeatureGuid +cn: ms-DS-Optional-Feature-GUID +ldapDisplayName: msDS-OptionalFeatureGUID attributeId: 1.2.840.113556.1.4.2062 attributeSyntax: 2.5.5.10 omSyntax: 4 @@ -7380,6 +7404,7 @@ rangeUpper: 64 attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 mapiID: 35985 systemFlags: FLAG_SCHEMA_BASE_OBJECT +isMemberOfPartialAttributeSet: TRUE cn: ms-DS-Phonetic-Department ldapDisplayName: msDS-PhoneticDepartment @@ -7395,6 +7420,7 @@ rangeUpper: 64 attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 mapiID: 35984 systemFlags: FLAG_SCHEMA_BASE_OBJECT +isMemberOfPartialAttributeSet: TRUE cn: ms-DS-Phonetic-Display-Name ldapDisplayName: msDS-PhoneticDisplayName @@ -7411,6 +7437,7 @@ attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 mapiID: 35986 systemFlags: FLAG_SCHEMA_BASE_OBJECT schemaFlagsEx: FLAG_ATTR_IS_CRITICAL +isMemberOfPartialAttributeSet: TRUE cn: ms-DS-Phonetic-First-Name ldapDisplayName: msDS-PhoneticFirstName @@ -7426,6 +7453,7 @@ rangeUpper: 64 attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 mapiID: 35982 systemFlags: FLAG_SCHEMA_BASE_OBJECT +isMemberOfPartialAttributeSet: TRUE cn: ms-DS-Phonetic-Last-Name ldapDisplayName: msDS-PhoneticLastName @@ -7441,6 +7469,7 @@ rangeUpper: 64 attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050 mapiID: 35983 systemFlags: FLAG_SCHEMA_BASE_OBJECT +isMemberOfPartialAttributeSet: TRUE cn: ms-DS-Preferred-GC-Site ldapDisplayName: msDS-Preferred-GC-Site @@ -7486,7 +7515,7 @@ attributeSyntax: 2.5.5.1 omSyntax: 127 isSingleValued: FALSE systemOnly: TRUE -searchFlags: fCOPY +searchFlags: 0 omObjectClass: 1.3.12.2.1011.28.0.714 schemaIdGuid: 5e6cf031-bda8-43c8-aca4-8fee4127005b linkID: 2119 @@ -7660,7 +7689,7 @@ attributeSyntax: 2.5.5.1 omSyntax: 127 isSingleValued: TRUE systemOnly: TRUE -searchFlags: fCOPY +searchFlags: 0 omObjectClass: 1.3.12.2.1011.28.0.714 schemaIdGuid: b77ea093-88d0-4780-9a98-911f8e8b1dca systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED @@ -7806,6 +7835,7 @@ schemaIdGuid: 0e1b47d7-40a3-4b48-8d1b-4cac0c1cdf21 systemOnly: FALSE searchFlags: 0 rangeUpper: 1000000 +systemFlags: 0 cn: ms-DS-Site-Affinity ldapDisplayName: msDS-Site-Affinity @@ -8101,6 +8131,7 @@ schemaIdGuid: f76909bc-e678-47a0-b0b3-f86a0044c06d searchFlags: fCOPY | fPRESERVEONDELETE | fPDNTATTINDEX | fATTINDEX rangeUpper: 128 systemFlags: FLAG_SCHEMA_BASE_OBJECT +isMemberOfPartialAttributeSet: TRUE cn: ms-FVE-RecoveryPassword ldapDisplayName: msFVE-RecoveryPassword @@ -8123,6 +8154,7 @@ searchFlags: fCOPY | fPRESERVEONDELETE | fPDNTATTINDEX | fATTINDEX rangeUpper: 128 schemaIdGuid: 85e5a5cf-dcee-4075-9cfd-ac9db6a2f245 systemFlags: FLAG_SCHEMA_BASE_OBJECT +isMemberOfPartialAttributeSet: TRUE cn: ms-ieee-80211-Data ldapDisplayName: msieee80211-Data @@ -8198,7 +8230,6 @@ attributeSyntax: 2.5.5.10 omSyntax: 4 isSingleValued: TRUE schemaIdGuid: 51583ce9-94fa-4b12-b990-304c35b18595 -systemOnly: FALSE searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT @@ -8209,7 +8240,6 @@ attributeSyntax: 2.5.5.12 omSyntax: 64 isSingleValued: TRUE schemaIdGuid: 7b6760ae-d6ed-44a6-b6be-9de62c09ec67 -systemOnly: FALSE searchFlags: 0 rangeUpper: 524288 systemFlags: FLAG_SCHEMA_BASE_OBJECT @@ -9064,8 +9094,8 @@ omSyntax: 22 isSingleValued: FALSE schemaIdGuid: db0c9089-c1f2-11d1-bbc5-0080c76670c0 systemOnly: FALSE -searchFlags: fCOPY systemFlags: FLAG_SCHEMA_BASE_OBJECT +searchFlags: 0 cn: msNPCallingStationID ldapDisplayName: msNPCallingStationID @@ -9103,6 +9133,7 @@ searchFlags: fCONFIDENTIAL | fRODCFilteredAttribute attributeSecurityGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8 linkID: 2048 systemFlags: FLAG_SCHEMA_BASE_OBJECT +isMemberOfPartialAttributeSet: FALSE cn: ms-PKI-Certificate-Application-Policy ldapDisplayName: msPKI-Certificate-Application-Policy @@ -9133,9 +9164,9 @@ attributeSyntax: 2.5.5.12 omSyntax: 64 isSingleValued: FALSE schemaIdGuid: 38942346-cc5b-424b-a7d8-6ffd12029c5f -systemOnly: FALSE searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT +systemOnly: FALSE cn: ms-PKI-Cert-Template-OID ldapDisplayName: msPKI-Cert-Template-OID @@ -9158,7 +9189,6 @@ isSingleValued: FALSE showInAdvancedViewOnly: TRUE schemaIdGuid: b7ff5a38-0818-42b0-8110-d3d154c97f24 attributeSecurityGUID: 91e647de-d96f-4b70-9557-d63ff4f3ccd8 -systemOnly: FALSE searchFlags: fCONFIDENTIAL linkID: 2162 systemFlags: FLAG_SCHEMA_BASE_OBJECT @@ -9176,6 +9206,7 @@ searchFlags: fCONFIDENTIAL | fRODCFilteredAttribute attributeSecurityGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8 linkID: 2046 systemFlags: FLAG_SCHEMA_BASE_OBJECT +isMemberOfPartialAttributeSet: FALSE cn: ms-PKI-Enrollment-Flag ldapDisplayName: msPKI-Enrollment-Flag @@ -9314,6 +9345,7 @@ systemOnly: FALSE searchFlags: fCONFIDENTIAL | fRODCFilteredAttribute attributeSecurityGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8 systemFlags: FLAG_SCHEMA_BASE_OBJECT +isMemberOfPartialAttributeSet: FALSE cn: ms-PKI-Site-Name ldapDisplayName: msPKI-Site-Name @@ -10712,6 +10744,7 @@ omSyntax: 127 linkID: 2170 isSingleValued: TRUE schemaIdGuid: 29259694-09e4-4237-9f72-9306ebe63ab2 +omObjectClass: 1.3.12.2.1011.28.0.714 systemOnly: FALSE searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT @@ -10723,10 +10756,11 @@ attributeSyntax: 2.5.5.1 omSyntax: 127 linkID: 2171 isSingleValued: FALSE +omObjectClass: 1.3.12.2.1011.28.0.714 schemaIdGuid: 9daadc18-40d1-4ed1-a2bf-6b9bf47d3daa systemOnly: TRUE searchFlags: 0 -systemFlags: FLAG_SCHEMA_BASE_OBJECT +systemFlags: 17 cn: ms-TS-Profile-Path ldapDisplayName: msTSProfilePath @@ -10799,7 +10833,8 @@ isSingleValued: FALSE schemaIdGuid: 34b107af-a00a-455a-b139-dd1a1b12d8af systemOnly: TRUE searchFlags: 0 -systemFlags: FLAG_SCHEMA_BASE_OBJECT +omObjectClass: 1.3.12.2.1011.28.0.714 +systemFlags: 17 cn: ms-TS-Secondary-Desktops ldapDisplayName: msTSSecondaryDesktops @@ -10811,6 +10846,7 @@ isSingleValued: FALSE schemaIdGuid: f63aa29a-bb31-48e1-bfab-0a6c5a1d39c2 systemOnly: FALSE searchFlags: 0 +omObjectClass: 1.3.12.2.1011.28.0.714 systemFlags: FLAG_SCHEMA_BASE_OBJECT cn: ms-TS-Work-Directory @@ -10836,6 +10872,7 @@ schemaIdGuid: 6366c0c1-6972-4e66-b3a5-1d52ad0c0547 systemOnly: FALSE searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT +showInAdvancedViewOnly: FALSE cn: ms-WMI-ChangeDate ldapDisplayName: msWMI-ChangeDate @@ -10847,6 +10884,7 @@ schemaIdGuid: f9cdf7a0-ec44-4937-a79b-cd91522b3aa8 systemOnly: FALSE searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT +showInAdvancedViewOnly: FALSE cn: ms-WMI-Class ldapDisplayName: msWMI-Class @@ -10902,6 +10940,7 @@ schemaIdGuid: 9339a803-94b8-47f7-9123-a853b9ff7e45 systemOnly: FALSE searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT +showInAdvancedViewOnly: FALSE cn: ms-WMI-int8Default ldapDisplayName: msWMI-Int8Default @@ -10924,6 +10963,7 @@ schemaIdGuid: e3d8b547-003d-4946-a32b-dc7cedc96b74 systemOnly: FALSE searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT +showInAdvancedViewOnly: FALSE cn: ms-WMI-int8Min ldapDisplayName: msWMI-Int8Min @@ -10935,6 +10975,7 @@ schemaIdGuid: ed1489d1-54cc-4066-b368-a00daa2664f1 systemOnly: FALSE searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT +showInAdvancedViewOnly: FALSE cn: ms-WMI-int8ValidValues ldapDisplayName: msWMI-Int8ValidValues @@ -10957,6 +10998,7 @@ schemaIdGuid: 1b0c07f8-76dd-4060-a1e1-70084619dc90 systemOnly: FALSE searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT +showInAdvancedViewOnly: FALSE cn: ms-WMI-intFlags1 ldapDisplayName: msWMI-intFlags1 @@ -11012,6 +11054,7 @@ schemaIdGuid: fb920c2c-f294-4426-8ac1-d24b42aa2bce systemOnly: FALSE searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT +showInAdvancedViewOnly: FALSE cn: ms-WMI-intMin ldapDisplayName: msWMI-IntMin @@ -11023,6 +11066,7 @@ schemaIdGuid: 68c2e3ba-9837-4c70-98e0-f0c33695d023 systemOnly: FALSE searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT +showInAdvancedViewOnly: FALSE cn: ms-WMI-intValidValues ldapDisplayName: msWMI-IntValidValues @@ -11045,6 +11089,7 @@ schemaIdGuid: 6736809f-2064-443e-a145-81262b1f1366 systemOnly: FALSE searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT +showInAdvancedViewOnly: FALSE cn: ms-WMI-Name ldapDisplayName: msWMI-Name @@ -11056,6 +11101,7 @@ schemaIdGuid: c6c8ace5-7e81-42af-ad72-77412c5941c4 systemOnly: FALSE searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT +showInAdvancedViewOnly: FALSE cn: ms-WMI-NormalizedClass ldapDisplayName: msWMI-NormalizedClass @@ -11133,6 +11179,7 @@ schemaIdGuid: 65fff93e-35e3-45a3-85ae-876c6718297f systemOnly: FALSE searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT +showInAdvancedViewOnly: FALSE cn: ms-WMI-QueryLanguage ldapDisplayName: msWMI-QueryLanguage @@ -12447,6 +12494,8 @@ isSingleValued: FALSE schemaIdGuid: 9c979768-ba1a-4c08-9632-c6a5c1ed649a systemOnly: FALSE searchFlags: 0 +showInAdvancedViewOnly: FALSE +systemFlags: 0 cn: Physical-Delivery-Office-Name ldapDisplayName: physicalDeliveryOfficeName @@ -12737,6 +12786,7 @@ isSingleValued: TRUE schemaIdGuid: 856be0d0-18e7-46e1-8f5f-7ee4d9020e0d systemOnly: FALSE searchFlags: 0 +systemFlags: 0 cn: Preferred-OU ldapDisplayName: preferredOU @@ -13903,6 +13953,8 @@ isSingleValued: FALSE schemaIdGuid: 81d7f8c2-e327-4a0d-91c6-b42d4009115f systemOnly: FALSE searchFlags: 0 +showInAdvancedViewOnly: FALSE +systemFlags: 0 cn: Root-Trust ldapDisplayName: rootTrust @@ -14216,6 +14268,8 @@ isSingleValued: FALSE schemaIdGuid: 01072d9a-98ad-4a53-9744-e83e287278fb systemOnly: FALSE searchFlags: 0 +showInAdvancedViewOnly: FALSE +systemFlags: 0 cn: Security-Identifier ldapDisplayName: securityIdentifier @@ -15084,6 +15138,7 @@ systemOnly: FALSE searchFlags: fATTINDEX rangeUpper: 20480 systemFlags: FLAG_SCHEMA_BASE_OBJECT +attributeSecurityGUID: 5805bc62-bdc9-4428-a5e2-856a0f4c185e cn: Text-Country ldapDisplayName: co @@ -15393,6 +15448,8 @@ schemaIdGuid: 0bb0fca0-1e89-429f-901a-1413894d9f59 systemOnly: FALSE searchFlags: fPRESERVEONDELETE attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +showInAdvancedViewOnly: FALSE +systemFlags: 0 cn: UidNumber ldapDisplayName: uidNumber @@ -15450,6 +15507,8 @@ isSingleValued: FALSE schemaIdGuid: 8f888726-f80a-44d7-b1ee-cb9df21392c8 systemOnly: FALSE searchFlags: 0 +showInAdvancedViewOnly: FALSE +systemFlags: 0 cn: UnixHomeDirectory ldapDisplayName: unixHomeDirectory @@ -15484,6 +15543,7 @@ schemaIdGuid: 50950839-cc4c-4491-863a-fcf942d684b7 systemOnly: FALSE searchFlags: 0 rangeUpper: 256 +systemFlags: 0 cn: unstructuredName ldapDisplayName: unstructuredName @@ -15495,6 +15555,7 @@ schemaIdGuid: 9c8ef177-41cf-45c9-9673-7716c0c8901b systemOnly: FALSE searchFlags: 0 rangeUpper: 256 +systemFlags: 0 cn: Upgrade-Product-Code ldapDisplayName: upgradeProductCode @@ -15615,6 +15676,8 @@ isSingleValued: FALSE schemaIdGuid: 23998ab5-70f8-4007-a4c1-a84a38311f9a systemOnly: FALSE searchFlags: 0 +showInAdvancedViewOnly: FALSE +systemFlags: 0 cn: User-Principal-Name ldapDisplayName: userPrincipalName @@ -15668,7 +15731,7 @@ rangeUpper: 32768 attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1 mapiID: 14960 isMemberOfPartialAttributeSet: TRUE -systemFlags: FLAG_SCHEMA_BASE_OBJECT +systemFlags: 0 cn: User-Workstations ldapDisplayName: userWorkstations @@ -15978,6 +16041,7 @@ isSingleValued: FALSE schemaIdGuid: d07da11f-8a3d-42b6-b0aa-76c962be719a systemOnly: FALSE searchFlags: 0 +systemFlags: 0 cn: X509-Cert ldapDisplayName: userCertificate diff --git a/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt b/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt index 68dfa797f5..27beb3546e 100644 --- a/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt +++ b/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt @@ -172,6 +172,7 @@ defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCL defaultHidingValue: TRUE systemOnly: FALSE defaultObjectCategory: CN=Application-Version,CN=Schema,CN=Configuration, +systemFlags: 0 cn: Attribute-Schema ldapDisplayName: attributeSchema @@ -318,7 +319,7 @@ rdnAttId: cn subClassOf: user auxiliaryClass: ipHost mayContain: msSFU30Aliases, msSFU30NisDomain, nisMapName,msSFU30Name -systemMayContain: msTSEndpointData, msTSEndpointType,msTS-EndpointPlugin, msDS-HostServiceAccount,msDS-IsUserCachableAtRodc, msTSProperty02,msTSProperty01, msTPM-OwnerInformation, msDS-RevealOnDemandGroup,msDS-NeverRevealGroup, msDS-PromotionSettings, msDS-SiteName,msDS-isRODC, msDS-isGC, msDS-AuthenticatedAtDC, msDS-RevealedList,msDS-RevealedUsers, msDS-ExecuteScriptPassword, msDS-KrbTgtLink,volumeCount, siteGUID, rIDSetReferences, policyReplicationFlags,physicalLocationObject, operatingSystemVersion,operatingSystemServicePack, operatingSystemHotfix, operatingSystem,networkAddress, netbootSIFFile, netbootMirrorDataFile,netbootMachineFilePath, netbootInitialization, netbootGUID,msDS-AdditionalSamAccountName, msDS-AdditionalDnsHostName,managedBy, machineRole, location, localPolicyFlags, dNSHostName,defaultLocalPolicyObject, cn, catalogs +systemMayContain: msTSEndpointData, msTSEndpointType,msTSEndpointPlugin, msDS-HostServiceAccount,msDS-IsUserCachableAtRodc, msTSProperty02,msTSProperty01, msTPM-OwnerInformation, msDS-RevealOnDemandGroup,msDS-NeverRevealGroup, msDS-PromotionSettings, msDS-SiteName,msDS-isRODC, msDS-isGC, msDS-AuthenticatedAtDC, msDS-RevealedList,msDS-RevealedUsers, msDS-ExecuteScriptPassword, msDS-KrbTgtLink,volumeCount, siteGUID, rIDSetReferences, policyReplicationFlags,physicalLocationObject, operatingSystemVersion,operatingSystemServicePack, operatingSystemHotfix, operatingSystem,networkAddress, netbootSIFFile, netbootMirrorDataFile,netbootMachineFilePath, netbootInitialization, netbootGUID,msDS-AdditionalSamAccountName, msDS-AdditionalDnsHostName,managedBy, machineRole, location, localPolicyFlags, dNSHostName,defaultLocalPolicyObject, cn, catalogs, msTSPrimaryDesktopBL, msTSSecondaryDesktopBL systemPossSuperiors: container, organizationalUnit, domainDNS schemaIdGuid:bf967a86-0de6-11d0-a285-00aa003049e2 defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(A;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560) @@ -562,9 +563,9 @@ systemPossSuperiors: configuration schemaIdGuid:bf967a8f-0de6-11d0-a285-00aa003049e2 defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) defaultHidingValue: TRUE -systemOnly: TRUE defaultObjectCategory: CN=DMD,CN=Schema,CN=Configuration, systemFlags: FLAG_SCHEMA_BASE_OBJECT +systemOnly: TRUE cn: Dns-Node ldapDisplayName: dnsNode @@ -651,7 +652,44 @@ systemAuxiliaryClass: samDomain systemMayContain: msDS-EnabledFeature, msDS-USNLastSyncSuccess,msDS-Behavior-Version, msDS-AllowedDNSSuffixes, managedBy systemPossSuperiors: domainDNS schemaIdGuid:19195a5b-6da0-11d0-afd3-00c04fd930c9 -defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) +defaultSecurityDescriptor: D:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1 + -5-21-2848215498-2472035911-1947525656-498)(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07- + 11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)( + OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f7 + 9f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR; + 1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRC + WDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW; + ;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8 + -0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO + ;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2 + ;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285- + 00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de + 6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf; + bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa0 + 06e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RP + RC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLO + RC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9 + B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14 + -1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d + 4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a7 + 68-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010- + 79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO; + RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762- + ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CI + IO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049 + e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a28 + 5-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0 + de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;D + D)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6ad-9c07-11d1 + -f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;; + CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-4 + 38e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(O + A;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79 + f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO; + CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)S:(AU;SA;WDWOWP;;;WD)(AU;SA;C + R;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967a + a5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80 + 367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) defaultHidingValue: FALSE systemOnly: FALSE defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration, @@ -851,6 +889,7 @@ defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCL defaultHidingValue: TRUE systemOnly: FALSE defaultObjectCategory: CN=groupOfUniqueNames,CN=Schema,CN=Configuration, +systemFlags: 0 cn: Group-Policy-Container ldapDisplayName: groupPolicyContainer @@ -908,6 +947,8 @@ defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCL defaultHidingValue: FALSE systemOnly: FALSE defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration, +showInAdvancedViewOnly: FALSE +systemFlags: 0 cn: Infrastructure-Update ldapDisplayName: infrastructureUpdate @@ -1529,6 +1570,7 @@ defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCL defaultHidingValue: TRUE systemOnly: FALSE defaultObjectCategory: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration, +systemFlags: 0 cn: ms-DS-App-Data ldapDisplayName: msDS-AppData @@ -1543,6 +1585,7 @@ defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCL defaultHidingValue: TRUE systemOnly: FALSE defaultObjectCategory: CN=ms-DS-App-Data,CN=Schema,CN=Configuration, +systemFlags: 0 cn: ms-DS-Az-Admin-Manager ldapDisplayName: msDS-AzAdminManager @@ -1651,12 +1694,12 @@ defaultObjectCategory: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configurati systemFlags: FLAG_SCHEMA_BASE_OBJECT cn: ms-DS-Optional-Feature -ldapDisplayName: msDS-Optional-Feature +ldapDisplayName: msDS-OptionalFeature governsId: 1.2.840.113556.1.5.265 objectClassCategory: 1 rdnAttId: cn subClassOf: top -systemMustContain: msDS-OptionalFeatureFlags,msDS-OptionalFeatureGuid +systemMustContain: msDS-OptionalFeatureFlags,msDS-OptionalFeatureGUID systemMayContain: msDS-RequiredDomainBehaviorVersion,msDS-RequiredForestBehaviorVersion systemPossSuperiors: container schemaIdGuid: 44f00041-35af-468b-b20a-6ce8737c580b @@ -1780,8 +1823,8 @@ systemMayContain: msImaging-PSPString, serverName systemMustContain: displayName, msImaging-PSPIdentifier systemPossSuperiors: msImaging-PSPs schemaIdGuid: 1f7c257c-b8a3-4525-82f8-11ccc7bee36e -defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -defaultHidingValue: TRUE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: FALSE systemOnly: FALSE defaultObjectCategory: CN=ms-Imaging-PostScanProcess,CN=Schema,CN=Configuration, systemFlags: FLAG_SCHEMA_BASE_OBJECT @@ -1794,12 +1837,13 @@ rdnAttId: cn subClassOf: container systemPossSuperiors: container schemaIdGuid: a0ed2ac1-970c-4777-848e-ec63a0ec44fc -defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -defaultHidingValue: TRUE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +defaultHidingValue: FALSE systemOnly: FALSE defaultObjectCategory: CN=ms-Imaging-PSPs,CN=Schema,CN=Configuration, systemFlags: FLAG_SCHEMA_BASE_OBJECT + cn: MSMQ-Configuration ldapDisplayName: mSMQConfiguration governsId: 1.2.840.113556.1.5.162 @@ -2547,7 +2591,7 @@ governsId: 1.2.840.113556.1.5.7000.47 objectClassCategory: 1 rdnAttId: cn subClassOf: applicationSettings -systemMayContain: msDS-IsUserCachableAtRodc, msDS-Sitename,msDS-isRODC, msDS-isGC, msDS-RevealedUsers,msDS-NeverRevealGroup, msDS-RevealOnDemandGroup,msDS-hasFullReplicaNCs, serverReference,msDS-RetiredReplNCSignatures, retiredReplDSASignatures,queryPolicyObject, options, networkAddress, msDS-ReplicationEpoch,msDS-HasInstantiatedNCs, msDS-hasMasterNCs, msDS-HasDomainNCs,msDS-Behavior-Version, managedBy, lastBackupRestorationTime,invocationId, hasPartialReplicaNCs, hasMasterNCs, fRSRootPath,dMDLocation +systemMayContain: msDS-IsUserCachableAtRodc, msDS-SiteName,msDS-isRODC, msDS-isGC, msDS-RevealedUsers,msDS-NeverRevealGroup, msDS-RevealOnDemandGroup,msDS-hasFullReplicaNCs, serverReference,msDS-RetiredReplNCSignatures, retiredReplDSASignatures,queryPolicyObject, options, networkAddress, msDS-ReplicationEpoch,msDS-HasInstantiatedNCs, msDS-hasMasterNCs, msDS-HasDomainNCs,msDS-Behavior-Version, managedBy, lastBackupRestorationTime,invocationId, hasPartialReplicaNCs, hasMasterNCs, fRSRootPath,dMDLocation, msDS-EnabledFeature systemPossSuperiors: organization, server schemaIdGuid:f0f8ffab-1191-11d0-a060-00aa006c33ed defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) @@ -3137,7 +3181,7 @@ subClassOf: top systemAuxiliaryClass: samDomainBase systemMayContain: treeName, rIDManagerReference, replicaSource,pwdProperties, pwdHistoryLength, privateKey, pekList,pekKeyChangeInterval, nTMixedDomain, nextRid, nETBIOSName,msDS-PerUserTrustTombstonesQuota, msDS-PerUserTrustQuota,ms-DS-MachineAccountQuota, msDS-LogonTimeSyncInterval,msDS-AllUsersTrustQuota, modifiedCountAtLastProm, minPwdLength,minPwdAge, maxPwdAge, lSAModifiedCount, lSACreationTime,lockoutThreshold, lockoutDuration, lockOutObservationWindow,gPOptions, gPLink, eFSPolicy, domainPolicyObject, desktopProfile,description, defaultLocalPolicyObject, creationTime,controlAccessRights, cACertificate, builtinModifiedCount,builtinCreationTime, auditingPolicy schemaIdGuid:bf967a90-0de6-11d0-a285-00aa003049e2 -defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) +defaultSecurityDescriptor: D:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1-5-21-2848215498-2472035911-1947525656-498)(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) defaultHidingValue: TRUE systemOnly: FALSE defaultObjectCategory: CN=Sam-Domain,CN=Schema,CN=Configuration, @@ -3458,7 +3502,7 @@ rdnAttId: cn subClassOf: top systemMustContain: objectClass, objectCategory, nTSecurityDescriptor,instanceType mayContain: msSFU30PosixMemberOf, msDFSR-ComputerReferenceBL,msDFSR-MemberReferenceBL, msDS-ObjectReferenceBL -systemMayContain: msTSPrimaryDesktopBL, msTSSecondaryDesktopsBL,msDS-EnabledFeatureBL, msDS-LastKnownRDN, msDS-HostServiceAccountBL,msDS-OIDToGroupLinkBl, msDS-LocalEffectiveRecycleTime,msDS-LocalEffectiveDeletionTime, isRecyled, msDS-NcType,msDS-PSOApplied, msDS-PrincipalName,msDS-RevealedListBL, msDS-AuthenticatedToAccountlist,msDS-IsPartialReplicaFor, msDS-IsDomainFor, msDS-IsFullReplicaFor,msDS-RevealedDSAs, msDS-KrbTgtLinkBl, url, wWWHomePage, whenCreated,whenChanged, wellKnownObjects, wbemPath, uSNSource, uSNLastObjRem,USNIntersite, uSNDSALastObjRemoved, uSNCreated, uSNChanged,systemFlags, subSchemaSubEntry, subRefs, structuralObjectClass,siteObjectBL, serverReferenceBL, sDRightsEffective, revision,repsTo, repsFrom, directReports, replUpToDateVector,replPropertyMetaData, name, queryPolicyBL, proxyAddresses,proxiedObjectName, possibleInferiors, partialAttributeSet,partialAttributeDeletionList, otherWellKnownObjects, objectVersion,objectGUID, distinguishedName, nonSecurityMemberBL, netbootSCPBL,ownerBL, msDS-ReplValueMetaData, msDS-ReplAttributeMetaData,msDS-NonMembersBL, msDS-NCReplOutboundNeighbors,msDS-NCReplInboundNeighbors, msDS-NCReplCursors,msDS-TasksForAzRoleBL, msDS-TasksForAzTaskBL,msDS-OperationsForAzRoleBL, msDS-OperationsForAzTaskBL,msDS-MembersForAzRoleBL, msDs-masteredBy, mS-DS-ConsistencyGuid,mS-DS-ConsistencyChildCount, msDS-Approx-Immed-Subordinates,msCOM-PartitionSetLink, msCOM-UserLink, modifyTimeStamp, masteredBy,managedObjects, lastKnownParent, isPrivilegeHolder, memberOf,isDeleted, isCriticalSystemObject, showInAdvancedViewOnly,fSMORoleOwner, fRSMemberReferenceBL, frsComputerReferenceBL,fromEntry, flags, extensionName, dSASignature,dSCorePropagationData, displayNamePrintable, displayName,description, createTimeStamp, cn, canonicalName,bridgeheadServerListBL, allowedChildClassesEffective,allowedChildClasses, allowedAttributesEffective, allowedAttributes,adminDisplayName, adminDescription, msDS-NC-RO-Replica-Locations-BL +systemMayContain: msDS-EnabledFeatureBL, msDS-LastKnownRDN, msDS-HostServiceAccountBL,msDS-OIDToGroupLinkBl, msDS-LocalEffectiveRecycleTime,msDS-LocalEffectiveDeletionTime, isRecycled, msDS-NcType,msDS-PSOApplied, msDS-PrincipalName,msDS-RevealedListBL, msDS-AuthenticatedToAccountlist,msDS-IsPartialReplicaFor, msDS-IsDomainFor, msDS-IsFullReplicaFor,msDS-RevealedDSAs, msDS-KrbTgtLinkBl, url, wWWHomePage, whenCreated,whenChanged, wellKnownObjects, wbemPath, uSNSource, uSNLastObjRem,USNIntersite, uSNDSALastObjRemoved, uSNCreated, uSNChanged,systemFlags, subSchemaSubEntry, subRefs, structuralObjectClass,siteObjectBL, serverReferenceBL, sDRightsEffective, revision,repsTo, repsFrom, directReports, replUpToDateVector,replPropertyMetaData, name, queryPolicyBL, proxyAddresses,proxiedObjectName, possibleInferiors, partialAttributeSet,partialAttributeDeletionList, otherWellKnownObjects, objectVersion,objectGUID, distinguishedName, nonSecurityMemberBL, netbootSCPBL,ownerBL, msDS-ReplValueMetaData, msDS-ReplAttributeMetaData,msDS-NonMembersBL, msDS-NCReplOutboundNeighbors,msDS-NCReplInboundNeighbors, msDS-NCReplCursors,msDS-TasksForAzRoleBL, msDS-TasksForAzTaskBL,msDS-OperationsForAzRoleBL, msDS-OperationsForAzTaskBL,msDS-MembersForAzRoleBL, msDs-masteredBy, mS-DS-ConsistencyGuid,mS-DS-ConsistencyChildCount, msDS-Approx-Immed-Subordinates,msCOM-PartitionSetLink, msCOM-UserLink, modifyTimeStamp, masteredBy,managedObjects, lastKnownParent, isPrivilegeHolder, memberOf,isDeleted, isCriticalSystemObject, showInAdvancedViewOnly,fSMORoleOwner, fRSMemberReferenceBL, frsComputerReferenceBL,fromEntry, flags, extensionName, dSASignature,dSCorePropagationData, displayNamePrintable, displayName,description, createTimeStamp, cn, canonicalName,bridgeheadServerListBL, allowedChildClassesEffective,allowedChildClasses, allowedAttributesEffective, allowedAttributes,adminDisplayName, adminDescription, msDS-NC-RO-Replica-Locations-BL systemPossSuperiors: lostAndFound schemaIdGuid:bf967ab7-0de6-11d0-a285-00aa003049e2 defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) @@ -3506,7 +3550,7 @@ subClassOf: organizationalPerson auxiliaryClass: shadowAccount, posixAccount systemAuxiliaryClass: securityPrincipal, mailRecipient mayContain: msSFU30NisDomain, msSFU30Name, msDS-SourceObjectDN,x500uniqueIdentifier, userSMIMECertificate, userPKCS12, uid,secretary, roomNumber, preferredLanguage, photo, labeledURI,jpegPhoto, homePostalAddress, givenName, employeeType,employeeNumber, displayName, departmentNumber, carLicense, audio -systemMayContain: msTSPrimaryDesktop, msTSSecondaryDesktops,msPKI-CredentialRoamingTokens, msDS-ResultantPSO, MSTSLSProperty01,MSTSLSProperty02, msTSManagingLS2, msTSManagingLS3, msTSManagingLS4,msTSLicenseVersion2, msTSLicenseVersion3, msTSLicenseVersion4,msTSExpireDate2, msTSExpireDate3, msTSExpireDate4,msDS-AuthenticatedAtDC, msDS-UserPasswordExpiryTimeComputed,msTSManagingLS, msTSLicenseVersion, msTSExpireDate, msTSProperty02,msTSProperty01, msTSInitialProgram, msTSWorkDirectory,msTSDefaultToMainPrinter, msTSConnectPrinterDrives,msTSConnectClientDrives, msTSBrokenConnectionAction,msTSReconnectionAction, msTSMaxIdleTime, msTSMaxConnectionTime,msTSMaxDisconnectionTime, msTSRemoteControl, msTSAllowLogon,msTSHomeDrive, msTSHomeDirectory, msTSProfilePath,msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon,msDS-FailedInteractiveLogonCount,msDS-LastFailedInteractiveLogonTime,msDS-LastSuccessfulInteractiveLogonTime,msRADIUS-SavedFramedIpv6Route, msRADIUS-FramedIpv6Route,msRADIUS-SavedFramedIpv6Prefix, msRADIUS-FramedIpv6Prefix,msRADIUS-SavedFramedInterfaceId, msRADIUS-FramedInterfaceId,msPKIAccountCredentials, msPKIDPAPIMasterKeys,msPKIRoamingTimeStamp, msDS-SupportedEncryptionTypes,msDS-SecondaryKrbTgtNumber, pager, o, mobile, manager, mail,initials, homePhone, businessCategory, userCertificate,userWorkstations, userSharedFolderOther, userSharedFolder,userPrincipalName, userParameters, userAccountControl, unicodePwd,terminalServer, servicePrincipalName, scriptPath, pwdLastSet,profilePath, primaryGroupID, preferredOU, otherLoginWorkstations,operatorCount, ntPwdHistory, networkAddress, msRASSavedFramedRoute,msRASSavedFramedIPAddress, msRASSavedCallbackNumber,msRADIUSServiceType, msRADIUSFramedRoute, msRADIUSFramedIPAddress,msRADIUSCallbackNumber, msNPSavedCallingStationID,msNPCallingStationID, msNPAllowDialin, mSMQSignCertificatesMig,mSMQSignCertificates, mSMQDigestsMig, mSMQDigests, msIIS-FTPRoot,msIIS-FTPDir, msDS-User-Account-Control-Computed,msDS-Site-Affinity, mS-DS-CreatorSID,msDS-Cached-Membership-Time-Stamp, msDS-Cached-Membership,msDRM-IdentityCertificate, msCOM-UserPartitionSetLink, maxStorage,logonWorkstation, logonHours, logonCount, lockoutTime, localeID,lmPwdHistory, lastLogonTimestamp, lastLogon, lastLogoff, homeDrive,homeDirectory, groupsToIgnore, groupPriority, groupMembershipSAM,dynamicLDAPServer, desktopProfile, defaultClassStore, dBCSPwd,controlAccessRights, codePage, badPwdCount, badPasswordTime,adminCount, aCSPolicyName, accountExpires +systemMayContain: msTSPrimaryDesktop, msTSSecondaryDesktops,msPKI-CredentialRoamingTokens, msDS-ResultantPSO, msTSLSProperty01,msTSLSProperty02, msTSManagingLS2, msTSManagingLS3, msTSManagingLS4,msTSLicenseVersion2, msTSLicenseVersion3, msTSLicenseVersion4,msTSExpireDate2, msTSExpireDate3, msTSExpireDate4,msDS-AuthenticatedAtDC, msDS-UserPasswordExpiryTimeComputed,msTSManagingLS, msTSLicenseVersion, msTSExpireDate, msTSProperty02,msTSProperty01, msTSInitialProgram, msTSWorkDirectory,msTSDefaultToMainPrinter, msTSConnectPrinterDrives,msTSConnectClientDrives, msTSBrokenConnectionAction,msTSReconnectionAction, msTSMaxIdleTime, msTSMaxConnectionTime,msTSMaxDisconnectionTime, msTSRemoteControl, msTSAllowLogon,msTSHomeDrive, msTSHomeDirectory, msTSProfilePath,msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon,msDS-FailedInteractiveLogonCount,msDS-LastFailedInteractiveLogonTime,msDS-LastSuccessfulInteractiveLogonTime,msRADIUS-SavedFramedIpv6Route, msRADIUS-FramedIpv6Route,msRADIUS-SavedFramedIpv6Prefix, msRADIUS-FramedIpv6Prefix,msRADIUS-SavedFramedInterfaceId, msRADIUS-FramedInterfaceId,msPKIAccountCredentials, msPKIDPAPIMasterKeys,msPKIRoamingTimeStamp, msDS-SupportedEncryptionTypes,msDS-SecondaryKrbTgtNumber, pager, o, mobile, manager, mail,initials, homePhone, businessCategory, userCertificate,userWorkstations, userSharedFolderOther, userSharedFolder,userPrincipalName, userParameters, userAccountControl, unicodePwd,terminalServer, servicePrincipalName, scriptPath, pwdLastSet,profilePath, primaryGroupID, preferredOU, otherLoginWorkstations,operatorCount, ntPwdHistory, networkAddress, msRASSavedFramedRoute,msRASSavedFramedIPAddress, msRASSavedCallbackNumber,msRADIUSServiceType, msRADIUSFramedRoute, msRADIUSFramedIPAddress,msRADIUSCallbackNumber, msNPSavedCallingStationID,msNPCallingStationID, msNPAllowDialin, mSMQSignCertificatesMig,mSMQSignCertificates, mSMQDigestsMig, mSMQDigests, msIIS-FTPRoot,msIIS-FTPDir, msDS-User-Account-Control-Computed,msDS-Site-Affinity, mS-DS-CreatorSID,msDS-Cached-Membership-Time-Stamp, msDS-Cached-Membership,msDRM-IdentityCertificate, msCOM-UserPartitionSetLink, maxStorage,logonWorkstation, logonHours, logonCount, lockoutTime, localeID,lmPwdHistory, lastLogonTimestamp, lastLogon, lastLogoff, homeDrive,homeDirectory, groupsToIgnore, groupPriority, groupMembershipSAM,dynamicLDAPServer, desktopProfile, defaultClassStore, dBCSPwd,controlAccessRights, codePage, badPwdCount, badPasswordTime,adminCount, aCSPolicyName, accountExpires schemaIdGuid:bf967aba-0de6-11d0-a285-00aa003049e2 defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561) systemPossSuperiors: builtinDomain, organizationalUnit, domainDNS -- cgit From 8d87c0a0c32ca49ae7b68953e4313c7313a68871 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 18:03:09 +1100 Subject: s4-drs: added two more SPNs in addentry w2k8r2 wants these after a DCPROMO Pair-Programmed-With: Andrew Bartlett --- source4/rpc_server/drsuapi/addentry.c | 45 +++++++++++++++++++++++++---------- 1 file changed, 32 insertions(+), 13 deletions(-) (limited to 'source4') diff --git a/source4/rpc_server/drsuapi/addentry.c b/source4/rpc_server/drsuapi/addentry.c index ac94daa6a6..f63a96740f 100644 --- a/source4/rpc_server/drsuapi/addentry.c +++ b/source4/rpc_server/drsuapi/addentry.c @@ -43,13 +43,15 @@ static WERROR drsuapi_add_SPNs(struct drsuapi_bind_state *b_state, for (obj = first_object; obj; obj=obj->next_object) { const char *dn_string = obj->object.identifier->dn; struct ldb_dn *dn = ldb_dn_new(mem_ctx, b_state->sam_ctx, dn_string); - struct ldb_result *res; + struct ldb_result *res, *res2; struct ldb_dn *ref_dn; struct GUID ntds_guid; struct ldb_message *msg; struct ldb_message_element *el; const char *ntds_guid_str; const char *dom_string; + const char *attrs2[] = { "dNSHostName", "cn", NULL }; + const char *dNSHostName, *cn; DEBUG(6,(__location__ ": Adding SPNs for %s\n", ldb_dn_get_linearized(dn))); @@ -78,6 +80,18 @@ static WERROR drsuapi_add_SPNs(struct drsuapi_bind_state *b_state, dom_string = lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx); + /* get the dNSHostName and cn */ + ret = ldb_search(b_state->sam_ctx, mem_ctx, &res2, + ref_dn, LDB_SCOPE_BASE, attrs2, NULL); + if (ret != LDB_SUCCESS) { + DEBUG(0,(__location__ ": Failed to find ref_dn '%s'\n", + ldb_dn_get_linearized(ref_dn))); + return WERR_DS_DRA_INTERNAL_ERROR; + } + + dNSHostName = ldb_msg_find_attr_as_string(res2->msgs[0], "dNSHostName", NULL); + cn = ldb_msg_find_attr_as_string(res2->msgs[0], "cn", NULL); + /* * construct a modify request to add the new SPNs to * the machine account @@ -94,20 +108,25 @@ static WERROR drsuapi_add_SPNs(struct drsuapi_bind_state *b_state, return WERR_NOMEM; } - el->num_values = 2; - el->values = talloc_array(msg->elements, struct ldb_val, 2); - if (el->values == NULL) { + + ldb_msg_add_steal_string(msg, "servicePrincipalName", + talloc_asprintf(el->values, + "E3514235-4B06-11D1-AB04-00C04FC2DCD2/%s/%s", + ntds_guid_str, dom_string)); + ldb_msg_add_steal_string(msg, "servicePrincipalName", + talloc_asprintf(el->values, "ldap/%s._msdcs.%s", + ntds_guid_str, dom_string)); + if (cn) { + ldb_msg_add_steal_string(msg, "servicePrincipalName", + talloc_asprintf(el->values, "ldap/%s", cn)); + } + if (dNSHostName) { + ldb_msg_add_steal_string(msg, "servicePrincipalName", + talloc_asprintf(el->values, "ldap/%s", dNSHostName)); + } + if (el->num_values < 2) { return WERR_NOMEM; } - /* the magic constant is the GUID of the DRSUAPI RPC - interface */ - el->values[0].data = (uint8_t *)talloc_asprintf(el->values, - "E3514235-4B06-11D1-AB04-00C04FC2DCD2/%s/%s", - ntds_guid_str, dom_string); - el->values[0].length = strlen((char *)el->values[0].data); - el->values[1].data = (uint8_t *)talloc_asprintf(el->values, "ldap/%s._msdcs.%s", - ntds_guid_str, dom_string); - el->values[1].length = strlen((char *)el->values[1].data); ret = ldb_modify(b_state->sam_ctx, msg); if (ret != LDB_SUCCESS) { -- cgit From bbaec01b3720fafada13a7143d698f8cd7c0af37 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 5 Nov 2009 09:55:12 +0100 Subject: libcli/util: add tstream_read_pdu_blob_send/recv This will take the some full_request callback function as the Samba4 packet code. metze --- source4/libcli/config.mk | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source4') diff --git a/source4/libcli/config.mk b/source4/libcli/config.mk index 340cd2ae41..f67250d4b0 100644 --- a/source4/libcli/config.mk +++ b/source4/libcli/config.mk @@ -8,6 +8,11 @@ LIBSAMBA-ERRORS_OBJ_FILES = $(addprefix ../libcli/util/, doserr.o ) $(libclisrcd PUBLIC_HEADERS += $(addprefix ../libcli/util/, error.h ntstatus.h doserr.h werror.h) +[SUBSYSTEM::LIBSAMBA_TSOCKET] +PUBLIC_DEPENDENCIES = LIBTSOCKET UTIL_TEVENT + +LIBSAMBA_TSOCKET_OBJ_FILES = $(addprefix ../libcli/util/, tstream.o) + [SUBSYSTEM::LIBCLI_LSA] PUBLIC_DEPENDENCIES = RPC_NDR_LSA PRIVATE_DEPENDENCIES = LIBSECURITY -- cgit From d97562b382a1e770310f1417992dff417a585e16 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 8 Jan 2010 11:45:59 +0100 Subject: s4:kdc: the ->process function returns "bool" metze --- source4/kdc/kdc.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'source4') diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index 93f1c7d6ec..eb4144eca4 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -276,7 +276,7 @@ static void kdc_udp_call_loop(struct tevent_req *subreq) uint8_t *buf; ssize_t len; int sys_errno; - int ret; + bool ok; call = talloc(sock, struct kdc_udp_call); if (call == NULL) { @@ -300,14 +300,14 @@ static void kdc_udp_call_loop(struct tevent_req *subreq) tsocket_address_string(call->src, call))); /* Call krb5 */ - ret = sock->kdc_socket->process(sock->kdc_socket->kdc, - call, - &call->in, - &call->out, - call->src, - sock->kdc_socket->local_address, - 1 /* Datagram */); - if (!ret) { + ok = sock->kdc_socket->process(sock->kdc_socket->kdc, + call, + &call->in, + &call->out, + call->src, + sock->kdc_socket->local_address, + 1 /* Datagram */); + if (!ok) { talloc_free(call); goto done; } -- cgit From 42c34cdafa3323cc6f298a3668eb03becc90aa84 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 4 Nov 2009 19:27:20 +0100 Subject: s4:kdc: use LIBSAMBA_TSOCKET metze --- source4/kdc/config.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/kdc/config.mk b/source4/kdc/config.mk index a9d01585f0..3ae5fe5921 100644 --- a/source4/kdc/config.mk +++ b/source4/kdc/config.mk @@ -7,7 +7,7 @@ INIT_FUNCTION = server_service_kdc_init SUBSYSTEM = service PRIVATE_DEPENDENCIES = \ HEIMDAL_KDC HDB_SAMBA4 PAC_GLUE LIBSAMBA-HOSTCONFIG \ - LIBTSOCKET + LIBTSOCKET LIBSAMBA_TSOCKET # End SUBSYSTEM KDC ####################### -- cgit From 0588f34467d8e9b56de1beabe776babde52a1a55 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Thu, 7 Jan 2010 12:23:33 +0100 Subject: s4-kdc: Migrate tcp connections to tsocket. Signed-off-by: Stefan Metzmacher --- source4/kdc/kdc.c | 277 ++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 188 insertions(+), 89 deletions(-) (limited to 'source4') diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index eb4144eca4..19042dcf78 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -29,6 +29,7 @@ #include "lib/events/events.h" #include "lib/socket/socket.h" #include "lib/tsocket/tsocket.h" +#include "libcli/util/tstream.h" #include "system/network.h" #include "../lib/util/dlinklist.h" #include "lib/messaging/irpc.h" @@ -73,7 +74,9 @@ struct kdc_tcp_connection { /* the kdc_server the connection belongs to */ struct kdc_socket *kdc_socket; - struct packet_context *packet; + struct tstream_context *tstream; + + struct tevent_queue *send_queue; }; static void kdc_tcp_terminate_connection(struct kdc_tcp_connection *kdcconn, const char *reason) @@ -81,83 +84,20 @@ static void kdc_tcp_terminate_connection(struct kdc_tcp_connection *kdcconn, con stream_terminate_connection(kdcconn->conn, reason); } -/* - receive a full packet on a KDC connection -*/ -static NTSTATUS kdc_tcp_recv(void *private_data, DATA_BLOB blob) -{ - struct kdc_tcp_connection *kdcconn = talloc_get_type(private_data, - struct kdc_tcp_connection); - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - TALLOC_CTX *tmp_ctx = talloc_new(kdcconn); - int ret; - DATA_BLOB input, reply; - talloc_steal(tmp_ctx, blob.data); - - /* Call krb5 */ - input = data_blob_const(blob.data + 4, blob.length - 4); - - ret = kdcconn->kdc_socket->process(kdcconn->kdc_socket->kdc, - tmp_ctx, - &input, - &reply, - kdcconn->conn->remote_address, - kdcconn->conn->local_address, - 0 /* Not datagram */); - if (!ret) { - talloc_free(tmp_ctx); - return NT_STATUS_INTERNAL_ERROR; - } - - /* and now encode the reply */ - blob = data_blob_talloc(kdcconn, NULL, reply.length + 4); - if (!blob.data) { - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - - RSIVAL(blob.data, 0, reply.length); - memcpy(blob.data + 4, reply.data, reply.length); - - status = packet_send(kdcconn->packet, blob); - if (!NT_STATUS_IS_OK(status)) { - talloc_free(tmp_ctx); - return status; - } - - /* the call isn't needed any more */ - talloc_free(tmp_ctx); - return NT_STATUS_OK; -} - -/* - receive some data on a KDC connection -*/ -static void kdc_tcp_recv_handler(struct stream_connection *conn, uint16_t flags) +static void kdc_tcp_recv(struct stream_connection *conn, uint16_t flags) { struct kdc_tcp_connection *kdcconn = talloc_get_type(conn->private_data, struct kdc_tcp_connection); - packet_recv(kdcconn->packet); -} - -/* - called on a tcp recv error -*/ -static void kdc_tcp_recv_error(void *private_data, NTSTATUS status) -{ - struct kdc_tcp_connection *kdcconn = talloc_get_type(private_data, - struct kdc_tcp_connection); - kdc_tcp_terminate_connection(kdcconn, nt_errstr(status)); + /* this should never be triggered! */ + kdc_tcp_terminate_connection(kdcconn, "kdc_tcp_recv: called"); } -/* - called when we can write to a connection -*/ static void kdc_tcp_send(struct stream_connection *conn, uint16_t flags) { struct kdc_tcp_connection *kdcconn = talloc_get_type(conn->private_data, struct kdc_tcp_connection); - packet_queue_run(kdcconn->packet); + /* this should never be triggered! */ + kdc_tcp_terminate_connection(kdcconn, "kdc_tcp_send: called"); } /** @@ -214,42 +154,201 @@ static bool kdc_process(struct kdc_server *kdc, return true; } +struct kdc_tcp_call { + struct kdc_tcp_connection *kdc_conn; + DATA_BLOB in; + DATA_BLOB out; + uint8_t out_hdr[4]; + struct iovec out_iov[2]; +}; + +static void kdc_tcp_call_writev_done(struct tevent_req *subreq); + +static void kdc_tcp_call_loop(struct tevent_req *subreq) +{ + struct kdc_tcp_connection *kdc_conn = tevent_req_callback_data(subreq, + struct kdc_tcp_connection); + struct kdc_tcp_call *call; + NTSTATUS status; + bool ok; + + call = talloc(kdc_conn, struct kdc_tcp_call); + if (call == NULL) { + kdc_tcp_terminate_connection(kdc_conn, "kdc_tcp_call_loop: " + "no memory for kdc_tcp_call"); + return; + } + call->kdc_conn = kdc_conn; + + status = tstream_read_pdu_blob_recv(subreq, + call, + &call->in); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + const char *reason; + + reason = talloc_asprintf(call, "kdc_tcp_call_loop: " + "tstream_read_pdu_blob_recv() - %s", + nt_errstr(status)); + if (!reason) { + reason = nt_errstr(status); + } + + kdc_tcp_terminate_connection(kdc_conn, reason); + return; + } + + DEBUG(10,("Received krb5 TCP packet of length %lu from %s\n", + (long) call->in.length, + tsocket_address_string(kdc_conn->conn->remote_address, call))); + + /* skip length header */ + call->in.data +=4; + call->in.length -= 4; + + /* Call krb5 */ + ok = kdc_conn->kdc_socket->process(kdc_conn->kdc_socket->kdc, + call, + &call->in, + &call->out, + kdc_conn->conn->remote_address, + kdc_conn->conn->local_address, + 0 /* Stream */); + if (!ok) { + kdc_tcp_terminate_connection(kdc_conn, + "kdc_tcp_call_loop: process function failed"); + return; + } + + /* First add the length of the out buffer */ + RSIVAL(call->out_hdr, 0, call->out.length); + call->out_iov[0].iov_base = call->out_hdr; + call->out_iov[0].iov_len = 4; + + call->out_iov[1].iov_base = call->out.data; + call->out_iov[1].iov_len = call->out.length; + + subreq = tstream_writev_queue_send(call, + kdc_conn->conn->event.ctx, + kdc_conn->tstream, + kdc_conn->send_queue, + call->out_iov, 2); + if (subreq == NULL) { + kdc_tcp_terminate_connection(kdc_conn, "kdc_tcp_call_loop: " + "no memory for tstream_writev_queue_send"); + return; + } + tevent_req_set_callback(subreq, kdc_tcp_call_writev_done, call); + + /* + * The krb5 tcp pdu's has the length as 4 byte (initial_read_size), + * packet_full_request_u32 provides the pdu length then. + */ + subreq = tstream_read_pdu_blob_send(kdc_conn, + kdc_conn->conn->event.ctx, + kdc_conn->tstream, + 4, /* initial_read_size */ + packet_full_request_u32, + kdc_conn); + if (subreq == NULL) { + kdc_tcp_terminate_connection(kdc_conn, "kdc_tcp_call_loop: " + "no memory for tstream_read_pdu_blob_send"); + return; + } + tevent_req_set_callback(subreq, kdc_tcp_call_loop, kdc_conn); +} + +static void kdc_tcp_call_writev_done(struct tevent_req *subreq) +{ + struct kdc_tcp_call *call = tevent_req_callback_data(subreq, + struct kdc_tcp_call); + int sys_errno; + int rc; + + rc = tstream_writev_queue_recv(subreq, &sys_errno); + TALLOC_FREE(subreq); + if (rc == -1) { + const char *reason; + + reason = talloc_asprintf(call, "kdc_tcp_call_writev_done: " + "tstream_writev_queue_recv() - %d:%s", + sys_errno, strerror(sys_errno)); + if (!reason) { + reason = "kdc_tcp_call_writev_done: tstream_writev_queue_recv() failed"; + } + + kdc_tcp_terminate_connection(call->kdc_conn, reason); + return; + } + + /* We don't care about errors */ + + talloc_free(call); +} + /* called when we get a new connection */ static void kdc_tcp_accept(struct stream_connection *conn) { - struct kdc_socket *kdc_socket = talloc_get_type(conn->private_data, struct kdc_socket); - struct kdc_tcp_connection *kdcconn; + struct kdc_socket *kdc_socket; + struct kdc_tcp_connection *kdc_conn; + struct tevent_req *subreq; + int rc; + + kdc_conn = talloc_zero(conn, struct kdc_tcp_connection); + if (kdc_conn == NULL) { + stream_terminate_connection(conn, + "kdc_tcp_accept: out of memory"); + return; + } - kdcconn = talloc_zero(conn, struct kdc_tcp_connection); - if (!kdcconn) { - stream_terminate_connection(conn, "kdc_tcp_accept: out of memory"); + kdc_conn->send_queue = tevent_queue_create(conn, "kdc_tcp_accept"); + if (kdc_conn->send_queue == NULL) { + stream_terminate_connection(conn, + "kdc_tcp_accept: out of memory"); return; } - kdcconn->conn = conn; - kdcconn->kdc_socket = kdc_socket; - conn->private_data = kdcconn; - kdcconn->packet = packet_init(kdcconn); - if (kdcconn->packet == NULL) { - kdc_tcp_terminate_connection(kdcconn, "kdc_tcp_accept: out of memory"); + kdc_socket = talloc_get_type(conn->private_data, struct kdc_socket); + + TALLOC_FREE(conn->event.fde); + + rc = tstream_bsd_existing_socket(kdc_conn->tstream, + socket_get_fd(conn->socket), + &kdc_conn->tstream); + if (rc < 0) { + stream_terminate_connection(conn, + "kdc_tcp_accept: out of memory"); + return; + } + + kdc_conn->conn = conn; + kdc_conn->kdc_socket = kdc_socket; + conn->private_data = kdc_conn; + + /* + * The krb5 tcp pdu's has the length as 4 byte (initial_read_size), + * packet_full_request_u32 provides the pdu length then. + */ + subreq = tstream_read_pdu_blob_send(kdc_conn, + kdc_conn->conn->event.ctx, + kdc_conn->tstream, + 4, /* initial_read_size */ + packet_full_request_u32, + kdc_conn); + if (subreq == NULL) { + kdc_tcp_terminate_connection(kdc_conn, "kdc_tcp_accept: " + "no memory for tstream_read_pdu_blob_send"); return; } - packet_set_private(kdcconn->packet, kdcconn); - packet_set_socket(kdcconn->packet, conn->socket); - packet_set_callback(kdcconn->packet, kdc_tcp_recv); - packet_set_full_request(kdcconn->packet, packet_full_request_u32); - packet_set_error_handler(kdcconn->packet, kdc_tcp_recv_error); - packet_set_event_context(kdcconn->packet, conn->event.ctx); - packet_set_fde(kdcconn->packet, conn->event.fde); - packet_set_serialise(kdcconn->packet); + tevent_req_set_callback(subreq, kdc_tcp_call_loop, kdc_conn); } static const struct stream_server_ops kdc_tcp_stream_ops = { .name = "kdc_tcp", .accept_connection = kdc_tcp_accept, - .recv_handler = kdc_tcp_recv_handler, + .recv_handler = kdc_tcp_recv, .send_handler = kdc_tcp_send }; -- cgit From fca0c4de2ab8890af4d5f15009a2777691f222bd Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Fri, 8 Jan 2010 18:18:21 +0100 Subject: s4:provision_self_join.ldif - Adapt comment after implementation of distributed RIDs --- source4/setup/provision_self_join.ldif | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index 48f7157679..6cfdc197cc 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -34,8 +34,8 @@ userAccountControl: 532480 userPassword:: ${MACHINEPASS_B64} objectSID: ${DOMAINSID}-1000 -# Here are missing the objects for the NTFRS subscription and the RID set since -# we don't support those techniques (FRS, distributed RIDs) yet. +# Here are missing the objects for the NTFRS subscription since we don't +# support this technique yet. # Objects under "Configuration/Sites//Servers" -- cgit From 7eee8e053b22b9be8cd6de5a27efb19fe914039a Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 8 Jan 2010 16:53:30 -0500 Subject: Fix comment --- source4/kdc/hdb-samba4.