Re: Differences in Samba and CIFS in terms of keeping the deleted files open?

I see there are some bugzilla links open but not really sure if they conform
to the same behaviour what I see.

http://www.mail-archive.com/samba <at> lists.samba.org/msg94854.html
 https://bugzilla.samba.org/show_bug.cgi?id=5315
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6213298
http://bugs.sun.com/bugdatabase/view_bug.do;jsessionid=991fdfd56a9fcffffffffcbbb8cdf50d6de3?bug_id=4313887
http://jcp.org/en/jsr/detail?id=203

On Mon, Jul 20, 2009 at 9:59 PM, Nikhil <mnikhil <at> gmail.com> wrote:

> Hi,
>
> We have a CIFS server running on a NetApp server and a Solaris host running
> Samba-3.3.2.
>
> When we mount both the filesystems to a Drive on a Windows using the net
> use command and then try to run a java program which basically does nothing
> but continuosly writes a data chunk to a file. On a side note, these same
> filesystems are accessible on a Solaris (unix) host too.
>
> When the java program is run and a file is being generated, I go to my unix
> terminal and happen to delete the file generated by the java program.
> Interestingly, there is an IOexception caught in the java program running on
> the Windows machine, when the file is deleted on the CIFS based filesystem
> (available on Solaris as a NFS filesystems) but there is no exception caught
> when the filesystem happens to be Samba (available on Solaris as /var , a
> regular partition).
>
> I delete the file from Unix as the process demands, but also there is no

RE: Session keys are not always 16 bytes long

Andrew,

  Thanks for the information provided.  We successfully reproduced and debugged the behavior of SMB signing
between Samba Smbclient and Windows server using AES256 session key(32 bytes).   The outcome of live
debugging proved that SMB signing is using entire 32 bytes session key, just as you reported initially. 
The product team also confirmed this behavior.  We will update MS-SMB document accordingly.  

  Please let us know if you have any further question regarding this topic.

Thanks!  

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet@...] 
Sent: Sunday, November 30, 2008 8:53 PM
To: Hongwei Sun
Cc: Stefan (metze) Metzmacher
Subject: RE: [cifs-protocol] Session keys are not always 16 bytes long

On Tue, 2008-11-25 at 15:52 -0800, Hongwei Sun wrote:
> Andrew,
> 
>    As per our discussion during conference call, I would like to run testing on Samba with Windows server for
session key length used for SMB signing.  Can I run smbtorture to see the behavior ?  If so, what test option
should I select ?   How can I configure it to use Kerberos with AES256 ?  Use Krb5.conf ?   If you could point me to
the source code file and lines, it will be helpful for me too.

I suggest running just smbclient, to a windows server that enforces signing, with 'smbclient
//myserver/share -d11 -k yes -Uuser%pass' as the command line.  This should trigger the behaviour, and
print the key if you are on a modern linux distro.  

Regarding IDL for {MS-LSAD] and [MS-LSAT]

_______________________________________________
cifs-protocol mailing list
cifs-protocol@...
https://lists.samba.org/mailman/listinfo/cifs-protocol

Re: Inconsistencies in ad-schema docs and text files

On Wed, Jan 21, 2009 at 10:06 PM, Richard Guthrie
<rguthrie@...> wrote:
> Andrew/Sreepathi:
>
> Attached is an updated schema file for Windows 2008, Windows 2003, Windows 2003 R2 and Windows 2000.  This
should resolve all the issues you have sent us previously.

I've run a quick check of the 2008 schema files (only -- not looked at
the others) against the schema.ldif found here (which was generated
directly from a server):
<http://gitweb.samba.org/?p=samba.git;a=blob_plain;f=source4/setup/schema.ldif;hb=e9615b43b4dc7037da7bc274d720b8e54c7f85bc>,
and indeed many of the inconsistencies seem to have been corrected.
Thank you! I am currently unable to verify consistency of these files
with the documentation however -- I'll try to look at this later.