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index 2f3c30c283..f7a72b41bc 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -1542,7 +1542,7 @@ krb5_error_code hdb_samba4_check_pkinit_ms_upn_match(krb5_context context, HDB * "objectSid", NULL }; - TALLOC_CTX *mem_ctx = talloc_named(db, 0, "hdb_samba4_check_constrained_delegation"); + TALLOC_CTX *mem_ctx = talloc_named(db, 0, "hdb_samba4_check_pkinit_ms_upn_match"); if (!mem_ctx) { ret = ENOMEM; -- cgit From 39a4e2a38d0a6767ebca13efaee0ac61297ad45b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 09:03:08 +1100 Subject: s4-ldb: validate the type of the ldb argument to ldb_dn_new() It has been a common bug to get the first two arguments the wrong way around --- source4/lib/ldb/common/ldb_dn.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/lib/ldb/common/ldb_dn.c b/source4/lib/ldb/common/ldb_dn.c index 79953c6018..252a0c632b 100644 --- a/source4/lib/ldb/common/ldb_dn.c +++ b/source4/lib/ldb/common/ldb_dn.c @@ -103,7 +103,13 @@ struct ldb_dn *ldb_dn_from_ldb_val(void *mem_ctx, dn = talloc_zero(mem_ctx, struct ldb_dn); LDB_DN_NULL_FAILED(dn); - dn->ldb = ldb; + dn->ldb = talloc_get_type(ldb, struct ldb_context); + if (dn->ldb == NULL) { + /* the caller probably got the arguments to + ldb_dn_new() mixed up */ + talloc_free(dn); + return NULL; + } if (strdn->data && strdn->length) { const char *data = (const char *)strdn->data; -- cgit From 196cb6b359f3a8cdca5e1d4bb17a7ab7897095ab Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 09:03:45 +1100 Subject: s4-drs: fixed usage of ldb_dn_new() --- source4/rpc_server/drsuapi/getncchanges.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index b9ba6473a5..07e7972dfa 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -592,7 +592,7 @@ static WERROR getncchanges_rid_alloc(struct drsuapi_bind_state *b_state, return WERR_DS_DRA_INTERNAL_ERROR; } - req_dn = ldb_dn_new(ldb, mem_ctx, req8->naming_context->dn); + req_dn = ldb_dn_new(mem_ctx, ldb, req8->naming_context->dn); if (!req_dn || !ldb_dn_validate(req_dn) || ldb_dn_compare(req_dn, rid_manager_dn) != 0) { -- cgit From 6a36799d30c1bfb685ccfe77257433710f23215c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 09:04:18 +1100 Subject: s4-messaging: fixed a memory leak in messaging_path() It is a bit convoluted to fix, as cluster_id_string() may return a const string. --- source4/lib/messaging/messaging.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/lib/messaging/messaging.c b/source4/lib/messaging/messaging.c index 277688e8b6..d4dfff7c8c 100644 --- a/source4/lib/messaging/messaging.c +++ b/source4/lib/messaging/messaging.c @@ -119,8 +119,15 @@ static NTSTATUS irpc_uptime(struct irpc_message *msg, */ static char *messaging_path(struct messaging_context *msg, struct server_id server_id) { - return talloc_asprintf(msg, "%s/msg.%s", msg->base_path, - cluster_id_string(msg, server_id)); + TALLOC_CTX *tmp_ctx = talloc_new(msg); + const char *id = cluster_id_string(tmp_ctx, server_id); + char *s; + if (id == NULL) { + return NULL; + } + s = talloc_asprintf(msg, "%s/msg.%s", msg->base_path, id); + talloc_steal(s, tmp_ctx); + return s; } /* -- cgit From 651ddb720a2dd80c9abd65563af54a512525b622 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 09:05:29 +1100 Subject: s4-messaging: remove only usage of debug_ctx() --- source4/lib/messaging/messaging.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/lib/messaging/messaging.c b/source4/lib/messaging/messaging.c index d4dfff7c8c..c12945b622 100644 --- a/source4/lib/messaging/messaging.c +++ b/source4/lib/messaging/messaging.c @@ -268,11 +268,13 @@ static void messaging_send_handler(struct messaging_context *msg) } rec->retries = 0; if (!NT_STATUS_IS_OK(status)) { + TALLOC_CTX *tmp_ctx = talloc_new(msg); DEBUG(1,("messaging: Lost message from %s to %s of type %u - %s\n", - cluster_id_string(debug_ctx(), rec->header->from), - cluster_id_string(debug_ctx(), rec->header->to), + cluster_id_string(tmp_ctx, rec->header->from), + cluster_id_string(tmp_ctx, rec->header->to), rec->header->msg_type, nt_errstr(status))); + talloc_free(tmp_ctx); } DLIST_REMOVE(msg->pending, rec); talloc_free(rec); -- cgit From 9e6eb22f7fda88e1d2336ac4b2ec42a8d84c2138 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 10:12:54 +1100 Subject: s4-drs: fixed the NC in the getncchanges RID alloc reply the search happens on a different DN to the NC of the request, but the reply is with the original NC --- source4/rpc_server/drsuapi/getncchanges.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) (limited to 'source4') diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index 07e7972dfa..d0ce8198b8 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -653,16 +653,6 @@ static WERROR getncchanges_rid_alloc(struct drsuapi_bind_state *b_state, DEBUG(2,("Allocated RID pool for server %s\n", GUID_string(mem_ctx, &req8->destination_dsa_guid))); - /* to complete the rest of the operation we need to point - getncchanges at the base DN for the domain */ - req8->naming_context->dn = ldb_dn_get_linearized(base_dn); - ret = dsdb_find_guid_by_dn(ldb, base_dn, &req8->naming_context->guid); - if (ret != LDB_SUCCESS) { - DEBUG(0,(__location__ ": Failed to find base DN GUID - %s\n", - ldb_errstring(ldb))); - return WERR_DS_DRA_INTERNAL_ERROR; - } - return WERR_OK; } @@ -713,6 +703,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ struct drsuapi_DsGetNCChangesRequest8 *req8; uint32_t options; uint32_t max_objects; + struct ldb_dn *search_dn = NULL; DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE); b_state = h->data; @@ -781,6 +772,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ case DRSUAPI_EXOP_FSMO_RID_ALLOC: werr = getncchanges_rid_alloc(b_state, mem_ctx, req8, &r->out.ctr->ctr6); W_ERROR_NOT_OK_RETURN(werr); + search_dn = samdb_base_dn(b_state->sam_ctx); break; case DRSUAPI_EXOP_FSMO_REQ_ROLE: @@ -863,10 +855,14 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ scope = LDB_SCOPE_BASE; } + if (!search_dn) { + search_dn = getnc_state->ncRoot_dn; + } + DEBUG(1,(__location__ ": getncchanges on %s using filter %s\n", ldb_dn_get_linearized(getnc_state->ncRoot_dn), search_filter)); ret = drsuapi_search_with_extended_dn(b_state->sam_ctx, getnc_state, &getnc_state->site_res, - getnc_state->ncRoot_dn, scope, attrs, + search_dn, scope, attrs, search_filter); if (ret != LDB_SUCCESS) { return WERR_DS_DRA_INTERNAL_ERROR; @@ -1037,6 +1033,12 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ b_state->getncchanges_state = NULL; } + if (req8->extended_op != DRSUAPI_EXOP_NONE) { + r->out.ctr->ctr6.uptodateness_vector = NULL; + r->out.ctr->ctr6.nc_object_count = 0; + ZERO_STRUCT(r->out.ctr->ctr6.new_highwatermark); + } + DEBUG(r->out.ctr->ctr6.more_data?2:1, ("DsGetNCChanges with uSNChanged >= %llu flags 0x%08x on %s gave %u objects (done %d/%d la=%d)\n", (unsigned long long)(req8->highwatermark.highest_usn+1), -- cgit From 349f7ba09c4cda14eea4df69bd6dcb082fc23c8d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 13:11:27 +1100 Subject: s4-drs: added filtering by udv in getncchanges When a client supplied an uptodateness_vector, we can use it to filter what objects we return. This greatly reduces the amount of replication traffic between DCs. --- source4/dsdb/common/util.c | 6 +++ source4/rpc_server/drsuapi/getncchanges.c | 66 ++++++++++++++++++++++++++----- 2 files changed, 63 insertions(+), 9 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 70750ca141..632025da54 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -2810,6 +2810,12 @@ int drsuapi_DsReplicaCursor2_compare(const struct drsuapi_DsReplicaCursor2 *c1, return GUID_compare(&c1->source_dsa_invocation_id, &c2->source_dsa_invocation_id); } +int drsuapi_DsReplicaCursor_compare(const struct drsuapi_DsReplicaCursor *c1, + const struct drsuapi_DsReplicaCursor *c2) +{ + return GUID_compare(&c1->source_dsa_invocation_id, &c2->source_dsa_invocation_id); +} + /* see if we are a RODC diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index d0ce8198b8..46996c7426 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -30,6 +30,7 @@ #include "rpc_server/dcerpc_server_proto.h" #include "../libcli/drsuapi/drsuapi.h" #include "libcli/security/security.h" +#include "lib/util/binsearch.h" /* build a DsReplicaObjectIdentifier from a ldb msg @@ -57,6 +58,29 @@ static struct drsuapi_DsReplicaObjectIdentifier *get_object_identifier(TALLOC_CT return identifier; } +static int udv_compare(const struct GUID *guid1, struct GUID guid2) +{ + return GUID_compare(guid1, &guid2); +} + +/* + see if we can filter an attribute using the uptodateness_vector + */ +static bool udv_filter(const struct drsuapi_DsReplicaCursorCtrEx *udv, + const struct GUID *originating_invocation_id, + uint64_t originating_usn) +{ + const struct drsuapi_DsReplicaCursor *c; + if (udv == NULL) return false; + BINARY_ARRAY_SEARCH(udv->cursors, udv->count, source_dsa_invocation_id, + originating_invocation_id, udv_compare, c); + if (c && originating_usn <= c->highest_usn) { + return true; + } + return false; + +} + /* drsuapi_DsGetNCChanges for one object */ @@ -67,7 +91,8 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem struct dsdb_schema *schema, DATA_BLOB *session_key, uint64_t highest_usn, - uint32_t replica_flags) + uint32_t replica_flags, + struct drsuapi_DsReplicaCursorCtrEx *uptodateness_vector) { const struct ldb_val *md_value; int i, n; @@ -156,6 +181,14 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem } } + /* filter by uptodateness_vector */ + if (md.ctr.ctr1.array[i].attid != DRSUAPI_ATTRIBUTE_instanceType && + udv_filter(uptodateness_vector, + &md.ctr.ctr1.array[i].originating_invocation_id, + md.ctr.ctr1.array[i].originating_usn)) { + continue; + } + obj->meta_data_ctr->meta_data[n].originating_change_time = md.ctr.ctr1.array[i].originating_change_time; obj->meta_data_ctr->meta_data[n].version = md.ctr.ctr1.array[i].version; obj->meta_data_ctr->meta_data[n].originating_invocation_id = md.ctr.ctr1.array[i].originating_invocation_id; @@ -164,11 +197,15 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem n++; } - /* - note that if n==0 we still need to send the change, as it - could be a rename, which changes the uSNChanged, but not any - of the replicated attributes - */ + /* ignore it if its an empty change. Note that renames always + * change the 'name' attribute, so they won't be ignored by + * this */ + if (n == 0 || + (n == 1 && attids[0] == DRSUAPI_ATTRIBUTE_instanceType)) { + talloc_free(obj->meta_data_ctr); + obj->meta_data_ctr = NULL; + return WERR_OK; + } obj->meta_data_ctr->count = n; @@ -302,7 +339,8 @@ static WERROR get_nc_changes_add_links(struct ldb_context *sam_ctx, uint32_t replica_flags, struct ldb_message *msg, struct drsuapi_DsReplicaLinkedAttribute **la_list, - uint32_t *la_count) + uint32_t *la_count, + struct drsuapi_DsReplicaCursorCtrEx *uptodateness_vector) { int i; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); @@ -668,6 +706,7 @@ struct drsuapi_getncchanges_state { struct ldb_dn *last_dn; struct drsuapi_DsReplicaLinkedAttribute *la_list; uint32_t la_count; + struct drsuapi_DsReplicaCursorCtrEx *uptodateness_vector; }; /* @@ -880,6 +919,14 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ (comparison_fn_t)site_res_cmp_usn_order); } + getnc_state->uptodateness_vector = talloc_steal(getnc_state, req8->uptodateness_vector); + if (getnc_state->uptodateness_vector) { + /* make sure its sorted */ + qsort(getnc_state->uptodateness_vector->cursors, + getnc_state->uptodateness_vector->count, + sizeof(getnc_state->uptodateness_vector->cursors[0]), + (comparison_fn_t)drsuapi_DsReplicaCursor_compare); + } } /* Prefix mapping */ @@ -935,7 +982,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ werr = get_nc_changes_build_object(obj, msg, b_state->sam_ctx, getnc_state->ncRoot_dn, schema, &session_key, getnc_state->min_usn, - req8->replica_flags); + req8->replica_flags, getnc_state->uptodateness_vector); if (!W_ERROR_IS_OK(werr)) { return werr; } @@ -946,7 +993,8 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ req8->replica_flags, msg, &getnc_state->la_list, - &getnc_state->la_count); + &getnc_state->la_count, + getnc_state->uptodateness_vector); if (!W_ERROR_IS_OK(werr)) { return werr; } -- cgit From 39730ac30291b14a785a7d04a0ea271f5e0f1807 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 14:28:00 +1100 Subject: s4-drs: be less verbose when we filter objects by UDV --- source4/rpc_server/drsuapi/getncchanges.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source4') diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index 46996c7426..f9e2f98b2e 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -468,6 +468,10 @@ static WERROR get_nc_changes_udv(struct ldb_context *sam_ctx, struct replUpToDateVectorBlob ouv; int i; + udv->version = 2; + udv->reserved1 = 0; + udv->reserved2 = 0; + werr = load_udv(sam_ctx, udv, ncRoot_dn, &ouv); if (!W_ERROR_IS_OK(werr)) { return werr; @@ -1008,7 +1012,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ } if (obj->meta_data_ctr == NULL) { - DEBUG(0,(__location__ ": getncchanges skipping send of object %s\n", + DEBUG(8,(__location__ ": getncchanges skipping send of object %s\n", ldb_dn_get_linearized(msg->dn))); /* no attributes to send */ talloc_free(obj); @@ -1064,10 +1068,6 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ b_state->sam_ctx, (ldb_qsort_cmp_fn_t)linked_attribute_compare); r->out.ctr->ctr6.uptodateness_vector = talloc(mem_ctx, struct drsuapi_DsReplicaCursor2CtrEx); - r->out.ctr->ctr6.uptodateness_vector->version = 2; - r->out.ctr->ctr6.uptodateness_vector->reserved1 = 0; - r->out.ctr->ctr6.uptodateness_vector->reserved2 = 0; - r->out.ctr->ctr6.new_highwatermark.highest_usn = r->out.ctr->ctr6.new_highwatermark.tmp_highest_usn; werr = get_nc_changes_udv(b_state->sam_ctx, getnc_state->ncRoot_dn, -- cgit From 7010fad4eae6aa6a852a318ae59427525c9111d0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 14:29:39 +1100 Subject: s4-drs: calculate and send a uptodateness_vector with replication requests This stops us getting objects changes twice if they came via an indirect path. --- source4/dsdb/repl/drepl_out_helpers.c | 15 ++++++- source4/dsdb/repl/drepl_partitions.c | 74 ++++++++++++++++++++++++++++++++--- 2 files changed, 82 insertions(+), 7 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c index 5666a660ad..a4f5d1faec 100644 --- a/source4/dsdb/repl/drepl_out_helpers.c +++ b/source4/dsdb/repl/drepl_out_helpers.c @@ -261,6 +261,7 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req) struct dreplsrv_drsuapi_connection *drsuapi = state->op->source_dsa->conn->drsuapi; struct rpc_request *rreq; struct drsuapi_DsGetNCChanges *r; + struct drsuapi_DsReplicaCursorCtrEx *uptodateness_vector; r = talloc(state, struct drsuapi_DsGetNCChanges); if (tevent_req_nomem(r, req)) { @@ -280,6 +281,12 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req) return; } + if (partition->uptodatevector_ex.count == 0) { + uptodateness_vector = NULL; + } else { + uptodateness_vector = &partition->uptodatevector_ex; + } + r->in.bind_handle = &drsuapi->bind_handle; if (drsuapi->remote_info28.supported_extensions & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8) { r->in.level = 8; @@ -287,7 +294,7 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req) r->in.req->req8.source_dsa_invocation_id= rf1->source_dsa_invocation_id; r->in.req->req8.naming_context = &partition->nc; r->in.req->req8.highwatermark = rf1->highwatermark; - r->in.req->req8.uptodateness_vector = NULL;/*&partition->uptodatevector_ex;*/ + r->in.req->req8.uptodateness_vector = uptodateness_vector; r->in.req->req8.replica_flags = rf1->replica_flags; r->in.req->req8.max_object_count = 133; r->in.req->req8.max_ndr_size = 1336811; @@ -303,7 +310,7 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req) r->in.req->req5.source_dsa_invocation_id= rf1->source_dsa_invocation_id; r->in.req->req5.naming_context = &partition->nc; r->in.req->req5.highwatermark = rf1->highwatermark; - r->in.req->req5.uptodateness_vector = NULL;/*&partition->uptodatevector_ex;*/ + r->in.req->req5.uptodateness_vector = uptodateness_vector; r->in.req->req5.replica_flags = rf1->replica_flags; r->in.req->req5.max_object_count = 133; r->in.req->req5.max_ndr_size = 1336770; @@ -311,6 +318,10 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req) r->in.req->req5.fsmo_info = state->op->fsmo_info; } +#if 0 + NDR_PRINT_IN_DEBUG(drsuapi_DsGetNCChanges, r); +#endif + rreq = dcerpc_drsuapi_DsGetNCChanges_send(drsuapi->pipe, r, r); if (tevent_req_nomem(rreq, req)) { return; diff --git a/source4/dsdb/repl/drepl_partitions.c b/source4/dsdb/repl/drepl_partitions.c index f5c8a701a9..aba7735440 100644 --- a/source4/dsdb/repl/drepl_partitions.c +++ b/source4/dsdb/repl/drepl_partitions.c @@ -188,6 +188,65 @@ static WERROR dreplsrv_partition_add_source_dsa(struct dreplsrv_service *s, return WERR_OK; } +/* + convert from one udv format to the other + */ +static WERROR udv_convert(TALLOC_CTX *mem_ctx, + const struct replUpToDateVectorCtr2 *udv, + struct drsuapi_DsReplicaCursorCtrEx *udv_ex) +{ + int i; + + udv_ex->version = 2; + udv_ex->reserved1 = 0; + udv_ex->reserved2 = 0; + udv_ex->count = udv->count; + udv_ex->cursors = talloc_array(mem_ctx, struct drsuapi_DsReplicaCursor, udv->count); + W_ERROR_HAVE_NO_MEMORY(udv_ex->cursors); + + for (i=0; icount; i++) { + udv_ex->cursors[i].source_dsa_invocation_id = udv->cursors[i].source_dsa_invocation_id; + udv_ex->cursors[i].highest_usn = udv->cursors[i].highest_usn; + } + + return WERR_OK; +} + +/* + add our local UDV element for the partition + */ +static WERROR add_local_udv(struct dreplsrv_service *s, + struct dreplsrv_partition *p, + const struct GUID *our_invocation_id, + struct drsuapi_DsReplicaCursorCtrEx *udv) +{ + int ret; + uint64_t highest_usn; + int i; + + ret = dsdb_load_partition_usn(s->samdb, p->dn, &highest_usn); + if (ret != LDB_SUCCESS) { + /* nothing to add */ + return WERR_OK; + } + + for (i=0; icount; i++) { + if (GUID_equal(our_invocation_id, &udv->cursors[i].source_dsa_invocation_id)) { + udv->cursors[i].highest_usn = highest_usn; + return WERR_OK; + } + } + + udv->cursors = talloc_realloc(p, udv->cursors, struct drsuapi_DsReplicaCursor, udv->count+1); + W_ERROR_HAVE_NO_MEMORY(udv->cursors); + + udv->cursors[udv->count].source_dsa_invocation_id = *our_invocation_id; + udv->cursors[udv->count].highest_usn = highest_usn; + udv->count++; + + return WERR_OK; +} + static WERROR dreplsrv_refresh_partition(struct dreplsrv_service *s, struct dreplsrv_partition *p) { @@ -232,6 +291,11 @@ static WERROR dreplsrv_refresh_partition(struct dreplsrv_service *s, talloc_free(nc_sid); } + talloc_free(p->uptodatevector.cursors); + talloc_free(p->uptodatevector_ex.cursors); + ZERO_STRUCT(p->uptodatevector); + ZERO_STRUCT(p->uptodatevector_ex); + ouv_value = ldb_msg_find_ldb_val(r->msgs[0], "replUpToDateVector"); if (ouv_value) { enum ndr_err_code ndr_err; @@ -251,14 +315,14 @@ static WERROR dreplsrv_refresh_partition(struct dreplsrv_service *s, p->uptodatevector.count = ouv.ctr.ctr2.count; p->uptodatevector.reserved = ouv.ctr.ctr2.reserved; - talloc_free(p->uptodatevector.cursors); p->uptodatevector.cursors = talloc_steal(p, ouv.ctr.ctr2.cursors); - } - /* - * TODO: add our own uptodatevector cursor - */ + status = udv_convert(p, &p->uptodatevector, &p->uptodatevector_ex); + W_ERROR_NOT_OK_RETURN(status); + status = add_local_udv(s, p, samdb_ntds_invocation_id(s->samdb), &p->uptodatevector_ex); + W_ERROR_NOT_OK_RETURN(status); + } orf_el = ldb_msg_find_element(r->msgs[0], "repsFrom"); if (orf_el) { -- cgit From 1158c138611d388fcae066a009cd6033a60a5944 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 15:12:18 +1100 Subject: s4-drs: need to set the getncchanges extended_ret on success too --- source4/rpc_server/drsuapi/getncchanges.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source4') diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index f9e2f98b2e..ad35de8833 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -650,6 +650,7 @@ static WERROR getncchanges_rid_alloc(struct drsuapi_bind_state *b_state, if (ret != LDB_SUCCESS) { DEBUG(0,(__location__ ": Failed to find fSMORoleOwner in RID Manager object - %s\n", ldb_errstring(ldb))); + ctr6->extended_ret = DRSUAPI_EXOP_ERR_FSMO_NOT_OWNER; return WERR_DS_DRA_INTERNAL_ERROR; } @@ -695,6 +696,8 @@ static WERROR getncchanges_rid_alloc(struct drsuapi_bind_state *b_state, DEBUG(2,("Allocated RID pool for server %s\n", GUID_string(mem_ctx, &req8->destination_dsa_guid))); + ctr6->extended_ret = DRSUAPI_EXOP_ERR_SUCCESS; + return WERR_OK; } -- cgit From 8ccedc3ac7f7bf6207d9fc778686592915781a4a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 15:57:52 +1100 Subject: s4-libnet: dsdb_wellknown_dn() in vampire code --- source4/libnet/libnet_become_dc.c | 77 +++++++++------------------------------ 1 file changed, 17 insertions(+), 60 deletions(-) (limited to 'source4') diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c index b8fed68b59..bccdb8d7f2 100644 --- a/source4/libnet/libnet_become_dc.c +++ b/source4/libnet/libnet_become_dc.c @@ -1031,14 +1031,6 @@ static NTSTATUS becomeDC_ldap1_infrastructure_fsmo(struct libnet_BecomeDC_state struct ldb_dn *basedn; struct ldb_dn *ntds_dn; struct ldb_dn *server_dn; - static const char *_1_1_attrs[] = { - "1.1", - NULL - }; - static const char *fsmo_attrs[] = { - "fSMORoleOwner", - NULL - }; static const char *dns_attrs[] = { "dnsHostName", NULL @@ -1048,41 +1040,21 @@ static NTSTATUS becomeDC_ldap1_infrastructure_fsmo(struct libnet_BecomeDC_state NULL }; - basedn = ldb_dn_new_fmt(s, s->ldap1.ldb, "", - s->domain.dn_str); - NT_STATUS_HAVE_NO_MEMORY(basedn); - - ret = ldb_search(s->ldap1.ldb, s, &r, basedn, LDB_SCOPE_BASE, - _1_1_attrs, "(objectClass=*)"); - talloc_free(basedn); + ret = dsdb_wellknown_dn(s->ldap1.ldb, s, samdb_base_dn(s->ldap1.ldb), + DS_GUID_INFRASTRUCTURE_CONTAINER, + &basedn); if (ret != LDB_SUCCESS) { return NT_STATUS_LDAP(ret); - } else if (r->count != 1) { - talloc_free(r); - return NT_STATUS_INVALID_NETWORK_RESPONSE; } - basedn = talloc_steal(s, r->msgs[0]->dn); - talloc_free(r); - - ret = ldb_search(s->ldap1.ldb, s, &r, basedn, LDB_SCOPE_BASE, - fsmo_attrs, "(objectClass=*)"); - talloc_free(basedn); + ret = samdb_reference_dn(s->ldap1.ldb, s, basedn, "fSMORoleOwner", &ntds_dn); if (ret != LDB_SUCCESS) { + talloc_free(basedn); return NT_STATUS_LDAP(ret); - } else if (r->count != 1) { - talloc_free(r); - return NT_STATUS_INVALID_NETWORK_RESPONSE; } - s->infrastructure_fsmo.ntds_dn_str = samdb_result_string(r->msgs[0], "fSMORoleOwner", NULL); - if (!s->infrastructure_fsmo.ntds_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE; - talloc_steal(s, s->infrastructure_fsmo.ntds_dn_str); - - talloc_free(r); - - ntds_dn = ldb_dn_new(s, s->ldap1.ldb, s->infrastructure_fsmo.ntds_dn_str); - NT_STATUS_HAVE_NO_MEMORY(ntds_dn); + s->infrastructure_fsmo.ntds_dn_str = ldb_dn_get_linearized(ntds_dn); + NT_STATUS_HAVE_NO_MEMORY(s->infrastructure_fsmo.ntds_dn_str); server_dn = ldb_dn_get_parent(s, ntds_dn); NT_STATUS_HAVE_NO_MEMORY(server_dn); @@ -2951,55 +2923,40 @@ static NTSTATUS becomeDC_ldap2_modify_computer(struct libnet_BecomeDC_state *s) static NTSTATUS becomeDC_ldap2_move_computer(struct libnet_BecomeDC_state *s) { int ret; - struct ldb_result *r; - struct ldb_dn *basedn; struct ldb_dn *old_dn; struct ldb_dn *new_dn; - static const char *_1_1_attrs[] = { - "1.1", - NULL - }; - - basedn = ldb_dn_new_fmt(s, s->ldap2.ldb, "", - s->domain.dn_str); - NT_STATUS_HAVE_NO_MEMORY(basedn); - ret = ldb_search(s->ldap2.ldb, s, &r, basedn, LDB_SCOPE_BASE, - _1_1_attrs, "(objectClass=*)"); - talloc_free(basedn); + ret = dsdb_wellknown_dn(s->ldap2.ldb, s, samdb_base_dn(s->ldap2.ldb), + DS_GUID_DOMAIN_CONTROLLERS_CONTAINER, + &new_dn); if (ret != LDB_SUCCESS) { return NT_STATUS_LDAP(ret); - } else if (r->count != 1) { - talloc_free(r); - return NT_STATUS_INVALID_NETWORK_RESPONSE; } - old_dn = ldb_dn_new(r, s->ldap2.ldb, s->dest_dsa.computer_dn_str); - NT_STATUS_HAVE_NO_MEMORY(old_dn); - - new_dn = r->msgs[0]->dn; - if (!ldb_dn_add_child_fmt(new_dn, "CN=%s", s->dest_dsa.netbios_name)) { - talloc_free(r); + talloc_free(new_dn); return NT_STATUS_NO_MEMORY; } + old_dn = ldb_dn_new(new_dn, s->ldap2.ldb, s->dest_dsa.computer_dn_str); + NT_STATUS_HAVE_NO_MEMORY(old_dn); + if (ldb_dn_compare(old_dn, new_dn) == 0) { /* we don't need to rename if the old and new dn match */ - talloc_free(r); + talloc_free(new_dn); return NT_STATUS_OK; } ret = ldb_rename(s->ldap2.ldb, old_dn, new_dn); if (ret != LDB_SUCCESS) { - talloc_free(r); + talloc_free(new_dn); return NT_STATUS_LDAP(ret); } s->dest_dsa.computer_dn_str = ldb_dn_alloc_linearized(s, new_dn); NT_STATUS_HAVE_NO_MEMORY(s->dest_dsa.computer_dn_str); - talloc_free(r); + talloc_free(new_dn); return NT_STATUS_OK; } -- cgit From acf33e0d58b38c9c621e2dc0837c07a99c95acc2 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 17:11:01 +1100 Subject: s4-drs: moved the DsWriteAccountSpn call to its own file --- source4/rpc_server/config.mk | 1 + source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 75 --------------------- source4/rpc_server/drsuapi/dcesrv_drsuapi.h | 2 + source4/rpc_server/drsuapi/writespn.c | 101 ++++++++++++++++++++++++++++ 4 files changed, 104 insertions(+), 75 deletions(-) create mode 100644 source4/rpc_server/drsuapi/writespn.c (limited to 'source4') diff --git a/source4/rpc_server/config.mk b/source4/rpc_server/config.mk index 527770a8cd..5ff1bd5722 100644 --- a/source4/rpc_server/config.mk +++ b/source4/rpc_server/config.mk @@ -188,6 +188,7 @@ dcerpc_drsuapi_OBJ_FILES = $(rpc_serversrcdir)/drsuapi/dcesrv_drsuapi.o \ $(rpc_serversrcdir)/drsuapi/updaterefs.o \ $(rpc_serversrcdir)/drsuapi/getncchanges.o \ $(rpc_serversrcdir)/drsuapi/addentry.o \ + $(rpc_serversrcdir)/drsuapi/writespn.o \ $(rpc_serversrcdir)/drsuapi/drsutil.o ################################################ diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c index 6a6bc8be7e..9edb24edd5 100644 --- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c +++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c @@ -378,81 +378,6 @@ static WERROR dcesrv_drsuapi_DsCrackNames(struct dcesrv_call_state *dce_call, TA return WERR_UNKNOWN_LEVEL; } -/* - drsuapi_DsWriteAccountSpn -*/ -static WERROR dcesrv_drsuapi_DsWriteAccountSpn(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct drsuapi_DsWriteAccountSpn *r) -{ - struct drsuapi_bind_state *b_state; - struct dcesrv_handle *h; - - *r->out.level_out = r->in.level; - - DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE); - b_state = h->data; - - r->out.res = talloc(mem_ctx, union drsuapi_DsWriteAccountSpnResult); - W_ERROR_HAVE_NO_MEMORY(r->out.res); - - switch (r->in.level) { - case 1: { - struct drsuapi_DsWriteAccountSpnRequest1 *req; - struct ldb_message *msg; - int count, i, ret; - req = &r->in.req->req1; - count = req->count; - - msg = ldb_msg_new(mem_ctx); - if (msg == NULL) { - return WERR_NOMEM; - } - - msg->dn = ldb_dn_new(msg, b_state->sam_ctx, req->object_dn); - if ( ! ldb_dn_validate(msg->dn)) { - r->out.res->res1.status = WERR_OK; - return WERR_OK; - } - - /* construct mods */ - for (i = 0; i < count; i++) { - samdb_msg_add_string(b_state->sam_ctx, - msg, msg, "servicePrincipalName", - req->spn_names[i].str); - } - for (i=0;inum_elements;i++) { - switch (req->operation) { - case DRSUAPI_DS_SPN_OPERATION_ADD: - msg->elements[i].flags = LDB_FLAG_MOD_ADD; - break; - case DRSUAPI_DS_SPN_OPERATION_REPLACE: - msg->elements[i].flags = LDB_FLAG_MOD_REPLACE; - break; - case DRSUAPI_DS_SPN_OPERATION_DELETE: - msg->elements[i].flags = LDB_FLAG_MOD_DELETE; - break; - } - } - - /* Apply to database */ - - ret = ldb_modify(b_state->sam_ctx, msg); - if (ret != 0) { - DEBUG(0,("Failed to modify SPNs on %s: %s\n", - ldb_dn_get_linearized(msg->dn), - ldb_errstring(b_state->sam_ctx))); - r->out.res->res1.status = WERR_ACCESS_DENIED; - } else { - r->out.res->res1.status = WERR_OK; - } - - return WERR_OK; - } - } - - return WERR_UNKNOWN_LEVEL; -} - /* drsuapi_DsRemoveDSServer diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.h b/source4/rpc_server/drsuapi/dcesrv_drsuapi.h index 3a64ef5c9c..ba6bb21145 100644 --- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.h +++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.h @@ -47,6 +47,8 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ struct drsuapi_DsGetNCChanges *r); WERROR dcesrv_drsuapi_DsAddEntry(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct drsuapi_DsAddEntry *r); +WERROR dcesrv_drsuapi_DsWriteAccountSpn(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct drsuapi_DsWriteAccountSpn *r); char *drs_ObjectIdentifier_to_string(TALLOC_CTX *mem_ctx, struct drsuapi_DsReplicaObjectIdentifier *nc); diff --git a/source4/rpc_server/drsuapi/writespn.c b/source4/rpc_server/drsuapi/writespn.c new file mode 100644 index 0000000000..79a6eb55f4 --- /dev/null +++ b/source4/rpc_server/drsuapi/writespn.c @@ -0,0 +1,101 @@ +/* + Unix SMB/CIFS implementation. + + implement the DsWriteAccountSpn call + + Copyright (C) Stefan Metzmacher 2009 + Copyright (C) Andrew Tridgell 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "rpc_server/dcerpc_server.h" +#include "dsdb/samdb/samdb.h" +#include "rpc_server/drsuapi/dcesrv_drsuapi.h" + +/* + drsuapi_DsWriteAccountSpn +*/ +WERROR dcesrv_drsuapi_DsWriteAccountSpn(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct drsuapi_DsWriteAccountSpn *r) +{ + struct drsuapi_bind_state *b_state; + struct dcesrv_handle *h; + + *r->out.level_out = r->in.level; + + DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE); + b_state = h->data; + + r->out.res = talloc(mem_ctx, union drsuapi_DsWriteAccountSpnResult); + W_ERROR_HAVE_NO_MEMORY(r->out.res); + + switch (r->in.level) { + case 1: { + struct drsuapi_DsWriteAccountSpnRequest1 *req; + struct ldb_message *msg; + int count, i, ret; + req = &r->in.req->req1; + count = req->count; + + msg = ldb_msg_new(mem_ctx); + if (msg == NULL) { + return WERR_NOMEM; + } + + msg->dn = ldb_dn_new(msg, b_state->sam_ctx, req->object_dn); + if ( ! ldb_dn_validate(msg->dn)) { + r->out.res->res1.status = WERR_OK; + return WERR_OK; + } + + /* construct mods */ + for (i = 0; i < count; i++) { + samdb_msg_add_string(b_state->sam_ctx, + msg, msg, "servicePrincipalName", + req->spn_names[i].str); + } + for (i=0;inum_elements;i++) { + switch (req->operation) { + case DRSUAPI_DS_SPN_OPERATION_ADD: + msg->elements[i].flags = LDB_FLAG_MOD_ADD; + break; + case DRSUAPI_DS_SPN_OPERATION_REPLACE: + msg->elements[i].flags = LDB_FLAG_MOD_REPLACE; + break; + case DRSUAPI_DS_SPN_OPERATION_DELETE: + msg->elements[i].flags = LDB_FLAG_MOD_DELETE; + break; + } + } + + /* Apply to database */ + + ret = ldb_modify(b_state->sam_ctx, msg); + if (ret != 0) { + DEBUG(0,("Failed to modify SPNs on %s: %s\n", + ldb_dn_get_linearized(msg->dn), + ldb_errstring(b_state->sam_ctx))); + r->out.res->res1.status = WERR_ACCESS_DENIED; + } else { + r->out.res->res1.status = WERR_OK; + } + + return WERR_OK; + } + } + + return WERR_UNKNOWN_LEVEL; +} -- cgit From 8c2d7ae19e5a14ffa37af60ff4eec4d79f70040b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 17:42:05 +1100 Subject: s4-dsdb: added samdb_ldb_val_case_cmp() --- source4/dsdb/common/util.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 632025da54..139ea4dc6b 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -3198,3 +3198,19 @@ int dsdb_tombstone_lifetime(struct ldb_context *ldb, uint32_t *lifetime) talloc_free(dn); return LDB_SUCCESS; } + +/* + compare a ldb_val to a string case insensitively + */ +int samdb_ldb_val_case_cmp(const char *s, struct ldb_val *v) +{ + size_t len = strlen(s); + int ret; + if (len > v->length) return 1; + ret = strncasecmp(s, (const char *)v->data, v->length); + if (ret != 0) return ret; + if (v->length > len && v->data[len] != 0) { + return -1; + } + return 0; +} -- cgit From ba745a43567062e48fe8e5b316f390b99868c309 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 17:42:59 +1100 Subject: s4-drs: fixed writespn to ignore add/delete errors When a SPN is added and already exists, it is ignored. Similarly, when a SPN is deleted and doesn't exist, it is ignored. --- source4/rpc_server/drsuapi/writespn.c | 43 ++++++++++++++++++++++++++++++++--- 1 file changed, 40 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/rpc_server/drsuapi/writespn.c b/source4/rpc_server/drsuapi/writespn.c index 79a6eb55f4..7c8ff3332b 100644 --- a/source4/rpc_server/drsuapi/writespn.c +++ b/source4/rpc_server/drsuapi/writespn.c @@ -47,6 +47,11 @@ WERROR dcesrv_drsuapi_DsWriteAccountSpn(struct dcesrv_call_state *dce_call, TALL struct drsuapi_DsWriteAccountSpnRequest1 *req; struct ldb_message *msg; int count, i, ret; + struct ldb_result *res; + const char *attrs[] = { "servicePrincipalName", NULL }; + struct ldb_message_element *el; + unsigned spn_count=0; + req = &r->in.req->req1; count = req->count; @@ -61,11 +66,42 @@ WERROR dcesrv_drsuapi_DsWriteAccountSpn(struct dcesrv_call_state *dce_call, TALL return WERR_OK; } + /* load the existing SPNs, as these are + * ignored for adds and deletes (see MS-DRSR + * section 4.1.28.3) + */ + ret = ldb_search(b_state->sam_ctx, msg, &res, msg->dn, LDB_SCOPE_BASE, + attrs, NULL); + if (ret != LDB_SUCCESS) { + DEBUG(0,("Failed to load existing SPNs on %s: %s\n", + ldb_dn_get_linearized(msg->dn), + ldb_errstring(b_state->sam_ctx))); + r->out.res->res1.status = WERR_DS_OBJ_NOT_FOUND; + return WERR_OK; + } + el = ldb_msg_find_element(res->msgs[0], "servicePrincipalName"); + /* construct mods */ for (i = 0; i < count; i++) { - samdb_msg_add_string(b_state->sam_ctx, - msg, msg, "servicePrincipalName", - req->spn_names[i].str); + bool found = false; + int j; + for (j=0; el && jnum_values; j++) { + if (samdb_ldb_val_case_cmp(req->spn_names[i].str, &el->values[j]) == 0) { + found = true; + break; + } + } + if ((req->operation == DRSUAPI_DS_SPN_OPERATION_ADD && found) || + (req->operation == DRSUAPI_DS_SPN_OPERATION_DELETE && !found)) { + continue; + } + ret = samdb_msg_add_string(b_state->sam_ctx, + msg, msg, "servicePrincipalName", + req->spn_names[i].str); + if (ret != LDB_SUCCESS) { + return WERR_NOMEM; + } + spn_count++; } for (i=0;inum_elements;i++) { switch (req->operation) { @@ -90,6 +126,7 @@ WERROR dcesrv_drsuapi_DsWriteAccountSpn(struct dcesrv_call_state *dce_call, TALL ldb_errstring(b_state->sam_ctx))); r->out.res->res1.status = WERR_ACCESS_DENIED; } else { + DEBUG(2,("Modified %u SPNs on %s\n", spn_count, ldb_dn_get_linearized(msg->dn))); r->out.res->res1.status = WERR_OK; } -- cgit From 67d8518f2c5bcb611e569164d31ed760c8965064 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 18:10:38 +1100 Subject: s4-drs: having no SPNs to change is not an error --- source4/rpc_server/drsuapi/writespn.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source4') diff --git a/source4/rpc_server/drsuapi/writespn.c b/source4/rpc_server/drsuapi/writespn.c index 7c8ff3332b..8e20c88fae 100644 --- a/source4/rpc_server/drsuapi/writespn.c +++ b/source4/rpc_server/drsuapi/writespn.c @@ -103,6 +103,13 @@ WERROR dcesrv_drsuapi_DsWriteAccountSpn(struct dcesrv_call_state *dce_call, TALL } spn_count++; } + + if (msg->num_elements == 0) { + DEBUG(2,("No SPNs need changing on %s\n", ldb_dn_get_linearized(msg->dn))); + r->out.res->res1.status = WERR_OK; + return WERR_OK; + } + for (i=0;inum_elements;i++) { switch (req->operation) { case DRSUAPI_DS_SPN_OPERATION_ADD: -- cgit From 04e82370dbfc742053cd86c39cb9e8210df19651 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 18:50:30 +1100 Subject: s4-drs: base is_nc_prefix on instanceType for extended operations comparing to the ncRoot_dn is not correct --- source4/rpc_server/drsuapi/getncchanges.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index ad35de8833..908060a0dd 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -102,8 +102,10 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem uint32_t *attids; const char *rdn; const struct dsdb_attribute *rdn_sa; + unsigned int instanceType; - if (ldb_dn_compare(ncRoot_dn, msg->dn) == 0) { + instanceType = ldb_msg_find_attr_as_uint(msg, "instanceType", 0); + if (instanceType & INSTANCE_TYPE_IS_NC_HEAD) { obj->is_nc_prefix = true; obj->parent_object_guid = NULL; } else { -- cgit From b37bec8e06a42dcc003681b9a57eaac2b1abf4fd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 20:42:23 +1100 Subject: s4-drs: give DN of failed replication partition --- source4/dsdb/repl/drepl_out_pull.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/repl/drepl_out_pull.c b/source4/dsdb/repl/drepl_out_pull.c index c2ea7e6974..101214609a 100644 --- a/source4/dsdb/repl/drepl_out_pull.c +++ b/source4/dsdb/repl/drepl_out_pull.c @@ -123,10 +123,11 @@ static void dreplsrv_pending_op_callback(struct tevent_req *subreq) rf->consecutive_sync_failures++; - DEBUG(1,("dreplsrv_op_pull_source(%s/%s) failures[%u]\n", - win_errstr(rf->result_last_attempt), - nt_errstr(werror_to_ntstatus(rf->result_last_attempt)), - rf->consecutive_sync_failures)); + DEBUG(1,("dreplsrv_op_pull_source(%s/%s) for %s failures[%u]\n", + win_errstr(rf->result_last_attempt), + win_errstr(rf->result_last_attempt), + ldb_dn_get_linearized(op->source_dsa->partition->dn), + rf->consecutive_sync_failures)); done: if (op->callback) { -- cgit From 45f49d0a58f19c2b0e9d01d635d2dd28701c7cf8 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 20:53:27 +1100 Subject: s4-drs: add a local UDV entry even when no replUpToDateVector present on NC This allows us to filter correctly for a NC that we have created but not pulled from anyone. --- source4/dsdb/repl/drepl_partitions.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/repl/drepl_partitions.c b/source4/dsdb/repl/drepl_partitions.c index aba7735440..9a24fe541a 100644 --- a/source4/dsdb/repl/drepl_partitions.c +++ b/source4/dsdb/repl/drepl_partitions.c @@ -319,11 +319,11 @@ static WERROR dreplsrv_refresh_partition(struct dreplsrv_service *s, status = udv_convert(p, &p->uptodatevector, &p->uptodatevector_ex); W_ERROR_NOT_OK_RETURN(status); - - status = add_local_udv(s, p, samdb_ntds_invocation_id(s->samdb), &p->uptodatevector_ex); - W_ERROR_NOT_OK_RETURN(status); } + status = add_local_udv(s, p, samdb_ntds_invocation_id(s->samdb), &p->uptodatevector_ex); + W_ERROR_NOT_OK_RETURN(status); + orf_el = ldb_msg_find_element(r->msgs[0], "repsFrom"); if (orf_el) { for (i=0; i < orf_el->num_values; i++) { -- cgit From 8a09dc12660dcc62926c3a41cacd4970f46f9210 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 20:54:16 +1100 Subject: s4-schema: fixed the SDDL for the schema root security descriptor This was preventing a DCPROMO client from allowing outgoing replication --- source4/scripting/python/samba/schema.py | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) (limited to 'source4') diff --git a/source4/scripting/python/samba/schema.py b/source4/scripting/python/samba/schema.py index 67c48e8e58..f702e9829f 100644 --- a/source4/scripting/python/samba/schema.py +++ b/source4/scripting/python/samba/schema.py @@ -35,16 +35,20 @@ from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE import os def get_schema_descriptor(domain_sid): - sddl = "O:SAG:SAD:(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)" \ - "(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \ - "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \ - "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)" \ - "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \ - "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)" \ - "S:(AU;SA;WPCCDCWOWDSDDTSW;;;WD)" \ - "(AU;CISA;WP;;;WD)(AU;SA;CR;;;BA)" \ - "(AU;SA;CR;;;DU)(OU;SA;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;WD)" \ - "(OU;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)" + sddl = "O:SAG:SAD:AI(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c" \ + ";;ER)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;1131f6ad-9c07-1" \ + "1d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;SA)(O" \ + "A;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;1131f6aa-9c07-11d1-f79" \ + "f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1" \ + "131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04" \ + "fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6aa" \ + "-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2" \ + ";;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ad-9c07-1" \ + "1d1-f79f-00c04fc2dcd2;;ED)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;LA)(A;CI;RPWPCRCCLCL" \ + "ORCWOWDSW;;;SA)(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:(O" \ + "U;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)(OU;SA;CR;e12b56b6-0a95-11d1" \ + "-adbb-00c04fd8d5cd;;WD)(AU;SA;CR;;;DU)(AU;SA;CR;;;BA)(AU;SA;WPCCDCWOWDSDDTSW;" \ + ";;WD)(AU;CISA;WP;;;WD)" sec = security.descriptor.from_sddl(sddl, domain_sid) return ndr_pack(sec) -- cgit From 93fefefea85808eeeb58294133bd608490a89c86 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 20:58:07 +1100 Subject: s4-samldb: fixed primaryGroupID when promoting a machine to a DC The machine gets a primaryGroupID of DOMAIN_RID_DCS. This is done without changing the member attributes of its groups. --- source4/dsdb/samdb/ldb_modules/samldb.c | 47 +++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 17 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index edaf7251b8..ccf76aaef2 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -786,9 +786,11 @@ static int samldb_fill_object(struct samldb_ctx *ac, const char *type) ret = samdb_find_or_add_attribute(ldb, ac->msg, "pwdLastSet", "0"); if (ret != LDB_SUCCESS) return ret; - ret = samdb_find_or_add_attribute(ldb, ac->msg, - "primaryGroupID", "513"); - if (ret != LDB_SUCCESS) return ret; + if (!ldb_msg_find_element(ac->msg, "primaryGroupID")) { + ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg, + "primaryGroupID", DOMAIN_RID_USERS); + if (ret != LDB_SUCCESS) return ret; + } ret = samdb_find_or_add_attribute(ldb, ac->msg, "accountExpires", "9223372036854775807"); if (ret != LDB_SUCCESS) return ret; @@ -1782,6 +1784,20 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req) el2->flags = LDB_FLAG_MOD_REPLACE; } + el = ldb_msg_find_element(req->op.mod.message, "primaryGroupID"); + if (el && el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE) && el->num_values == 1) { + struct samldb_ctx *ac; + + ac = samldb_ctx_init(module, req); + if (ac == NULL) + return LDB_ERR_OPERATIONS_ERROR; + + req->op.mod.message = ac->msg = ldb_msg_copy_shallow(req, + req->op.mod.message); + + return samldb_prim_group_change(ac); + } + el = ldb_msg_find_element(req->op.mod.message, "userAccountControl"); if (el && el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE) && el->num_values == 1) { uint32_t user_account_control; @@ -1809,21 +1825,18 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req) } el2 = ldb_msg_find_element(msg, "isCriticalSystemObject"); el2->flags = LDB_FLAG_MOD_REPLACE; - } - } - el = ldb_msg_find_element(req->op.mod.message, "primaryGroupID"); - if (el && el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE) && el->num_values == 1) { - struct samldb_ctx *ac; - - ac = samldb_ctx_init(module, req); - if (ac == NULL) - return LDB_ERR_OPERATIONS_ERROR; - - req->op.mod.message = ac->msg = ldb_msg_copy_shallow(req, - req->op.mod.message); - - return samldb_prim_group_change(ac); + /* DCs have primaryGroupID of DOMAIN_RID_DCS */ + if (!ldb_msg_find_element(msg, "primaryGroupID")) { + ret = samdb_msg_add_uint(ldb, msg, msg, + "primaryGroupID", DOMAIN_RID_DCS); + if (ret != LDB_SUCCESS) { + return ret; + } + el2 = ldb_msg_find_element(msg, "primaryGroupID"); + el2->flags = LDB_FLAG_MOD_REPLACE; + } + } } el = ldb_msg_find_element(req->op.mod.message, "member"); -- cgit From a894eeab77bde6494d397e5f4cf2a4a1325b41a4 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 21:43:16 +1100 Subject: s4-debug: lower the verbosity of a couple of common log messages --- source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 2 +- source4/smbd/process_single.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c index 9edb24edd5..96cb58ef3e 100644 --- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c +++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c @@ -60,7 +60,7 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C /* if this is a DC connecting, give them system level access */ werr = drs_security_level_check(dce_call, NULL); if (W_ERROR_IS_OK(werr)) { - DEBUG(2,(__location__ ": doing DsBind with system_session\n")); + DEBUG(3,(__location__ ": doing DsBind with system_session\n")); auth_info = system_session(dce_call->conn->dce_ctx->lp_ctx); } else { auth_info = dce_call->conn->auth_state.session_info; diff --git a/source4/smbd/process_single.c b/source4/smbd/process_single.c index ff57a0bc34..f873de47af 100644 --- a/source4/smbd/process_single.c +++ b/source4/smbd/process_single.c @@ -99,7 +99,7 @@ static void single_new_task(struct tevent_context *ev, /* called when a task goes down */ static void single_terminate(struct tevent_context *ev, struct loadparm_context *lp_ctx, const char *reason) { - DEBUG(2,("single_terminate: reason[%s]\n",reason)); + DEBUG(3,("single_terminate: reason[%s]\n",reason)); } /* called to set a title of a task or connection */ -- cgit From c03a101e6d410df68454f46c9e4d88f46fc2fa1a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 22:08:25 +1100 Subject: s4-drs: instanceType is always sent, regardless of UDV values --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 890eb91d6d..394ce3e637 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -2667,10 +2667,12 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) break; } - DEBUG(1,("Discarding older DRS attribute update to %s on %s from %s\n", - msg->elements[i-removed_attrs].name, - ldb_dn_get_linearized(msg->dn), - GUID_string(ar, &rmd->ctr.ctr1.array[i].originating_invocation_id))); + if (rmd->ctr.ctr1.array[i].attid != DRSUAPI_ATTRIBUTE_instanceType) { + DEBUG(1,("Discarding older DRS attribute update to %s on %s from %s\n", + msg->elements[i-removed_attrs].name, + ldb_dn_get_linearized(msg->dn), + GUID_string(ar, &rmd->ctr.ctr1.array[i].originating_invocation_id))); + } /* we don't want to apply this change so remove the attribute */ ldb_msg_remove_element(msg, &msg->elements[i-removed_attrs]); -- cgit From d5091a1dd9cf669817355bb932249e5337e664b1 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 10 Jan 2010 12:52:22 +1100 Subject: s4-dsdb: added samdb_domain_sid_cache_only() --- source4/dsdb/common/util.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 139ea4dc6b..6147940e3b 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1196,11 +1196,18 @@ const struct dom_sid *samdb_domain_sid(struct ldb_context *ldb) return domain_sid; failed: - DEBUG(1,("Failed to find domain_sid for open ldb\n")); talloc_free(tmp_ctx); return NULL; } +/* + get domain sid from cache +*/ +const struct dom_sid *samdb_domain_sid_cache_only(struct ldb_context *ldb) +{ + return (struct dom_sid *)ldb_get_opaque(ldb, "cache.domain_sid"); +} + bool samdb_set_domain_sid(struct ldb_context *ldb, const struct dom_sid *dom_sid_in) { TALLOC_CTX *tmp_ctx; -- cgit From a3e089db19384221c65996b158b7fa3aaf512792 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 10 Jan 2010 12:53:07 +1100 Subject: s4-ldb: display security descriptors with correct SDL for known SIDs This makes it much easier to compare SDs --- source4/lib/ldb-samba/ldif_handlers.c | 2 +- source4/lib/ldb/tools/cmdline.c | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index 10a733382a..88888bf0a7 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -406,7 +406,7 @@ static int ldif_write_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ct talloc_free(sd); return -1; } - out->data = (uint8_t *)sddl_encode(mem_ctx, sd, NULL); + out->data = (uint8_t *)sddl_encode(mem_ctx, sd, samdb_domain_sid_cache_only(ldb)); talloc_free(sd); if (out->data == NULL) { return -1; diff --git a/source4/lib/ldb/tools/cmdline.c b/source4/lib/ldb/tools/cmdline.c index 39a460763c..44ae23b26c 100644 --- a/source4/lib/ldb/tools/cmdline.c +++ b/source4/lib/ldb/tools/cmdline.c @@ -33,6 +33,7 @@ #include "auth/auth.h" #include "ldb_wrap.h" #include "param/param.h" +#include "dsdb/common/proto.h" #endif static struct ldb_cmdline options; /* needs to be static for older compilers */ @@ -321,6 +322,11 @@ struct ldb_cmdline *ldb_cmdline_process(struct ldb_context *ldb, goto failed; } +#if (_SAMBA_BUILD_ >= 4) + /* get the domain SID into the cache for SDDL processing */ + samdb_domain_sid(ldb); +#endif + return ret; failed: -- cgit From 5c174c68ccba7506147feab1d09ad676792139b3 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Sun, 10 Jan 2010 10:47:30 +0100 Subject: s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode Additionally I had to fix some bugs (especially wrong "groupTypes") and reordered the objects using the SID (this is easier when enhancing the file). --- source4/setup/provision_users.ldif | 198 +++++++++++++++++++++---------------- 1 file changed, 113 insertions(+), 85 deletions(-) (limited to 'source4') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index c27249d2c5..58b7d159d8 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -75,105 +75,98 @@ isCriticalSystemObject: TRUE # Add other groups -dn: CN=Enterprise Admins,CN=Users,${DOMAINDN} +dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN} objectClass: top objectClass: group -description: Designated administrators of the enterprise -member: CN=Administrator,CN=Users,${DOMAINDN} -objectSid: ${DOMAINSID}-519 -adminCount: 1 -sAMAccountName: Enterprise Admins +description: Members of this group are Read-Only Domain Controllers in the enterprise +objectSid: ${DOMAINSID}-498 +sAMAccountName: Enterprise Read-Only Domain Controllers +groupType: -2147483640 isCriticalSystemObject: TRUE -dn: CN=Schema Admins,CN=Users,${DOMAINDN} +dn: CN=Domain Admins,CN=Users,${DOMAINDN} objectClass: top objectClass: group -description: Designated administrators of the schema +description: Designated administrators of the domain member: CN=Administrator,CN=Users,${DOMAINDN} -objectSid: ${DOMAINSID}-518 +objectSid: ${DOMAINSID}-512 adminCount: 1 -sAMAccountName: Schema Admins +sAMAccountName: Domain Admins isCriticalSystemObject: TRUE dn: CN=Cert Publishers,CN=Users,${DOMAINDN} objectClass: top objectClass: group description: Members of this group are permitted to publish certificates to the Active Directory -groupType: -2147483644 objectSid: ${DOMAINSID}-517 sAMAccountName: Cert Publishers +groupType: -2147483644 isCriticalSystemObject: TRUE -dn: CN=Domain Admins,CN=Users,${DOMAINDN} +dn: CN=Schema Admins,CN=Users,${DOMAINDN} objectClass: top objectClass: group -description: Designated administrators of the domain +description: Designated administrators of the schema member: CN=Administrator,CN=Users,${DOMAINDN} -objectSid: ${DOMAINSID}-512 +objectSid: ${DOMAINSID}-518 adminCount: 1 -sAMAccountName: Domain Admins +sAMAccountName: Schema Admins +groupType: -2147483640 isCriticalSystemObject: TRUE -dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN} +dn: CN=Enterprise Admins,CN=Users,${DOMAINDN} objectClass: top objectClass: group -description: Members in this group can modify group policy for the domain +description: Designated administrators of the enterprise member: CN=Administrator,CN=Users,${DOMAINDN} -objectSid: ${DOMAINSID}-520 -sAMAccountName: Group Policy Creator Owners +objectSid: ${DOMAINSID}-519 +adminCount: 1 +sAMAccountName: Enterprise Admins +groupType: -2147483640 isCriticalSystemObject: TRUE -dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN} +dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN} objectClass: top objectClass: group -description: Servers in this group can access remote access properties of users -objectSid: ${DOMAINSID}-553 -sAMAccountName: RAS and IAS Servers -groupType: -2147483644 +description: Members in this group can modify group policy for the domain +member: CN=Administrator,CN=Users,${DOMAINDN} +objectSid: ${DOMAINSID}-520 +sAMAccountName: Group Policy Creator Owners isCriticalSystemObject: TRUE dn: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN} objectClass: top objectClass: group -description: Read-only domain controllers +description: Members of this group are Read-Only Domain Controllers in the domain objectSid: ${DOMAINSID}-521 +adminCount: 1 sAMAccountName: Read-Only Domain Controllers -groupType: -2147483644 isCriticalSystemObject: TRUE -dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN} +dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN} objectClass: top objectClass: group -description: Enterprise read-only domain controllers -objectSid: ${DOMAINSID}-498 -sAMAccountName: Enterprise Read-Only Domain Controllers +description: Servers in this group can access remote access properties of users +objectSid: ${DOMAINSID}-553 +sAMAccountName: RAS and IAS Servers groupType: -2147483644 isCriticalSystemObject: TRUE -dn: CN=Certificate Service DCOM Access,CN=Users,${DOMAINDN} +dn: CN=Allowed RODC Password Replication Group,CN=Users,${DOMAINDN} objectClass: top objectClass: group -description: Certificate Service DCOM Access -objectSid: ${DOMAINSID}-574 -sAMAccountName: Certificate Service DCOM Access +description: Members in this group can have their passwords replicated to all read-only domain controllers in the domain. +objectSid: ${DOMAINSID}-571 +sAMAccountName: Allowed RODC Password Replication Group groupType: -2147483644 isCriticalSystemObject: TRUE -dn: CN=Cryptographic Operators,CN=Users,${DOMAINDN} +dn: CN=Denied RODC Password Replication Group,CN=Users,${DOMAINDN} objectClass: top objectClass: group -description: Cryptographic Operators -objectSid: ${DOMAINSID}-569 -sAMAccountName: Cryptographic Operators -groupType: -2147483644 -isCriticalSystemObject: TRUE - -dn: CN=Event Log Readers,CN=Users,${DOMAINDN} -objectClass: top -objectClass: group -description: Event Log Readers -objectSid: ${DOMAINSID}-573 -sAMAccountName: Event Log Readers +description: Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain. +objectSid: ${DOMAINSID}-572 +sAMAccountName: Denied RODC Password Replication Group groupType: -2147483644 isCriticalSystemObject: TRUE @@ -194,6 +187,11 @@ objectClass: top objectClass: foreignSecurityPrincipal objectSid: S-1-5-11 +dn: CN=S-1-5-17,CN=ForeignSecurityPrincipals,${DOMAINDN} +objectClass: top +objectClass: foreignSecurityPrincipal +objectSid: S-1-5-17 + dn: CN=S-1-5-20,CN=ForeignSecurityPrincipals,${DOMAINDN} objectClass: top objectClass: foreignSecurityPrincipal @@ -240,6 +238,28 @@ systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE +dn: CN=Account Operators,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +description: Members can administer domain user and group accounts +objectSid: S-1-5-32-548 +adminCount: 1 +sAMAccountName: Account Operators +systemFlags: -1946157056 +groupType: -2147483643 +isCriticalSystemObject: TRUE + +dn: CN=Server Operators,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +description: Members can administer domain servers +objectSid: S-1-5-32-549 +adminCount: 1 +sAMAccountName: Server Operators +systemFlags: -1946157056 +groupType: -2147483643 +isCriticalSystemObject: TRUE + dn: CN=Print Operators,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group @@ -273,6 +293,17 @@ systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE +dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +description: A backward compatibility group which allows read access on all users and groups in the domain +member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN} +objectSid: S-1-5-32-554 +sAMAccountName: Pre-Windows 2000 Compatible Access +systemFlags: -1946157056 +groupType: -2147483643 +isCriticalSystemObject: TRUE + dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group @@ -293,6 +324,16 @@ systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE +dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +description: Members of this group can create incoming, one-way trusts to this forest +objectSid: S-1-5-32-557 +sAMAccountName: Incoming Forest Trust Builders +systemFlags: -1946157056 +groupType: -2147483643 +isCriticalSystemObject: TRUE + dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group @@ -314,76 +355,63 @@ systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE -dn: CN=Server Operators,CN=Builtin,${DOMAINDN} -objectClass: top -objectClass: group -description: Members can administer domain servers -objectSid: S-1-5-32-549 -adminCount: 1 -sAMAccountName: Server Operators -systemFlags: -1946157056 -groupType: -2147483643 -isCriticalSystemObject: TRUE - -dn: CN=Account Operators,CN=Builtin,${DOMAINDN} +dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group -description: Members can administer domain user and group accounts -objectSid: S-1-5-32-548 -adminCount: 1 -sAMAccountName: Account Operators +description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects +member: CN=S-1-5-9,CN=ForeignSecurityPrincipals,${DOMAINDN} +objectSid: S-1-5-32-560 +sAMAccountName: Windows Authorization Access Group systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE -dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN} +dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group -description: A backward compatibility group which allows read access on all users and groups in the domain -member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN} -objectSid: S-1-5-32-554 -sAMAccountName: Pre-Windows 2000 Compatible Access +description: Terminal Server License Servers +objectSid: S-1-5-32-561 +sAMAccountName: Terminal Server License Servers systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE -dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN} +dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group -description: Members of this group can create incoming, one-way trusts to this forest -objectSid: S-1-5-32-557 -sAMAccountName: Incoming Forest Trust Builders +description: Members are allowed to launch, activate and use Distributed COM objects on this machine. +objectSid: S-1-5-32-562 +sAMAccountName: Distributed COM Users systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE -dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN} +dn: CN=Cryptographic Operators,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group -description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects -member: CN=S-1-5-9,CN=ForeignSecurityPrincipals,${DOMAINDN} -objectSid: S-1-5-32-560 -sAMAccountName: Windows Authorization Access Group +description: Members are authorized to perform cryptographic operations. +objectSid: S-1-5-32-569 +sAMAccountName: Cryptographic Operators systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE -dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN} +dn: CN=Event Log Readers,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group -description: Terminal Server License Servers -objectSid: S-1-5-32-561 -sAMAccountName: Terminal Server License Servers +description: Members of this group can read event logs from local machine. +objectSid: S-1-5-32-573 +sAMAccountName: Event Log Readers systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE -dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN} +dn: CN=Certificate Service DCOM Access,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group -description: Members are allowed to launch, activate and use Distributed COM objects on this machine. -objectSid: S-1-5-32-562 -sAMAccountName: Distributed COM Users +description: Members of this group are allowed to connect to Certification Authorities in the enterprise. +objectSid: S-1-5-32-574 +sAMAccountName: Certificate Service DCOM Access systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE -- cgit From 61dfd3dc1dce2c0dd6693de80930af312ad3e39f Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Sun, 10 Jan 2010 11:07:16 +0100 Subject: s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now This belongs to the AD IIS stuff where I don't know yet if we should import it. --- source4/setup/provision_users.ldif | 5 ----- 1 file changed, 5 deletions(-) (limited to 'source4') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 58b7d159d8..1fc0936560 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -187,11 +187,6 @@ objectClass: top objectClass: foreignSecurityPrincipal objectSid: S-1-5-11 -dn: CN=S-1-5-17,CN=ForeignSecurityPrincipals,${DOMAINDN} -objectClass: top -objectClass: foreignSecurityPrincipal -objectSid: S-1-5-17 - dn: CN=S-1-5-20,CN=ForeignSecurityPrincipals,${DOMAINDN} objectClass: top objectClass: foreignSecurityPrincipal -- cgit From 9ee895fcf6327b1c2f5ee09fa565bd62974e9c58 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Sun, 10 Jan 2010 15:38:55 +0100 Subject: s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group --- source4/setup/provision_users.ldif | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source4') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 1fc0936560..934fc0538e 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -165,6 +165,14 @@ dn: CN=Denied RODC Password Replication Group,CN=Users,${DOMAINDN} objectClass: top objectClass: group description: Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain. +member: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN} +member: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN} +member: CN=Domain Admins,CN=Users,${DOMAINDN} +member: CN=Cert Publishers,CN=Users,${DOMAINDN} +member: CN=Enterprise Admins,CN=Users,${DOMAINDN} +member: CN=Schema Admins,CN=Users,${DOMAINDN} +member: CN=Domain Controllers,CN=Users,${DOMAINDN} +member: CN=krbtgt,CN=Users,${DOMAINDN} objectSid: ${DOMAINSID}-572 sAMAccountName: Denied RODC Password Replication Group groupType: -2147483644 -- cgit From e72787f0af71c616f44d812ccd90e050d74b2630 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Sun, 10 Jan 2010 15:43:07 +0100 Subject: s4:provision_self_join_modify.ldif - Point out that account "dns" is s4 specific --- source4/setup/provision_self_join_modify.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4') diff --git a/source4/setup/provision_self_join_modify.ldif b/source4/setup/provision_self_join_modify.ldif index 394398a9b9..f81a2b69c7 100644 --- a/source4/setup/provision_self_join_modify.ldif +++ b/source4/setup/provision_self_join_modify.ldif @@ -34,6 +34,7 @@ add: servicePrincipalName servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN} servicePrincipalName: ldap/${NTDSGUID}._msdcs.${DNSDOMAIN} +# NOTE: This account is SAMBA4 specific! dn: CN=dns,CN=Users,${DOMAINDN} changetype: add objectClass: top -- cgit From 91e210028790397996659116446e6add452707f6 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Sun, 10 Jan 2010 14:20:09 +0100 Subject: s4:provision_users.ldif - Add objects for IIS Some WSPP locations point out that they're defacto-standards for Windows Server deployments starting with 2008. So we should add them to s4 too. --- source4/setup/provision_users.ldif | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'source4') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 934fc0538e..224709486f 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -195,6 +195,11 @@ objectClass: top objectClass: foreignSecurityPrincipal objectSid: S-1-5-11 +dn: CN=S-1-5-17,CN=ForeignSecurityPrincipals,${DOMAINDN} +objectClass: top +objectClass: foreignSecurityPrincipal +objectSid: S-1-5-17 + dn: CN=S-1-5-20,CN=ForeignSecurityPrincipals,${DOMAINDN} objectClass: top objectClass: foreignSecurityPrincipal @@ -389,6 +394,17 @@ systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE +dn: CN=IIS_IUSRS,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +description: Integrated group used by the IIS +member: CN=S-1-5-17,CN=ForeignSecurityPrincipals,${DOMAINDN} +objectSid: S-1-5-32-568 +sAMAccountName: IIS_IUSRS +systemFlags: -1946157056 +groupType: -2147483643 +isCriticalSystemObject: TRUE + dn: CN=Cryptographic Operators,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group @@ -476,6 +492,11 @@ objectClass: top objectClass: foreignSecurityPrincipal objectSid: S-1-5-4 +dn: CN=IUSR,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +objectSid: S-1-5-17 + dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal -- cgit From 601ea3a442ba20fe16797953e946d7a113c9b635 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Sun, 10 Jan 2010 19:49:40 +0100 Subject: s4:repl_meta_data - Transform a "1" into a "true" on a boolean variable --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 394ce3e637..b4caac4c8d 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -672,7 +672,7 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req) /* check if there's a show relax control (used by provision to say 'I know what I'm doing') */ control = ldb_request_get_control(req, LDB_CONTROL_RELAX_OID); if (control) { - allow_add_guid = 1; + allow_add_guid = true; } /* do not manipulate our control entries */ -- cgit From e0d6b0977eb5c5a2c95ee2de10c7b18550371b50 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Sun, 10 Jan 2010 20:08:50 +0100 Subject: s4:upgradeprovision - Reformat comments Make them break at line 80 (better readability). --- source4/scripting/bin/upgradeprovision | 72 +++++++++++++++++++++------------- 1 file changed, 44 insertions(+), 28 deletions(-) (limited to 'source4') diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision index da827ace42..e95977a258 100755 --- a/source4/scripting/bin/upgradeprovision +++ b/source4/scripting/bin/upgradeprovision @@ -66,8 +66,10 @@ GUESS = 0x04 PROVISION = 0x08 CHANGEALL = 0xff -# Attributes that not copied from the reference provision even if they do not exists in the destination object -# This is most probably because they are populated automatcally when object is created +# Attributes that are never copied from the reference provision (even if they +# do not exist in the destination object). +# This is most probably because they are populated automatcally when object is +# created hashAttrNotCopied = { "dn": 1,"whenCreated": 1,"whenChanged": 1,"objectGUID": 1,"replPropertyMetaData": 1,"uSNChanged": 1,\ "uSNCreated": 1,"parentGUID": 1,"objectCategory": 1,"distinguishedName": 1,\ "showInAdvancedViewOnly": 1,"instanceType": 1, "cn": 1, "msDS-Behavior-Version":1, "nextRid":1,\ @@ -75,8 +77,9 @@ hashAttrNotCopied = { "dn": 1,"whenCreated": 1,"whenChanged": 1,"objectGUID": 1 "dBCSPwd":1,"supplementalCredentials":1,"gPCUserExtensionNames":1, "gPCMachineExtensionNames":1,\ "maxPwdAge":1, "mail":1, "secret":1,"possibleInferiors":1, "sAMAccountType":1} -# Usually for an object that already exists we do not overwrite attributes as they might have been changed for good -# reasons. Anyway for a few of thems it's mandatory to replace them otherwise the provision will be broken somehow. +# Usually for an object that already exists we do not overwrite attributes as +# they might have been changed for good reasons. Anyway for a few of them it's +# mandatory to replace them otherwise the provision will be broken somehow. hashOverwrittenAtt = { "prefixMap": replace, "systemMayContain": replace,"systemOnly":replace, "searchFlags":replace,\ "mayContain":replace, "systemFlags":replace,"description":replace, "oEMInformation":replace, "operatingSystemVersion":replace, "adminPropertyPages":replace, @@ -167,11 +170,13 @@ def get_paths(targetdir=None,smbconf=None): lp = param.LoadParm() lp.load(smbconf) -# Normaly we need the domain name for this function but for our needs it's pointless +# Normally we need the domain name for this function but for our needs it's +# pointless paths = provision_paths_from_lp(lp,"foo") return paths -# This function guess(fetch) informations needed to make a fresh provision from the current provision +# This function guesses (fetches) informations needed to make a fresh provision +# from the current provision # It includes: realm, workgroup, partitions, netbiosname, domain guid, ... def guess_names_from_current_provision(credentials,session_info,paths): lp = param.LoadParm() @@ -191,11 +196,13 @@ def guess_names_from_current_provision(credentials,session_info,paths): names.netbiosname = str(res[0]["sAMAccountName"]).replace("$","") names.smbconf = smbconf - #It's important here to let ldb load with the old module or it's quite certain that the LDB won't load ... + # It's important here to let ldb load with the old module or it's quite + # certain that the LDB won't load ... samdb = Ldb(paths.samdb, session_info=session_info, credentials=credentials, lp=lp, options=["modules:samba_dsdb"]) - # That's a bit simplistic but it's ok as long as we have only 3 partitions + # That's a bit simplistic but it's ok as long as we have only 3 + # partitions attrs2 = ["defaultNamingContext", "schemaNamingContext","configurationNamingContext","rootDomainNamingContext"] current = samdb.search(expression="(objectClass=*)",base="", scope=SCOPE_BASE, attrs=attrs2) @@ -311,9 +318,10 @@ def newprovision(names,setup_dir,creds,session,smbconf): ldap_dryrun_mode=None) return provdir -# This function sorts two dn in the lexicographical order and put higher level DN before -# So given the dns cn=bar,cn=foo and cn=foo the later will be return as smaller (-1) as it has less -# level +# This function sorts two DNs in the lexicographical order and put higher level +# DN before. +# So given the dns cn=bar,cn=foo and cn=foo the later will be return as smaller +# (-1) as it has less level def dn_sort(x,y): p = re.compile(r'(? Date: Sun, 10 Jan 2010 21:34:05 +0100 Subject: s4:upgradeprovision - fix up the script regarding linked attributes We have to try to add new objects until between two iterations we didn't make any progress. Either we are then done (no objects remaining) or we are incapable to do this fully automatically. The latter can happen if important system objects (builtin groups, users...) moved (e.g. consider one of my recent comments). Then the new object can't be added if it contains the same "sAMAccountName" attribute as the old one. We have to let the user delete the old one (also to give him a chance to backup personal changes - if needed) and only then the script is capable to add the new one onto the right place. Make this clear with an exhaustive error output. I personally don't see a good way how to do this better for now so I would leave this as a manual step. --- source4/scripting/bin/upgradeprovision | 58 +++++++++++++++++++++++++++------- 1 file changed, 46 insertions(+), 12 deletions(-) (limited to 'source4') diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision index e95977a258..23980cd3da 100755 --- a/source4/scripting/bin/upgradeprovision +++ b/source4/scripting/bin/upgradeprovision @@ -560,18 +560,52 @@ def check_diff_name(newpaths,paths,creds,session,basedn,names,ischema): sam_ldb.transaction_start() - empty = ldb.Message() - message(SIMPLE,"There are %d missing objects"%(len(listMissing))) - for dn in listMissing: - reference = newsam_ldb.search(expression="dn=%s"%(str(dn)),base=basedn, scope=SCOPE_SUBTREE,controls=["search_options:1:2"]) - delta = sam_ldb.msg_diff(empty,reference[0]) - for att in hashAttrNotCopied.keys(): - delta.remove(att) - for att in backlinked: - delta.remove(att) - delta.dn = dn - - sam_ldb.add(delta,["relax:0"]) + err_num = 0 + err_msg = "" + while len(listMissing) > 0: + listMissing2 = [] + + empty = ldb.Message() + message(SIMPLE,"There are still %d objects missing"%(len(listMissing))) + + for dn in listMissing: + reference = newsam_ldb.search(expression="dn=%s" % (str(dn)), + base=basedn, scope=SCOPE_SUBTREE, + controls=["search_options:1:2"]) + delta = sam_ldb.msg_diff(empty,reference[0]) + for att in hashAttrNotCopied.keys(): + delta.remove(att) + for att in backlinked: + delta.remove(att) + delta.dn = dn + + try: + sam_ldb.add(delta,["relax:0"]) + # This is needed here since otherwise the + # "replmd_meta_data" module doesn't see the + # updated data + sam_ldb.transaction_commit() + sam_ldb.transaction_start() + except LdbError, (num, msg): + # An exception can happen if a linked object + # doesn't exist which can happen if it is also + # to be added + err_num = num + err_msg = msg + listMissing2.append(dn) + + if len(listMissing2) == len(listMissing): + # We couldn't add any object in this iteration -> + # we have to resign and hope that the user manually + # fixes the damage + + message(ERROR, "The script isn't capable to do the upgrade fully automatically!") + message(ERROR, "Often this happens when important system objects moved their location. Please look for them (for example doable using the displayed 'sAMAccountName' attribute), backup if personally changed and remove them.") + message(ERROR, "Reinvoke this script and reapply eventual modifications done before. It is possible to get this error more than once (for each problematic object).") + + raise LdbError(err_num, err_msg) + + listMissing = listMissing2 changed = 0 for dn in listPresent: -- cgit From aa4501538a6df60719b0ab988cbd94f4495dacf1 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 11 Jan 2010 10:05:50 +1100 Subject: Revert "s4:provision_users.ldif - Add objects for IIS" This reverts commit 91e210028790397996659116446e6add452707f6. This series of commits broke 'make test'. Matthias, please make sure you run a _full_ make test before every push. --- source4/setup/provision_users.ldif | 21 --------------------- 1 file changed, 21 deletions(-) (limited to 'source4') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 224709486f..934fc0538e 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -195,11 +195,6 @@ objectClass: top objectClass: foreignSecurityPrincipal objectSid: S-1-5-11 -dn: CN=S-1-5-17,CN=ForeignSecurityPrincipals,${DOMAINDN} -objectClass: top -objectClass: foreignSecurityPrincipal -objectSid: S-1-5-17 - dn: CN=S-1-5-20,CN=ForeignSecurityPrincipals,${DOMAINDN} objectClass: top objectClass: foreignSecurityPrincipal @@ -394,17 +389,6 @@ systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE -dn: CN=IIS_IUSRS,CN=Builtin,${DOMAINDN} -objectClass: top -objectClass: group -description: Integrated group used by the IIS -member: CN=S-1-5-17,CN=ForeignSecurityPrincipals,${DOMAINDN} -objectSid: S-1-5-32-568 -sAMAccountName: IIS_IUSRS -systemFlags: -1946157056 -groupType: -2147483643 -isCriticalSystemObject: TRUE - dn: CN=Cryptographic Operators,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group @@ -492,11 +476,6 @@ objectClass: top objectClass: foreignSecurityPrincipal objectSid: S-1-5-4 -dn: CN=IUSR,CN=WellKnown Security Principals,${CONFIGDN} -objectClass: top -objectClass: foreignSecurityPrincipal -objectSid: S-1-5-17 - dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal -- cgit From 306de3051d8780c3ff2f97e0c61c28e5519aa661 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 11 Jan 2010 10:06:58 +1100 Subject: Revert "s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group" This reverts commit 9ee895fcf6327b1c2f5ee09fa565bd62974e9c58. This series of commits broke 'make test'. Matthias, please make sure you run a _full_ make test before every push. --- source4/setup/provision_users.ldif | 8 -------- 1 file changed, 8 deletions(-) (limited to 'source4') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 934fc0538e..1fc0936560 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -165,14 +165,6 @@ dn: CN=Denied RODC Password Replication Group,CN=Users,${DOMAINDN} objectClass: top objectClass: group description: Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain. -member: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN} -member: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN} -member: CN=Domain Admins,CN=Users,${DOMAINDN} -member: CN=Cert Publishers,CN=Users,${DOMAINDN} -member: CN=Enterprise Admins,CN=Users,${DOMAINDN} -member: CN=Schema Admins,CN=Users,${DOMAINDN} -member: CN=Domain Controllers,CN=Users,${DOMAINDN} -member: CN=krbtgt,CN=Users,${DOMAINDN} objectSid: ${DOMAINSID}-572 sAMAccountName: Denied RODC Password Replication Group groupType: -2147483644 -- cgit From 3af84c1cde9f210f9ee6608b2509a58646226127 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 11 Jan 2010 10:07:53 +1100 Subject: Revert "s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now" This reverts commit 61dfd3dc1dce2c0dd6693de80930af312ad3e39f. This series of commits broke 'make test'. Matthias, please make sure you run a _full_ make test before every push. --- source4/setup/provision_users.ldif | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source4') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 1fc0936560..58b7d159d8 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -187,6 +187,11 @@ objectClass: top objectClass: foreignSecurityPrincipal objectSid: S-1-5-11 +dn: CN=S-1-5-17,CN=ForeignSecurityPrincipals,${DOMAINDN} +objectClass: top +objectClass: foreignSecurityPrincipal +objectSid: S-1-5-17 + dn: CN=S-1-5-20,CN=ForeignSecurityPrincipals,${DOMAINDN} objectClass: top objectClass: foreignSecurityPrincipal -- cgit From 73422e7dd866f9c65e1ba5cd42fd027b5acf3a40 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 11 Jan 2010 10:08:30 +1100 Subject: Revert "s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode" This reverts commit 5c174c68ccba7506147feab1d09ad676792139b3. This series of commits broke 'make test'. Matthias, please make sure you run a _full_ make test before every push. --- source4/setup/provision_users.ldif | 198 ++++++++++++++++--------------------- 1 file changed, 85 insertions(+), 113 deletions(-) (limited to 'source4') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 58b7d159d8..c27249d2c5 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -75,54 +75,43 @@ isCriticalSystemObject: TRUE # Add other groups -dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN} +dn: CN=Enterprise Admins,CN=Users,${DOMAINDN} objectClass: top objectClass: group -description: Members of this group are Read-Only Domain Controllers in the enterprise -objectSid: ${DOMAINSID}-498 -sAMAccountName: Enterprise Read-Only Domain Controllers -groupType: -2147483640 +description: Designated administrators of the enterprise +member: CN=Administrator,CN=Users,${DOMAINDN} +objectSid: ${DOMAINSID}-519 +adminCount: 1 +sAMAccountName: Enterprise Admins isCriticalSystemObject: TRUE -dn: CN=Domain Admins,CN=Users,${DOMAINDN} +dn: CN=Schema Admins,CN=Users,${DOMAINDN} objectClass: top objectClass: group -description: Designated administrators of the domain +description: Designated administrators of the schema member: CN=Administrator,CN=Users,${DOMAINDN} -objectSid: ${DOMAINSID}-512 +objectSid: ${DOMAINSID}-518 adminCount: 1 -sAMAccountName: Domain Admins +sAMAccountName: Schema Admins isCriticalSystemObject: TRUE dn: CN=Cert Publishers,CN=Users,${DOMAINDN} objectClass: top objectClass: group description: Members of this group are permitted to publish certificates to the Active Directory +groupType: -2147483644 objectSid: ${DOMAINSID}-517 sAMAccountName: Cert Publishers -groupType: -2147483644 isCriticalSystemObject: TRUE -dn: CN=Schema Admins,CN=Users,${DOMAINDN} -objectClass: top -objectClass: group -description: Designated administrators of the schema -member: CN=Administrator,CN=Users,${DOMAINDN} -objectSid: ${DOMAINSID}-518 -adminCount: 1 -sAMAccountName: Schema Admins -groupType: -2147483640 -isCriticalSystemObject: TRUE - -dn: CN=Enterprise Admins,CN=Users,${DOMAINDN} +dn: CN=Domain Admins,CN=Users,${DOMAINDN} objectClass: top objectClass: group -description: Designated administrators of the enterprise +description: Designated administrators of the domain member: CN=Administrator,CN=Users,${DOMAINDN} -objectSid: ${DOMAINSID}-519 +objectSid: ${DOMAINSID}-512 adminCount: 1 -sAMAccountName: Enterprise Admins -groupType: -2147483640 +sAMAccountName: Domain Admins isCriticalSystemObject: TRUE dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN} @@ -134,39 +123,57 @@ objectSid: ${DOMAINSID}-520 sAMAccountName: Group Policy Creator Owners isCriticalSystemObject: TRUE +dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +description: Servers in this group can access remote access properties of users +objectSid: ${DOMAINSID}-553 +sAMAccountName: RAS and IAS Servers +groupType: -2147483644 +isCriticalSystemObject: TRUE + dn: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN} objectClass: top objectClass: group -description: Members of this group are Read-Only Domain Controllers in the domain +description: Read-only domain controllers objectSid: ${DOMAINSID}-521 -adminCount: 1 sAMAccountName: Read-Only Domain Controllers +groupType: -2147483644 isCriticalSystemObject: TRUE -dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN} +dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN} objectClass: top objectClass: group -description: Servers in this group can access remote access properties of users -objectSid: ${DOMAINSID}-553 -sAMAccountName: RAS and IAS Servers +description: Enterprise read-only domain controllers +objectSid: ${DOMAINSID}-498 +sAMAccountName: Enterprise Read-Only Domain Controllers groupType: -2147483644 isCriticalSystemObject: TRUE -dn: CN=Allowed RODC Password Replication Group,CN=Users,${DOMAINDN} +dn: CN=Certificate Service DCOM Access,CN=Users,${DOMAINDN} objectClass: top objectClass: group -description: Members in this group can have their passwords replicated to all read-only domain controllers in the domain. -objectSid: ${DOMAINSID}-571 -sAMAccountName: Allowed RODC Password Replication Group +description: Certificate Service DCOM Access +objectSid: ${DOMAINSID}-574 +sAMAccountName: Certificate Service DCOM Access groupType: -2147483644 isCriticalSystemObject: TRUE -dn: CN=Denied RODC Password Replication Group,CN=Users,${DOMAINDN} +dn: CN=Cryptographic Operators,CN=Users,${DOMAINDN} objectClass: top objectClass: group -description: Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain. -objectSid: ${DOMAINSID}-572 -sAMAccountName: Denied RODC Password Replication Group +description: Cryptographic Operators +objectSid: ${DOMAINSID}-569 +sAMAccountName: Cryptographic Operators +groupType: -2147483644 +isCriticalSystemObject: TRUE + +dn: CN=Event Log Readers,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +description: Event Log Readers +objectSid: ${DOMAINSID}-573 +sAMAccountName: Event Log Readers groupType: -2147483644 isCriticalSystemObject: TRUE @@ -187,11 +194,6 @@ objectClass: top objectClass: foreignSecurityPrincipal objectSid: S-1-5-11 -dn: CN=S-1-5-17,CN=ForeignSecurityPrincipals,${DOMAINDN} -objectClass: top -objectClass: foreignSecurityPrincipal -objectSid: S-1-5-17 - dn: CN=S-1-5-20,CN=ForeignSecurityPrincipals,${DOMAINDN} objectClass: top objectClass: foreignSecurityPrincipal @@ -238,28 +240,6 @@ systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE -dn: CN=Account Operators,CN=Builtin,${DOMAINDN} -objectClass: top -objectClass: group -description: Members can administer domain user and group accounts -objectSid: S-1-5-32-548 -adminCount: 1 -sAMAccountName: Account Operators -systemFlags: -1946157056 -groupType: -2147483643 -isCriticalSystemObject: TRUE - -dn: CN=Server Operators,CN=Builtin,${DOMAINDN} -objectClass: top -objectClass: group -description: Members can administer domain servers -objectSid: S-1-5-32-549 -adminCount: 1 -sAMAccountName: Server Operators -systemFlags: -1946157056 -groupType: -2147483643 -isCriticalSystemObject: TRUE - dn: CN=Print Operators,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group @@ -293,17 +273,6 @@ systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE -dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN} -objectClass: top -objectClass: group -description: A backward compatibility group which allows read access on all users and groups in the domain -member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN} -objectSid: S-1-5-32-554 -sAMAccountName: Pre-Windows 2000 Compatible Access -systemFlags: -1946157056 -groupType: -2147483643 -isCriticalSystemObject: TRUE - dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group @@ -324,16 +293,6 @@ systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE -dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN} -objectClass: top -objectClass: group -description: Members of this group can create incoming, one-way trusts to this forest -objectSid: S-1-5-32-557 -sAMAccountName: Incoming Forest Trust Builders -systemFlags: -1946157056 -groupType: -2147483643 -isCriticalSystemObject: TRUE - dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group @@ -355,63 +314,76 @@ systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE -dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN} +dn: CN=Server Operators,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group -description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects -member: CN=S-1-5-9,CN=ForeignSecurityPrincipals,${DOMAINDN} -objectSid: S-1-5-32-560 -sAMAccountName: Windows Authorization Access Group +description: Members can administer domain servers +objectSid: S-1-5-32-549 +adminCount: 1 +sAMAccountName: Server Operators systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE -dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN} +dn: CN=Account Operators,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group -description: Terminal Server License Servers -objectSid: S-1-5-32-561 -sAMAccountName: Terminal Server License Servers +description: Members can administer domain user and group accounts +objectSid: S-1-5-32-548 +adminCount: 1 +sAMAccountName: Account Operators systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE -dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN} +dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group -description: Members are allowed to launch, activate and use Distributed COM objects on this machine. -objectSid: S-1-5-32-562 -sAMAccountName: Distributed COM Users +description: A backward compatibility group which allows read access on all users and groups in the domain +member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN} +objectSid: S-1-5-32-554 +sAMAccountName: Pre-Windows 2000 Compatible Access systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE -dn: CN=Cryptographic Operators,CN=Builtin,${DOMAINDN} +dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group -description: Members are authorized to perform cryptographic operations. -objectSid: S-1-5-32-569 -sAMAccountName: Cryptographic Operators +description: Members of this group can create incoming, one-way trusts to this forest +objectSid: S-1-5-32-557 +sAMAccountName: Incoming Forest Trust Builders +systemFlags: -1946157056 +groupType: -2147483643 +isCriticalSystemObject: TRUE + +dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects +member: CN=S-1-5-9,CN=ForeignSecurityPrincipals,${DOMAINDN} +objectSid: S-1-5-32-560 +sAMAccountName: Windows Authorization Access Group systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE -dn: CN=Event Log Readers,CN=Builtin,${DOMAINDN} +dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group -description: Members of this group can read event logs from local machine. -objectSid: S-1-5-32-573 -sAMAccountName: Event Log Readers +description: Terminal Server License Servers +objectSid: S-1-5-32-561 +sAMAccountName: Terminal Server License Servers systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE -dn: CN=Certificate Service DCOM Access,CN=Builtin,${DOMAINDN} +dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group -description: Members of this group are allowed to connect to Certification Authorities in the enterprise. -objectSid: S-1-5-32-574 -sAMAccountName: Certificate Service DCOM Access +description: Members are allowed to launch, activate and use Distributed COM objects on this machine. +objectSid: S-1-5-32-562 +sAMAccountName: Distributed COM Users systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE -- cgit From 5323fe99c30bad099645711feac5f2a8979a1ee1 Mon Sep 17 00:00:00 2001 From: Steven Danneman Date: Sun, 10 Jan 2010 16:06:57 -0800 Subject: s4/torture: Parameterize output in LOCK tests based off server support Two new torture parameters: * smbexit_pdu_support: if the Server supports the Exit command * range_not_locked_on_file_close: whether the server returns the NT_STATUS_RANGE_NOT_LOCKED error when a file is closed which has a pending lock request. Windows returns this error, though per the spec, this error should only be returned to an unlock request. --- source4/torture/raw/lock.c | 120 ++++++++++++++++++++++++++----------------- source4/torture/smbtorture.c | 3 ++ source4/torture/smbtorture.h | 14 +++++ 3 files changed, 90 insertions(+), 47 deletions(-) (limited to 'source4') diff --git a/source4/torture/raw/lock.c b/source4/torture/raw/lock.c index 7eb461048b..6c86a6f615 100644 --- a/source4/torture/raw/lock.c +++ b/source4/torture/raw/lock.c @@ -80,10 +80,14 @@ #define TARGET_SUPPORTS_INVALID_LOCK_RANGE(_tctx) \ (torture_setting_bool(_tctx, "invalid_lock_range_support", true)) +#define TARGET_SUPPORTS_SMBEXIT(_tctx) \ + (torture_setting_bool(_tctx, "smbexit_pdu_support", true)) #define TARGET_SUPPORTS_SMBLOCK(_tctx) \ (torture_setting_bool(_tctx, "smblock_pdu_support", true)) #define TARGET_SUPPORTS_OPENX_DENY_DOS(_tctx) \ (torture_setting_bool(_tctx, "openx_deny_dos_support", true)) +#define TARGET_RETURNS_RANGE_NOT_LOCKED(_tctx) \ + (torture_setting_bool(_tctx, "range_not_locked_on_file_close", true)) /* test SMBlock and SMBunlock ops */ @@ -786,7 +790,10 @@ static bool test_async(struct torture_context *tctx, CHECK_STATUS(status, NT_STATUS_OK); status = smbcli_request_simple_recv(req); - CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED); + if (TARGET_RETURNS_RANGE_NOT_LOCKED(tctx)) + CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED); + else + CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT); torture_assert(tctx,!(time(NULL) > t+2), talloc_asprintf(tctx, "lock cancel by close was not immediate (%s)\n", __location__)); @@ -816,46 +823,57 @@ static bool test_async(struct torture_context *tctx, tree->tid = tcon.tconx.out.tid; torture_comment(tctx, "testing cancel by exit\n"); - fname = BASEDIR "\\test_exit.txt"; - fnum = smbcli_open(tree, fname, O_RDWR|O_CREAT, DENY_NONE); - torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx, - "Failed to reopen %s - %s\n", - fname, smbcli_errstr(tree))); - - io.lockx.level = RAW_LOCK_LOCKX; - io.lockx.in.file.fnum = fnum; - io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES; - io.lockx.in.timeout = 0; - io.lockx.in.ulock_cnt = 0; - io.lockx.in.lock_cnt = 1; - lock[0].pid = session->pid; - lock[0].offset = 100; - lock[0].count = 10; - io.lockx.in.locks = &lock[0]; - status = smb_raw_lock(tree, &io); - CHECK_STATUS(status, NT_STATUS_OK); - - io.lockx.in.ulock_cnt = 0; - io.lockx.in.lock_cnt = 1; - io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES; - io.lockx.in.timeout = 0; - status = smb_raw_lock(tree, &io); - CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED); + if (TARGET_SUPPORTS_SMBEXIT(tctx)) { + fname = BASEDIR "\\test_exit.txt"; + fnum = smbcli_open(tree, fname, O_RDWR|O_CREAT, DENY_NONE); + torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx, + "Failed to reopen %s - %s\n", + fname, smbcli_errstr(tree))); + + io.lockx.level = RAW_LOCK_LOCKX; + io.lockx.in.file.fnum = fnum; + io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES; + io.lockx.in.timeout = 0; + io.lockx.in.ulock_cnt = 0; + io.lockx.in.lock_cnt = 1; + lock[0].pid = session->pid; + lock[0].offset = 100; + lock[0].count = 10; + io.lockx.in.locks = &lock[0]; + status = smb_raw_lock(tree, &io); + CHECK_STATUS(status, NT_STATUS_OK); - io.lockx.in.timeout = 10000; - t = time(NULL); - req = smb_raw_lock_send(tree, &io); - torture_assert(tctx,(req != NULL), talloc_asprintf(tctx, - "Failed to setup timed lock (%s)\n", __location__)); + io.lockx.in.ulock_cnt = 0; + io.lockx.in.lock_cnt = 1; + io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES; + io.lockx.in.timeout = 0; + status = smb_raw_lock(tree, &io); + CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED); + + io.lockx.in.timeout = 10000; + t = time(NULL); + req = smb_raw_lock_send(tree, &io); + torture_assert(tctx,(req != NULL), talloc_asprintf(tctx, + "Failed to setup timed lock (%s)\n", + __location__)); + + status = smb_raw_exit(session); + CHECK_STATUS(status, NT_STATUS_OK); - status = smb_raw_exit(session); - CHECK_STATUS(status, NT_STATUS_OK); + status = smbcli_request_simple_recv(req); + if (TARGET_RETURNS_RANGE_NOT_LOCKED(tctx)) + CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED); + else + CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT); - status = smbcli_request_simple_recv(req); - CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED); - - torture_assert(tctx,!(time(NULL) > t+2), talloc_asprintf(tctx, - "lock cancel by exit was not immediate (%s)\n", __location__)); + torture_assert(tctx,!(time(NULL) > t+2), talloc_asprintf(tctx, + "lock cancel by exit was not immediate (%s)\n", + __location__)); + } + else { + torture_comment(tctx, + " skipping test, SMBExit not supported\n"); + } torture_comment(tctx, "testing cancel by ulogoff\n"); fname = BASEDIR "\\test_ulogoff.txt"; @@ -894,15 +912,20 @@ static bool test_async(struct torture_context *tctx, CHECK_STATUS(status, NT_STATUS_OK); status = smbcli_request_simple_recv(req); - if (NT_STATUS_EQUAL(NT_STATUS_FILE_LOCK_CONFLICT, status)) { - torture_result(tctx, TORTURE_FAIL, - "lock not canceled by ulogoff - %s (ignored because of vfs_vifs fails it)\n", - nt_errstr(status)); - smb_tree_disconnect(tree); - smb_raw_exit(session); - goto done; + if (TARGET_RETURNS_RANGE_NOT_LOCKED(tctx)) { + if (NT_STATUS_EQUAL(NT_STATUS_FILE_LOCK_CONFLICT, status)) { + torture_result(tctx, TORTURE_FAIL, + "lock not canceled by ulogoff - %s " + "(ignored because of vfs_vifs fails it)\n", + nt_errstr(status)); + smb_tree_disconnect(tree); + smb_raw_exit(session); + goto done; + } + CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED); + } else { + CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT); } - CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED); torture_assert(tctx,!(time(NULL) > t+2), talloc_asprintf(tctx, "lock cancel by ulogoff was not immediate (%s)\n", __location__)); @@ -942,7 +965,10 @@ static bool test_async(struct torture_context *tctx, CHECK_STATUS(status, NT_STATUS_OK); status = smbcli_request_simple_recv(req); - CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED); + if (TARGET_RETURNS_RANGE_NOT_LOCKED(tctx)) + CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED); + else + CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT); torture_assert(tctx,!(time(NULL) > t+2), talloc_asprintf(tctx, "lock cancel by tdis was not immediate (%s)\n", __location__)); diff --git a/source4/torture/smbtorture.c b/source4/torture/smbtorture.c index 8e0a25b032..53e860a144 100644 --- a/source4/torture/smbtorture.c +++ b/source4/torture/smbtorture.c @@ -550,8 +550,11 @@ int main(int argc,char *argv[]) lp_set_cmdline(cmdline_lp_ctx, "torture:onefs", "true"); lp_set_cmdline(cmdline_lp_ctx, "torture:openx_deny_dos_support", "false"); + lp_set_cmdline(cmdline_lp_ctx, "torture:range_not_locked_on_file_close", "false"); lp_set_cmdline(cmdline_lp_ctx, "torture:sacl_support", "false"); lp_set_cmdline(cmdline_lp_ctx, "torture:ea_support", "false"); + lp_set_cmdline(cmdline_lp_ctx, "torture:smbexit_pdu_support", + "false"); lp_set_cmdline(cmdline_lp_ctx, "torture:smblock_pdu_support", "false"); lp_set_cmdline(cmdline_lp_ctx, "torture:2_step_break_to_none", diff --git a/source4/torture/smbtorture.h b/source4/torture/smbtorture.h index 38969f1bcc..5b12f4e3f5 100644 --- a/source4/torture/smbtorture.h +++ b/source4/torture/smbtorture.h @@ -74,6 +74,15 @@ bool torture_register_suite(struct torture_suite *suite); * This parameter specifies whether the server supports the DENY_DOS open mode * of the SMBOpenX PDU. */ +/* torture:range_not_locked_on_file_close + * + * When a byte range lock is pending, and the file which is being locked is + * closed, Windows servers return the error NT_STATUS_RANGE_NOT_LOCKED. This + * is strange, as this error is meant to be returned only for unlock requests. + * When true, torture will expect the Windows behavior, otherwise it will + * expect the more logical NT_STATUS_LOCK_NOT_GRANTED. + */ + /* torture:sacl_support * * This parameter specifies whether the server supports the setting and @@ -81,6 +90,10 @@ bool torture_register_suite(struct torture_suite *suite); * supports the use of the SEC_FLAG_SYSTEM_SECURITY bit in the open access * mask.*/ +/* torture:smbexit_pdu_support + * + * This parameter specifies whether the server supports the SMBExit (0x11) PDU. */ + /* torture:smblock_pdu_support * * This parameter specifies whether the server supports the SMBLock (0x0C) PDU. */ @@ -119,4 +132,5 @@ bool torture_register_suite(struct torture_suite *suite); * denied. When true, torture will expect NT_STATUS_OBJECT_NAME_NOT_FOUND * rather than NT_STATUS_ACCESS_DENIED when trying to open one of these files. */ + #endif /* __SMBTORTURE_H__ */ -- cgit From 1a76c80466bf877a806c1c220b41e0ed37d92ed7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 11 Jan 2010 14:57:55 +1100 Subject: This is Samba4 alpha11! --- source4/VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/VERSION b/source4/VERSION index ed8d2b0350..c1b5a98420 100644 --- a/source4/VERSION +++ b/source4/VERSION @@ -89,7 +89,7 @@ SAMBA_VERSION_RC_RELEASE= # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # -> "3.0.0-SVN-build-199" # ######################################################## -SAMBA_VERSION_IS_GIT_SNAPSHOT=yes +SAMBA_VERSION_IS_GIT_SNAPSHOT=no ######################################################## # This is for specifying a release nickname # -- cgit From f6b10596ca7307b63b852d39229d2f2bcfb09e4a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 11 Jan 2010 17:05:06 +1100 Subject: and we move on towards Samba4 alpha12! --- source4/VERSION | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/VERSION b/source4/VERSION index c1b5a98420..76e66da6bd 100644 --- a/source4/VERSION +++ b/source4/VERSION @@ -57,7 +57,7 @@ SAMBA_VERSION_TP_RELEASE= # e.g. SAMBA_VERSION_ALPHA_RELEASE=1 # # -> "4.0.0alpha1" # ######################################################## -SAMBA_VERSION_ALPHA_RELEASE=11 +SAMBA_VERSION_ALPHA_RELEASE=12 ######################################################## # For 'pre' releases the version will be # @@ -89,7 +89,7 @@ SAMBA_VERSION_RC_RELEASE= # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # -> "3.0.0-SVN-build-199" # ######################################################## -SAMBA_VERSION_IS_GIT_SNAPSHOT=no +SAMBA_VERSION_IS_GIT_SNAPSHOT=yes ######################################################## # This is for specifying a release nickname # -- cgit From e0e255fb241b7e7918f237df52de3551ac6534f5 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 11 Jan 2010 11:48:12 -0500 Subject: Fix comment/debug messages --- source4/kdc/kdc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4') diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index 19042dcf78..026eaf4122 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -762,22 +762,22 @@ static void kdc_task_init(struct task_server *task) PLUGIN_TYPE_DATA, "hdb", &hdb_samba4); if(ret) { - task_server_terminate(task, "kdc: failed to register hdb keytab", true); + task_server_terminate(task, "kdc: failed to register hdb plugin", true); return; } ret = krb5_kt_register(kdc->smb_krb5_context->krb5_context, &hdb_kt_ops); if(ret) { - task_server_terminate(task, "kdc: failed to register hdb keytab", true); + task_server_terminate(task, "kdc: failed to register keytab plugin", true); return; } - /* Registar WinDC hooks */ + /* Register WinDC hooks */ ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context, PLUGIN_TYPE_DATA, "windc", &windc_plugin_table); if(ret) { - task_server_terminate(task, "kdc: failed to register hdb keytab", true); + task_server_terminate(task, "kdc: failed to register windc plugin", true); return; } -- cgit From c9e84ad3970cd3360313c1582d806c0393ce6228 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 12 Jan 2010 11:48:23 +0100 Subject: s4-smbtorture: allow test_SamLogon to test interactive samlogon in RPC-SAMR family of tests. Guenther --- source4/torture/rpc/samr.c | 105 ++++++++++++++++++++++++++++++--------------- 1 file changed, 71 insertions(+), 34 deletions(-) (limited to 'source4') diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index b5aa761b79..3f2cf6b41e 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -33,6 +33,10 @@ #include "libcli/security/security.h" #include "torture/rpc/rpc.h" #include "param/param.h" +#include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" +#include "../libcli/auth/schannel.h" +#include "auth/gensec/schannel_state.h" #include @@ -2730,17 +2734,24 @@ static bool test_QueryUserInfo_pwdlastset(struct dcerpc_pipe *p, static bool test_SamLogon(struct torture_context *tctx, struct dcerpc_pipe *p, struct cli_credentials *test_credentials, - NTSTATUS expected_result) + NTSTATUS expected_result, + bool interactive) { NTSTATUS status; struct netr_LogonSamLogonEx r; union netr_LogonLevel logon; union netr_Validation validation; uint8_t authoritative; + struct netr_IdentityInfo identity; struct netr_NetworkInfo ninfo; + struct netr_PasswordInfo pinfo; DATA_BLOB names_blob, chal, lm_resp, nt_resp; int flags = CLI_CRED_NTLM_AUTH; uint32_t samlogon_flags = 0; + struct netlogon_creds_CredentialState *creds; + struct netr_Authenticator a; + + torture_assert_ntstatus_ok(tctx, dcerpc_schannel_creds(p->conn->security_state.generic_state, tctx, &creds), ""); if (lp_client_lanman_auth(tctx->lp_ctx)) { flags |= CLI_CRED_LANMAN_AUTH; @@ -2751,50 +2762,74 @@ static bool test_SamLogon(struct torture_context *tctx, } cli_credentials_get_ntlm_username_domain(test_credentials, tctx, - &ninfo.identity_info.account_name.string, - &ninfo.identity_info.domain_name.string); + &identity.account_name.string, + &identity.domain_name.string); - generate_random_buffer(ninfo.challenge, - sizeof(ninfo.challenge)); - chal = data_blob_const(ninfo.challenge, - sizeof(ninfo.challenge)); + identity.parameter_control = + MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | + MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT; + identity.logon_id_low = 0; + identity.logon_id_high = 0; + identity.workstation.string = cli_credentials_get_workstation(test_credentials); - names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(test_credentials), - cli_credentials_get_domain(test_credentials)); + if (interactive) { + netlogon_creds_client_authenticator(creds, &a); - status = cli_credentials_get_ntlm_response(test_credentials, tctx, - &flags, - chal, - names_blob, - &lm_resp, &nt_resp, - NULL, NULL); - torture_assert_ntstatus_ok(tctx, status, "cli_credentials_get_ntlm_response failed"); + if (!E_deshash(cli_credentials_get_password(test_credentials), pinfo.lmpassword.hash)) { + ZERO_STRUCT(pinfo.lmpassword.hash); + } + E_md4hash(cli_credentials_get_password(test_credentials), pinfo.ntpassword.hash); - ninfo.lm.data = lm_resp.data; - ninfo.lm.length = lm_resp.length; + if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { + netlogon_creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16); + netlogon_creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16); + } else { + netlogon_creds_des_encrypt(creds, &pinfo.lmpassword); + netlogon_creds_des_encrypt(creds, &pinfo.ntpassword); + } - ninfo.nt.data = nt_resp.data; - ninfo.nt.length = nt_resp.length; + pinfo.identity_info = identity; + logon.password = &pinfo; - ninfo.identity_info.parameter_control = - MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | - MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT; - ninfo.identity_info.logon_id_low = 0; - ninfo.identity_info.logon_id_high = 0; - ninfo.identity_info.workstation.string = cli_credentials_get_workstation(test_credentials); + r.in.logon_level = NetlogonInteractiveInformation; + } else { + generate_random_buffer(ninfo.challenge, + sizeof(ninfo.challenge)); + chal = data_blob_const(ninfo.challenge, + sizeof(ninfo.challenge)); + + names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(test_credentials), + cli_credentials_get_domain(test_credentials)); + + status = cli_credentials_get_ntlm_response(test_credentials, tctx, + &flags, + chal, + names_blob, + &lm_resp, &nt_resp, + NULL, NULL); + torture_assert_ntstatus_ok(tctx, status, "cli_credentials_get_ntlm_response failed"); + + ninfo.lm.data = lm_resp.data; + ninfo.lm.length = lm_resp.length; - logon.network = &ninfo; + ninfo.nt.data = nt_resp.data; + ninfo.nt.length = nt_resp.length; + + ninfo.identity_info = identity; + logon.network = &ninfo; + + r.in.logon_level = NetlogonNetworkInformation; + } r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.computer_name = cli_credentials_get_workstation(test_credentials); - r.in.logon_level = NetlogonNetworkInformation; r.in.logon = &logon; r.in.flags = &samlogon_flags; r.out.flags = &samlogon_flags; r.out.validation = &validation; r.out.authoritative = &authoritative; - torture_comment(tctx, "Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string); + torture_comment(tctx, "Testing LogonSamLogon with name %s\n", identity.account_name.string); r.in.validation_level = 6; @@ -2818,7 +2853,8 @@ static bool test_SamLogon_with_creds(struct torture_context *tctx, struct cli_credentials *machine_creds, const char *acct_name, char *password, - NTSTATUS expected_samlogon_result) + NTSTATUS expected_samlogon_result, + bool interactive) { bool ret = true; struct cli_credentials *test_credentials; @@ -2834,11 +2870,11 @@ static bool test_SamLogon_with_creds(struct torture_context *tctx, cli_credentials_set_password(test_credentials, password, CRED_SPECIFIED); - torture_comment(tctx, "testing samlogon as %s password: %s\n", - acct_name, password); + torture_comment(tctx, "testing samlogon (%s) as %s password: %s\n", + interactive ? "interactive" : "network", acct_name, password); if (!test_SamLogon(tctx, p, test_credentials, - expected_samlogon_result)) { + expected_samlogon_result, interactive)) { torture_warning(tctx, "new password did not work\n"); ret = false; } @@ -2904,7 +2940,8 @@ static bool test_SetPassword_level(struct dcerpc_pipe *p, machine_creds, acct_name, *password, - expected_samlogon_result)) { + expected_samlogon_result, + false)) { ret = false; } -- cgit From a744dbcf2b29040d7d630201cef9f64edafd7eec Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 11 Jan 2010 21:18:51 +0100 Subject: s4-smbtorture: add RPC-SAMR-PASSWORDS-BADPWDCOUNT torture test. This test checks the behavior (since w2k3 sp1) of the badPwdCount samr attribute in relation to password history and successfull and unsucessful netlogon samlogons. Michael, please check. This should help verifiying Bug #4347. Guenther --- source4/torture/rpc/rpc.c | 1 + source4/torture/rpc/samr.c | 490 ++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 489 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c index 3362bad605..2ab0d12743 100644 --- a/source4/torture/rpc/rpc.c +++ b/source4/torture/rpc/rpc.c @@ -462,6 +462,7 @@ NTSTATUS torture_rpc_init(void) torture_suite_add_suite(suite, torture_rpc_samr_accessmask(suite)); torture_suite_add_suite(suite, torture_rpc_samr_workstation_auth(suite)); torture_suite_add_suite(suite, torture_rpc_samr_passwords_pwdlastset(suite)); + torture_suite_add_suite(suite, torture_rpc_samr_passwords_badpwdcount(suite)); torture_suite_add_suite(suite, torture_rpc_samr_user_privileges(suite)); torture_suite_add_suite(suite, torture_rpc_samr_large_dc(suite)); torture_suite_add_suite(suite, torture_rpc_epmapper(suite)); diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 3f2cf6b41e..20d48038e7 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -4,7 +4,7 @@ Copyright (C) Andrew Tridgell 2003 Copyright (C) Andrew Bartlett 2003 - Copyright (C) Guenther Deschner 2008,2009 + Copyright (C) Guenther Deschner 2008-2010 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -50,6 +50,7 @@ enum torture_samr_choice { TORTURE_SAMR_PASSWORDS, TORTURE_SAMR_PASSWORDS_PWDLASTSET, + TORTURE_SAMR_PASSWORDS_BADPWDCOUNT, TORTURE_SAMR_USER_ATTRIBUTES, TORTURE_SAMR_USER_PRIVILEGES, TORTURE_SAMR_OTHER, @@ -3374,6 +3375,428 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, return ret; } +static bool test_QueryUserInfo_badpwdcount(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle, + uint32_t *badpwdcount) +{ + union samr_UserInfo *info; + struct samr_QueryUserInfo r; + + r.in.user_handle = handle; + r.in.level = 3; + r.out.info = &info; + + torture_comment(tctx, "Testing QueryUserInfo level %d", r.in.level); + + torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo(p, tctx, &r), + "failed to query userinfo"); + + *badpwdcount = info->info3.bad_password_count; + + torture_comment(tctx, " (bad password count: %d)\n", *badpwdcount); + + return true; +} + +static bool test_reset_badpwdcount(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *user_handle, + uint32_t acct_flags, + char **password) +{ + struct samr_SetUserInfo r; + union samr_UserInfo user_info; + + torture_assert(tctx, test_SetUserPass(p, tctx, user_handle, password), + "failed to set password"); + + torture_comment(tctx, "Testing SetUserInfo level 16 (enable account)\n"); + + user_info.info16.acct_flags = acct_flags; + user_info.info16.acct_flags &= ~ACB_DISABLED; + + r.in.user_handle = user_handle; + r.in.level = 16; + r.in.info = &user_info; + + torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo(p, tctx, &r), + "failed to enable user"); + + torture_assert(tctx, test_SetUserPass(p, tctx, user_handle, password), + "failed to set password"); + + return true; +} + +static bool test_Password_badpwdcount(struct dcerpc_pipe *p, + struct dcerpc_pipe *np, + struct torture_context *tctx, + uint32_t acct_flags, + const char *acct_name, + struct policy_handle *domain_handle, + struct policy_handle *user_handle, + char **password, + struct cli_credentials *machine_credentials, + const char *comment, + bool disable, + bool interactive, + NTSTATUS expected_success_status, + struct samr_DomInfo1 *info1, + struct samr_DomInfo12 *info12) +{ + union samr_DomainInfo info; + char **passwords; + int i; + uint32_t badpwdcount, tmp; + uint32_t password_history_length = 12; + uint32_t lockout_threshold = 15; + + torture_comment(tctx, "\nTesting bad pwd count with: %s\n", comment); + + torture_assert(tctx, password_history_length < lockout_threshold, + "password history length needs to be smaller than account lockout threshold for this test"); + + + /* set policies */ + + info.info1 = *info1; + + info.info1.password_history_length = password_history_length; + + { + struct samr_SetDomainInfo r; + + r.in.domain_handle = domain_handle; + r.in.level = DomainPasswordInformation; + r.in.info = &info; + + torture_assert_ntstatus_ok(tctx, + dcerpc_samr_SetDomainInfo(p, tctx, &r), + "failed to set domain info level 1"); + } + + info.info12 = *info12; + + info.info12.lockout_threshold = lockout_threshold; + + { + struct samr_SetDomainInfo r; + + r.in.domain_handle = domain_handle; + r.in.level = DomainLockoutInformation; + r.in.info = &info; + + torture_assert_ntstatus_ok(tctx, + dcerpc_samr_SetDomainInfo(p, tctx, &r), + "failed to set domain info level 12"); + } + + /* reset bad pwd count */ + + torture_assert(tctx, + test_reset_badpwdcount(p, tctx, user_handle, acct_flags, password), ""); + + + /* enable or disable account */ + { + struct samr_SetUserInfo r; + union samr_UserInfo user_info; + + torture_comment(tctx, "Testing SetUserInfo level 16 (%s account)\n", + disable ? "disable" : "enable"); + + user_info.info16.acct_flags = acct_flags; + if (disable) { + user_info.info16.acct_flags |= ACB_DISABLED; + } else { + user_info.info16.acct_flags &= ~ACB_DISABLED; + } + + r.in.user_handle = user_handle; + r.in.level = 16; + r.in.info = &user_info; + + torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo(p, tctx, &r), + "failed to enable user"); + } + + + /* setup password history */ + + passwords = talloc_array(tctx, char *, password_history_length); + + for (i=0; i < password_history_length; i++) { + + torture_assert(tctx, test_SetUserPass(p, tctx, user_handle, password), + "failed to set password"); + passwords[i] = talloc_strdup(tctx, *password); + + if (!test_SamLogon_with_creds(tctx, np, machine_credentials, + acct_name, passwords[i], + expected_success_status, interactive)) { + torture_fail(tctx, "failed to auth with latest password"); + } + + torture_assert(tctx, + test_QueryUserInfo_badpwdcount(p, tctx, user_handle, &badpwdcount), ""); + + torture_assert_int_equal(tctx, badpwdcount, 0, "expected badpwdcount to be 0"); + } + + + /* test with wrong password */ + + if (!test_SamLogon_with_creds(tctx, np, machine_credentials, + acct_name, "random_crap", + NT_STATUS_WRONG_PASSWORD, interactive)) { + torture_fail(tctx, "succeeded to authenticate with wrong password"); + } + + torture_assert(tctx, + test_QueryUserInfo_badpwdcount(p, tctx, user_handle, &badpwdcount), ""); + + torture_assert_int_equal(tctx, badpwdcount, 1, "expected badpwdcount to be 1"); + + + /* test with latest good password */ + + if (!test_SamLogon_with_creds(tctx, np, machine_credentials, acct_name, + passwords[password_history_length-1], + expected_success_status, interactive)) { + torture_fail(tctx, "succeeded to authenticate with wrong password"); + } + + torture_assert(tctx, + test_QueryUserInfo_badpwdcount(p, tctx, user_handle, &badpwdcount), ""); + + if (disable) { + torture_assert_int_equal(tctx, badpwdcount, 1, "expected badpwdcount to be 1"); + } else { + /* only enabled accounts get the bad pwd count reset upon + * successful logon */ + torture_assert_int_equal(tctx, badpwdcount, 0, "expected badpwdcount to be 0"); + } + + tmp = badpwdcount; + + + /* test password history */ + + for (i=0; i < password_history_length; i++) { + + torture_comment(tctx, "Testing bad password count behavior with " + "password #%d of #%d\n", i, password_history_length); + + /* - network samlogon will succeed auth and not + * increase badpwdcount for 2 last entries + * - interactive samlogon only for the last one */ + + if (i == password_history_length - 1 || + (i == password_history_length - 2 && !interactive)) { + + if (!test_SamLogon_with_creds(tctx, np, machine_credentials, + acct_name, passwords[i], + expected_success_status, interactive)) { + torture_fail(tctx, talloc_asprintf(tctx, "succeeded to authenticate with old password (#%d of #%d in history)", i, password_history_length)); + } + + torture_assert(tctx, + test_QueryUserInfo_badpwdcount(p, tctx, user_handle, &badpwdcount), ""); + + if (disable) { + /* torture_comment(tctx, "expecting bad pwd count to *NOT INCREASE* for pwd history entry %d\n", i); */ + torture_assert_int_equal(tctx, badpwdcount, tmp, "unexpected badpwdcount"); + } else { + /* torture_comment(tctx, "expecting bad pwd count to be 0 for pwd history entry %d\n", i); */ + torture_assert_int_equal(tctx, badpwdcount, 0, "expected badpwdcount to be 0"); + } + + tmp = badpwdcount; + + continue; + } + + if (!test_SamLogon_with_creds(tctx, np, machine_credentials, + acct_name, passwords[i], + NT_STATUS_WRONG_PASSWORD, interactive)) { + torture_fail(tctx, talloc_asprintf(tctx, "succeeded to authenticate with old password (#%d of #%d in history)", i, password_history_length)); + } + + torture_assert(tctx, + test_QueryUserInfo_badpwdcount(p, tctx, user_handle, &badpwdcount), ""); + + /* - network samlogon will fail auth but not increase + * badpwdcount for 3rd last entry + * - interactive samlogon for 3rd and 2nd last entry */ + + if (i == password_history_length - 3 || + (i == password_history_length - 2 && interactive)) { + /* torture_comment(tctx, "expecting bad pwd count to *NOT INCREASE * by one for pwd history entry %d\n", i); */ + torture_assert_int_equal(tctx, badpwdcount, tmp, "unexpected badpwdcount"); + } else { + /* torture_comment(tctx, "expecting bad pwd count to increase by one for pwd history entry %d\n", i); */ + torture_assert_int_equal(tctx, badpwdcount, tmp + 1, "unexpected badpwdcount"); + } + + tmp = badpwdcount; + } + + return true; +} + +static bool test_Password_badpwdcount_wrap(struct dcerpc_pipe *p, + struct torture_context *tctx, + uint32_t acct_flags, + const char *acct_name, + struct policy_handle *domain_handle, + struct policy_handle *user_handle, + char **password, + struct cli_credentials *machine_credentials) +{ + union samr_DomainInfo *q_info, s_info; + struct samr_DomInfo1 info1, _info1; + struct samr_DomInfo12 info12, _info12; + bool ret = true; + struct dcerpc_binding *b; + struct dcerpc_pipe *np; + int i; + + struct { + const char *comment; + bool disabled; + bool interactive; + NTSTATUS expected_success_status; + } creds[] = { + { + .comment = "network logon (disabled account)", + .disabled = true, + .interactive = false, + .expected_success_status= NT_STATUS_ACCOUNT_DISABLED + }, + { + .comment = "network logon (enabled account)", + .disabled = false, + .interactive = false, + .expected_success_status= NT_STATUS_OK + }, + { + .comment = "interactive logon (disabled account)", + .disabled = true, + .interactive = true, + .expected_success_status= NT_STATUS_ACCOUNT_DISABLED + }, + { + .comment = "interactive logon (enabled account)", + .disabled = false, + .interactive = true, + .expected_success_status= NT_STATUS_OK + }, + }; + + /* setup netlogon schannel pipe */ + + torture_assert_ntstatus_ok(tctx, torture_rpc_binding(tctx, &b), "failed to obtain rpc binding"); + + b->flags &= ~DCERPC_AUTH_OPTIONS; + b->flags |= DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128; + + torture_assert_ntstatus_ok(tctx, dcerpc_pipe_connect_b(tctx, &np, b, &ndr_table_netlogon, + machine_credentials, tctx->ev, tctx->lp_ctx), + "failed to connect to NETLOGON pipe"); + + /* backup old policies */ + + { + struct samr_QueryDomainInfo2 r; + + r.in.domain_handle = domain_handle; + r.in.level = DomainPasswordInformation; + r.out.info = &q_info; + + torture_assert_ntstatus_ok(tctx, + dcerpc_samr_QueryDomainInfo2(p, tctx, &r), + "failed to query domain info level 1"); + + info1 = q_info->info1; + } + + { + struct samr_QueryDomainInfo2 r; + + r.in.domain_handle = domain_handle; + r.in.level = DomainLockoutInformation; + r.out.info = &q_info; + + torture_assert_ntstatus_ok(tctx, + dcerpc_samr_QueryDomainInfo2(p, tctx, &r), + "failed to query domain info level 12"); + + info12 = q_info->info12; + } + + _info1 = info1; + _info12 = info12; + + /* run tests */ + + for (i=0; i < ARRAY_SIZE(creds); i++) { + + /* skip trust tests for now */ + if (acct_flags & ACB_WSTRUST || + acct_flags & ACB_SVRTRUST || + acct_flags & ACB_DOMTRUST) { + continue; + } + + ret &= test_Password_badpwdcount(p, np, tctx, acct_flags, acct_name, + domain_handle, user_handle, password, + machine_credentials, + creds[i].comment, + creds[i].disabled, + creds[i].interactive, + creds[i].expected_success_status, + &_info1, &_info12); + if (!ret) { + torture_warning(tctx, "TEST #%d (%s) failed\n", i, creds[i].comment); + } else { + torture_comment(tctx, "TEST #%d (%s) succeeded\n", i, creds[i].comment); + } + } + + /* restore policies */ + + s_info.info1 = info1; + + { + struct samr_SetDomainInfo r; + + r.in.domain_handle = domain_handle; + r.in.level = DomainPasswordInformation; + r.in.info = &s_info; + + torture_assert_ntstatus_ok(tctx, + dcerpc_samr_SetDomainInfo(p, tctx, &r), + "failed to set domain info level 1"); + } + + s_info.info12 = info12; + + { + struct samr_SetDomainInfo r; + + r.in.domain_handle = domain_handle; + r.in.level = DomainLockoutInformation; + r.in.info = &s_info; + + torture_assert_ntstatus_ok(tctx, + dcerpc_samr_SetDomainInfo(p, tctx, &r), + "failed to set domain info level 12"); + } + + return ret; +} + static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p, struct dcerpc_pipe *lp, struct torture_context *tctx, @@ -3873,6 +4296,25 @@ static bool test_user_ops(struct dcerpc_pipe *p, break; + case TORTURE_SAMR_PASSWORDS_BADPWDCOUNT: + + /* test bad pwd count change behaviour */ + if (!test_Password_badpwdcount_wrap(p, tctx, base_acct_flags, + base_acct_name, + domain_handle, + user_handle, &password, + machine_credentials)) { + ret = false; + } + + if (ret == true) { + torture_comment(tctx, "badPwdCount test succeeded\n"); + } else { + torture_warning(tctx, "badPwdCount test failed\n"); + } + + break; + case TORTURE_SAMR_USER_PRIVILEGES: { struct dcerpc_pipe *lp; @@ -6564,12 +7006,13 @@ static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx, } break; case TORTURE_SAMR_PASSWORDS_PWDLASTSET: + case TORTURE_SAMR_PASSWORDS_BADPWDCOUNT: if (!torture_setting_bool(tctx, "samba3", false)) { ret &= test_CreateUser2(p, tctx, &domain_handle, sid, ctx->choice, ctx->machine_credentials); } ret &= test_CreateUser(p, tctx, &domain_handle, TEST_ACCOUNT_NAME, &user_handle, sid, ctx->choice, ctx->machine_credentials, true); if (!ret) { - torture_warning(tctx, "Testing PASSWORDS PWDLASTSET on domain %s failed!\n", dom_sid_string(tctx, sid)); + torture_warning(tctx, "Testing PASSWORDS PWDLASTSET or BADPWDCOUNT on domain %s failed!\n", dom_sid_string(tctx, sid)); } break; case TORTURE_SAMR_MANY_ACCOUNTS: @@ -7160,3 +7603,46 @@ struct torture_suite *torture_rpc_samr_large_dc(TALLOC_CTX *mem_ctx) return suite; } + +static bool torture_rpc_samr_badpwdcount(struct torture_context *torture, + struct dcerpc_pipe *p2, + struct cli_credentials *machine_credentials) +{ + NTSTATUS status; + struct dcerpc_pipe *p; + bool ret = true; + struct torture_samr_context *ctx; + + status = torture_rpc_connection(torture, &p, &ndr_table_samr); + if (!NT_STATUS_IS_OK(status)) { + return false; + } + + ctx = talloc_zero(torture, struct torture_samr_context); + + ctx->choice = TORTURE_SAMR_PASSWORDS_BADPWDCOUNT; + ctx->machine_credentials = machine_credentials; + + ret &= test_Connect(p, torture, &ctx->handle); + + ret &= test_EnumDomains(p, torture, ctx); + + ret &= test_samr_handle_Close(p, torture, &ctx->handle); + + return ret; +} + +struct torture_suite *torture_rpc_samr_passwords_badpwdcount(TALLOC_CTX *mem_ctx) +{ + struct torture_suite *suite = torture_suite_create(mem_ctx, "SAMR-PASSWORDS-BADPWDCOUNT"); + struct torture_rpc_tcase *tcase; + + tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "samr", + &ndr_table_samr, + TEST_ACCOUNT_NAME_PWD); + + torture_rpc_tcase_add_test_creds(tcase, "badPwdCount", + torture_rpc_samr_badpwdcount); + + return suite; +} -- cgit From 13dad3893085dfe2fc01f88b3bb46a0645ab22fb Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 11 Jan 2010 12:40:01 +0100 Subject: s4-smbtorture: fix GetAliasMembership test in RPC-SAMR. Guenther --- source4/torture/rpc/samr.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source4') diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 20d48038e7..8b466e8ef0 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -2639,11 +2639,13 @@ static bool test_GetAliasMembership(struct dcerpc_pipe *p, /* only true for w2k8 it seems * win7, xp, w2k3 will return a 0 length array pointer */ - torture_assert(tctx, (rids.ids && !rids.count), - "samr_GetAliasMembership protocol misbehaviour"); + if (rids.ids && (rids.count == 0)) { + torture_fail(tctx, "samr_GetAliasMembership returned 0 count and a rids array"); + } #endif - torture_assert(tctx, (!rids.ids && rids.count), - "samr_GetAliasMembership protocol misbehaviour"); + if (!rids.ids && rids.count) { + torture_fail(tctx, "samr_GetAliasMembership returned non-0 count but no rids"); + } return true; } -- cgit From 3b8225490321bf29f195d93bb102cb311c61b5d6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 12 Jan 2010 12:34:55 +0100 Subject: s4-selftest: RPC-SAMR-PASSWORDS-BADPWDCOUNT fails against s4. Seems like account lockout is not implemented at all yet. Guenther --- source4/selftest/knownfail | 1 + 1 file changed, 1 insertion(+) (limited to 'source4') diff --git a/source4/selftest/knownfail b/source4/selftest/knownfail index 93a9f38cd2..0c3fd7ca98 100644 --- a/source4/selftest/knownfail +++ b/source4/selftest/knownfail @@ -40,6 +40,7 @@ rpc.netlogon.*.DatabaseRedo rpc.netlogon.*.ServerGetTrustInfo rpc.netlogon.*.GetDomainInfo # Also fails against W2K8 (but in a different way) samba4.rpc.samr.passwords.pwdlastset # Not provided by Samba 4 yet +samba4.rpc.samr.passwords.badpwdcount # Not provided by Samba 4 yet samba4.rpc.samr.users.privileges samba4.rpc.spoolss # Not provided by Samba 4 yet base.charset.*.Testing partial surrogate -- cgit From 3d184399a5ac3604b78ca8cdd5d4e1e3f6412b2d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 12 Jan 2010 11:05:16 -0500 Subject: Strip trailing spaces --- source4/auth/auth.h | 40 +++++------ source4/auth/kerberos/kerberos_pac.c | 124 +++++++++++++++++------------------ 2 files changed, 82 insertions(+), 82 deletions(-) (limited to 'source4') diff --git a/source4/auth/auth.h b/source4/auth/auth.h index fa2329df32..827b441478 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -1,19 +1,19 @@ -/* +/* Unix SMB/CIFS implementation. Standardised Authentication types Copyright (C) Andrew Bartlett 2001 Copyright (C) Stefan Metzmacher 2005 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -79,13 +79,13 @@ struct auth_usersupplied_info struct samr_Password *lanman; struct samr_Password *nt; } hash; - + char *plaintext; } password; uint32_t flags; }; -struct auth_serversupplied_info +struct auth_serversupplied_info { struct dom_sid *account_sid; struct dom_sid *primary_group_sid; @@ -105,7 +105,7 @@ struct auth_serversupplied_info const char *home_directory; const char *home_drive; const char *logon_server; - + NTTIME last_logon; NTTIME last_logoff; NTTIME acct_expiry; @@ -149,7 +149,7 @@ struct auth_operations { struct auth_serversupplied_info **server_info); /* Lookup a 'server info' return based only on the principal */ - NTSTATUS (*get_server_info_principal)(TALLOC_CTX *mem_ctx, + NTSTATUS (*get_server_info_principal)(TALLOC_CTX *mem_ctx, struct auth_context *auth_context, const char *principal, struct auth_serversupplied_info **server_info); @@ -165,12 +165,12 @@ struct auth_method_context { struct auth_context { struct { - /* Who set this up in the first place? */ + /* Who set this up in the first place? */ const char *set_by; bool may_be_modified; - DATA_BLOB data; + DATA_BLOB data; } challenge; /* methods, in the order they should be called */ @@ -187,16 +187,16 @@ struct auth_context { NTSTATUS (*check_password)(struct auth_context *auth_ctx, TALLOC_CTX *mem_ctx, - const struct auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info); - + NTSTATUS (*get_challenge)(struct auth_context *auth_ctx, uint8_t chal[8]); bool (*challenge_may_be_modified)(struct auth_context *auth_ctx); NTSTATUS (*set_challenge)(struct auth_context *auth_ctx, const uint8_t chal[8], const char *set_by); - - NTSTATUS (*get_server_info_principal)(TALLOC_CTX *mem_ctx, + + NTSTATUS (*get_server_info_principal)(TALLOC_CTX *mem_ctx, struct auth_context *auth_context, const char *principal, struct auth_serversupplied_info **server_info); @@ -213,7 +213,7 @@ struct auth_critical_sizes { int sizeof_auth_serversupplied_info; }; - NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_context, + NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_context, enum auth_password_state to_state, const struct auth_usersupplied_info *user_info_in, const struct auth_usersupplied_info **user_info_encrypted); @@ -240,22 +240,22 @@ struct auth_session_info *system_session(struct loadparm_context *lp_ctx); NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx, const char *netbios_name, const char *domain_name, - struct ldb_dn *domain_dn, + struct ldb_dn *domain_dn, struct ldb_message *msg, DATA_BLOB user_sess_key, DATA_BLOB lm_sess_key, struct auth_serversupplied_info **_server_info); -NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx, +NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx, struct loadparm_context *lp_ctx, struct auth_session_info **_session_info) ; NTSTATUS auth_nt_status_squash(NTSTATUS nt_status); -NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods, +NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods, struct tevent_context *ev, struct messaging_context *msg, struct loadparm_context *lp_ctx, struct auth_context **auth_ctx); -NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, +NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct messaging_context *msg, struct loadparm_context *lp_ctx, @@ -263,7 +263,7 @@ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, NTSTATUS auth_check_password(struct auth_context *auth_ctx, TALLOC_CTX *mem_ctx, - const struct auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info); NTSTATUS auth_init(void); NTSTATUS auth_register(const struct auth_operations *ops); diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c index 7a6d008562..ecd35f3dfa 100644 --- a/source4/auth/kerberos/kerberos_pac.c +++ b/source4/auth/kerberos/kerberos_pac.c @@ -1,8 +1,8 @@ -/* +/* Unix SMB/CIFS implementation. Create and parse the krb5 PAC - + Copyright (C) Andrew Bartlett 2004-2005,2008 Copyright (C) Andrew Tridgell 2001 Copyright (C) Luke Howard 2002-2003 @@ -12,13 +12,13 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -31,7 +31,7 @@ #include "lib/ldb/include/ldb.h" #include "auth/auth_sam_reply.h" -krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, +krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, DATA_BLOB pac_data, struct PAC_SIGNATURE_DATA *sig, krb5_context context, @@ -50,7 +50,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, 0, &crypto); if (ret) { - DEBUG(0,("krb5_crypto_init() failed: %s\n", + DEBUG(0,("krb5_crypto_init() failed: %s\n", smb_get_krb5_error_message(context, ret, mem_ctx))); return ret; } @@ -113,7 +113,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - ndr_err = ndr_pull_struct_blob(&blob, pac_data, + ndr_err = ndr_pull_struct_blob(&blob, pac_data, iconv_convenience, pac_data, (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -129,7 +129,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } - ndr_err = ndr_pull_struct_blob(&blob, pac_data_raw, + ndr_err = ndr_pull_struct_blob(&blob, pac_data_raw, iconv_convenience, pac_data_raw, (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA_RAW); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -210,7 +210,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, /* Find and zero out the signatures, as required by the signing algorithm */ /* We find the data blobs above, now we parse them to get at the exact portion we should zero */ - ndr_err = ndr_pull_struct_blob(kdc_sig_blob, kdc_sig_wipe, + ndr_err = ndr_pull_struct_blob(kdc_sig_blob, kdc_sig_wipe, iconv_convenience, kdc_sig_wipe, (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -219,8 +219,8 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, nt_errstr(status))); return status; } - - ndr_err = ndr_pull_struct_blob(srv_sig_blob, srv_sig_wipe, + + ndr_err = ndr_pull_struct_blob(srv_sig_blob, srv_sig_wipe, iconv_convenience, srv_sig_wipe, (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -233,9 +233,9 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, /* Now zero the decoded structure */ memset(kdc_sig_wipe->signature.data, '\0', kdc_sig_wipe->signature.length); memset(srv_sig_wipe->signature.data, '\0', srv_sig_wipe->signature.length); - + /* and reencode, back into the same place it came from */ - ndr_err = ndr_push_struct_blob(kdc_sig_blob, pac_data_raw, + ndr_err = ndr_push_struct_blob(kdc_sig_blob, pac_data_raw, iconv_convenience, kdc_sig_wipe, (ndr_push_flags_fn_t)ndr_push_PAC_SIGNATURE_DATA); @@ -245,7 +245,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, nt_errstr(status))); return status; } - ndr_err = ndr_push_struct_blob(srv_sig_blob, pac_data_raw, + ndr_err = ndr_push_struct_blob(srv_sig_blob, pac_data_raw, iconv_convenience, srv_sig_wipe, (ndr_push_flags_fn_t)ndr_push_PAC_SIGNATURE_DATA); @@ -257,7 +257,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, } /* push out the whole structure, but now with zero'ed signatures */ - ndr_err = ndr_push_struct_blob(&modified_pac_blob, pac_data_raw, + ndr_err = ndr_push_struct_blob(&modified_pac_blob, pac_data_raw, iconv_convenience, pac_data_raw, (ndr_push_flags_fn_t)ndr_push_PAC_DATA_RAW); @@ -269,9 +269,9 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, } /* verify by service_key */ - ret = check_pac_checksum(mem_ctx, - modified_pac_blob, srv_sig_ptr, - context, + ret = check_pac_checksum(mem_ctx, + modified_pac_blob, srv_sig_ptr, + context, service_keyblock); if (ret) { DEBUG(1, ("PAC Decode: Failed to verify the service signature: %s\n", @@ -283,8 +283,8 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, } if (krbtgt_keyblock) { - ret = check_pac_checksum(mem_ctx, - srv_sig_ptr->signature, kdc_sig_ptr, + ret = check_pac_checksum(mem_ctx, + srv_sig_ptr->signature, kdc_sig_ptr, context, krbtgt_keyblock); if (ret) { DEBUG(1, ("PAC Decode: Failed to verify the KDC signature: %s\n", @@ -306,11 +306,11 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, return NT_STATUS_ACCESS_DENIED; } - ret = krb5_parse_name_flags(context, logon_name->account_name, KRB5_PRINCIPAL_PARSE_NO_REALM, + ret = krb5_parse_name_flags(context, logon_name->account_name, KRB5_PRINCIPAL_PARSE_NO_REALM, &client_principal_pac); if (ret) { - DEBUG(2, ("Could not parse name from incoming PAC: [%s]: %s\n", - logon_name->account_name, + DEBUG(2, ("Could not parse name from incoming PAC: [%s]: %s\n", + logon_name->account_name, smb_get_krb5_error_message(context, ret, mem_ctx))); if (k5ret) { *k5ret = ret; @@ -319,20 +319,20 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, } if (!krb5_principal_compare_any_realm(context, client_principal, client_principal_pac)) { - DEBUG(2, ("Name in PAC [%s] does not match principal name in ticket\n", + DEBUG(2, ("Name in PAC [%s] does not match principal name in ticket\n", logon_name->account_name)); return NT_STATUS_ACCESS_DENIED; } - + #if 0 - if (strcasecmp(logon_info->info3.base.account_name.string, + if (strcasecmp(logon_info->info3.base.account_name.string, "Administrator")== 0) { file_save("tmp_pac_data-admin.dat",blob.data,blob.length); } #endif DEBUG(3,("Found account name from PAC: %s [%s]\n", - logon_info->info3.base.account_name.string, + logon_info->info3.base.account_name.string, logon_info->info3.base.full_name.string)); *pac_data_out = pac_data; @@ -347,20 +347,20 @@ _PUBLIC_ NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx, const krb5_keyblock *krbtgt_keyblock, const krb5_keyblock *service_keyblock, krb5_const_principal client_principal, - time_t tgs_authtime, + time_t tgs_authtime, krb5_error_code *k5ret) { NTSTATUS nt_status; struct PAC_DATA *pac_data; int i; - nt_status = kerberos_decode_pac(mem_ctx, + nt_status = kerberos_decode_pac(mem_ctx, iconv_convenience, &pac_data, blob, context, krbtgt_keyblock, service_keyblock, - client_principal, + client_principal, tgs_authtime, k5ret); if (!NT_STATUS_IS_OK(nt_status)) { @@ -372,7 +372,7 @@ _PUBLIC_ NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx, if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) { continue; } - *logon_info = pac_data->buffers[i].info->logon_info.info; + *logon_info = pac_data->buffers[i].info->logon_info.info; } if (!*logon_info) { return NT_STATUS_INVALID_PARAMETER; @@ -380,7 +380,7 @@ _PUBLIC_ NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, +static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, DATA_BLOB *pac_data, struct PAC_SIGNATURE_DATA *sig, krb5_context context, @@ -408,7 +408,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, pac_data->length, &cksum); if (ret) { - DEBUG(2, ("PAC Verification failed: %s\n", + DEBUG(2, ("PAC Verification failed: %s\n", smb_get_krb5_error_message(context, ret, mem_ctx))); } @@ -431,7 +431,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, krb5_context context, const krb5_keyblock *krbtgt_keyblock, const krb5_keyblock *service_keyblock, - DATA_BLOB *pac) + DATA_BLOB *pac) { NTSTATUS nt_status; krb5_error_code ret; @@ -447,28 +447,28 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, if (pac_data->buffers[i].type != PAC_TYPE_KDC_CHECKSUM) { continue; } - kdc_checksum = &pac_data->buffers[i].info->kdc_cksum, + kdc_checksum = &pac_data->buffers[i].info->kdc_cksum, ret = make_pac_checksum(mem_ctx, &zero_blob, - kdc_checksum, + kdc_checksum, context, krbtgt_keyblock); if (ret) { - DEBUG(2, ("making krbtgt PAC checksum failed: %s\n", + DEBUG(2, ("making krbtgt PAC checksum failed: %s\n", smb_get_krb5_error_message(context, ret, mem_ctx))); talloc_free(pac_data); return ret; } } - + for (i=0; i < pac_data->num_buffers; i++) { if (pac_data->buffers[i].type != PAC_TYPE_SRV_CHECKSUM) { continue; } - srv_checksum = &pac_data->buffers[i].info->srv_cksum; - ret = make_pac_checksum(mem_ctx, &zero_blob, - srv_checksum, + srv_checksum = &pac_data->buffers[i].info->srv_cksum; + ret = make_pac_checksum(mem_ctx, &zero_blob, + srv_checksum, context, service_keyblock); if (ret) { - DEBUG(2, ("making service PAC checksum failed: %s\n", + DEBUG(2, ("making service PAC checksum failed: %s\n", smb_get_krb5_error_message(context, ret, mem_ctx))); talloc_free(pac_data); return ret; @@ -488,7 +488,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, memset(kdc_checksum->signature.data, '\0', kdc_checksum->signature.length); memset(srv_checksum->signature.data, '\0', srv_checksum->signature.length); - ndr_err = ndr_push_struct_blob(&tmp_blob, mem_ctx, + ndr_err = ndr_push_struct_blob(&tmp_blob, mem_ctx, iconv_convenience, pac_data, (ndr_push_flags_fn_t)ndr_push_PAC_DATA); @@ -506,14 +506,14 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, /* Then sign Server checksum */ ret = make_pac_checksum(mem_ctx, &srv_checksum->signature, kdc_checksum, context, krbtgt_keyblock); if (ret) { - DEBUG(2, ("making krbtgt PAC checksum failed: %s\n", + DEBUG(2, ("making krbtgt PAC checksum failed: %s\n", smb_get_krb5_error_message(context, ret, mem_ctx))); talloc_free(pac_data); return ret; } /* And push it out again, this time to the world. This relies on determanistic pointer values */ - ndr_err = ndr_push_struct_blob(&tmp_blob, mem_ctx, + ndr_err = ndr_push_struct_blob(&tmp_blob, mem_ctx, iconv_convenience, pac_data, (ndr_push_flags_fn_t)ndr_push_PAC_DATA); @@ -552,7 +552,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, union PAC_INFO *u_SRV_CHECKSUM; char *name; - + enum { PAC_BUF_LOGON_INFO = 0, PAC_BUF_LOGON_NAME = 1, @@ -568,7 +568,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, pac_data->num_buffers = PAC_BUF_NUM_BUFFERS; pac_data->version = 0; - pac_data->buffers = talloc_array(pac_data, + pac_data->buffers = talloc_array(pac_data, struct PAC_BUFFER, pac_data->num_buffers); if (!pac_data->buffers) { @@ -630,7 +630,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, u_LOGON_INFO->logon_info.info = LOGON_INFO; LOGON_INFO->info3 = *sam3; - ret = krb5_unparse_name_flags(context, client_principal, + ret = krb5_unparse_name_flags(context, client_principal, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &name); if (ret) { return ret; @@ -643,9 +643,9 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, */ unix_to_nt_time(&LOGON_NAME->logon_time, tgs_authtime); - ret = kerberos_encode_pac(mem_ctx, + ret = kerberos_encode_pac(mem_ctx, iconv_convenience, - pac_data, + pac_data, context, krbtgt_keyblock, service_keyblock, @@ -658,7 +658,7 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx, struct smb_iconv_convenience *iconv_convenience, krb5_pac pac, krb5_context context, - struct auth_serversupplied_info **server_info) + struct auth_serversupplied_info **server_info) { NTSTATUS nt_status; enum ndr_err_code ndr_err; @@ -701,12 +701,12 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx, nt_status = make_server_info_netlogon_validation(mem_ctx, "", 3, &validation, - &server_info_out); + &server_info_out); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(tmp_ctx); return EINVAL; } - + ret = krb5_pac_get_buffer(context, pac, PAC_TYPE_SRV_CHECKSUM, &k5pac_srv_checksum_in); if (ret != 0) { talloc_free(tmp_ctx); @@ -714,8 +714,8 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx, } pac_srv_checksum_in = data_blob_const(k5pac_srv_checksum_in.data, k5pac_srv_checksum_in.length); - - ndr_err = ndr_pull_struct_blob(&pac_srv_checksum_in, server_info_out, + + ndr_err = ndr_pull_struct_blob(&pac_srv_checksum_in, server_info_out, iconv_convenience, &server_info_out->pac_srv_sig, (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA); krb5_data_free(&k5pac_srv_checksum_in); @@ -733,8 +733,8 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx, } pac_kdc_checksum_in = data_blob_const(k5pac_kdc_checksum_in.data, k5pac_kdc_checksum_in.length); - - ndr_err = ndr_pull_struct_blob(&pac_kdc_checksum_in, server_info_out, + + ndr_err = ndr_pull_struct_blob(&pac_kdc_checksum_in, server_info_out, iconv_convenience, &server_info_out->pac_kdc_sig, (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA); krb5_data_free(&k5pac_kdc_checksum_in); @@ -746,21 +746,21 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx, } *server_info = server_info_out; - + return 0; } NTSTATUS kerberos_pac_blob_to_server_info(TALLOC_CTX *mem_ctx, struct smb_iconv_convenience *iconv_convenience, - DATA_BLOB pac_blob, + DATA_BLOB pac_blob, krb5_context context, - struct auth_serversupplied_info **server_info) + struct auth_serversupplied_info **server_info) { krb5_error_code ret; krb5_pac pac; - ret = krb5_pac_parse(context, - pac_blob.data, pac_blob.length, + ret = krb5_pac_parse(context, + pac_blob.data, pac_blob.length, &pac); if (ret) { return map_nt_error_from_unix(ret); -- cgit