The biggest issue I encountered seem to be that the following
attributes are present in the documentation, but absent in the 2008
file I checked:

DSA-Signature (ADA1:2.209), Has-Master-NCs, Home-Drive, Has-Partial-Replica-NCs,
Last-Logon-Timestamp, Local-Policy-Flags, ms-DS-Mastered-By

There are a number of other issues, but since they seem agree with the
documentation and only conflict with the generated schema file, I'll
leave to it Andrew to decide if they're indeed issues that may have to
be addressed:

The possibleInferiors attribute has disappeared.
Many systemFlags: 0 values have disappeared.
The Root-Trust attribute is present in the generated schema, but
absent in both the docs as well as the MS schema files.
Many bit flags are different, but changes seem to be okay (new flags
added, etc.)
One possible concern, however, is:

-Schema-Flags-Ex.systemOnly: FALSE
+Schema-Flags-Ex.systemOnly: TRUE

(- == schema.ldif, + == ms_schema_2k8.ldif), this is consistent with
the docs though.

Also, I seem to detect changes in some DefaultSecurityDescriptor
values too (e.g., DomainDNS), but am currently unable to verify
against the documentation -- I'll do this later.

The differences file is 114K compressed(!) -- mostly due to additions
I think, so I'm not attaching it. Please let me know if you need to
look at it so I can send it to you.

--

-- 
Sreepathi Pai

MS-LSAD - Review of table in section 3.1.1.5

_______________________________________________
cifs-protocol mailing list
cifs-protocol@...
https://lists.samba.org/mailman/listinfo/cifs-protocol

RE: Revised Open Specifications for Windows Protocols

_______________________________________________
cifs-protocol mailing list
cifs-protocol@...
https://lists.samba.org/mailman/listinfo/cifs-protocol

Re: Inconsistencies in ad-schema docs and text files

On Sat, Jan 10, 2009 at 4:50 AM, Richard Guthrie <rguthrie@...> wrote:

> Finally, I found two issues where you might want to look into as I did not find those attribute values in the
documentation.  Here is the excerpts from the patch file you sent:

> +homePhone.systemFlags: 0 <--

This value is present in MS-ADA1, in 2.297 just after the "main" LDIF
schema in version-specific behaviour section being noted as Windows
2000 specific.

> +invocationId.searchFlags: 0 <--

It is the same with this value too.

I haven't had a chance to look through the schema docs you sent, but
if they're version specific, then I guess these values will be present
there too.

--

-- 
Sreepathi Pai

Inconsistencies in ad-schema docs and text files

Hi,

I ran a diff against _normalized_ versions of the MS-AD* text files
(that were updated to fix all issues reported so far) and text files
generated from the documentation and found an additional number of
issues. Some of them are text-extraction issues, but some seem to be
the result of the text files containing old content. I attach the diff
for perusal, each attribute has been prefixed with its cn. Both the
ADA and ADSC files are compared (however the files were merged,
sorry).

1) FLAG_DOMAIN_DISALLOW_RENAME not present on a number of attributes
for systemFlags
2) defaultSecurityDescriptor is different from the docs
3) Differences in values for many attributes (e.g.
lastLogonTimestamp.searchFlags)
4) Content in docs not in text files (ms-net-ieee-8023-GroupPolicy)
5) GUIDs different in docs and text files (msDFS-Commentv2 and more)

and a number of other issues as well, mostly differences in attribute values.

[Note that whenCreated, homePhone have multiple systemFlags (dependent
on OS version), I've preserved both -- these are probably not errors.
The same with invocationId.searchFlags]

-- 
Sreepathi Pai

--- norm-ad-schema.txt	2009-01-05 23:37:50.000000000 +0530
+++ norm-docs.txt	2009-01-05 23:37:35.000000000 +0530
 <at>  <at>  -746,7 +746,7  <at>  <at> 
 allowedAttributes.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 allowedAttributes.schemaIdGuid: 9a7ad940-ca53-11d1-bbd0-0080c76670c0
 allowedAttributes.searchFlags: 0
-allowedAttributes.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+allowedAttributes.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 allowedAttributes.systemOnly: TRUE
 allowedAttributes.zzzblank
 allowedAttributesEffective.attributeId: 1.2.840.113556.1.4.914
 <at>  <at>  -759,7 +759,7  <at>  <at> 
 allowedAttributesEffective.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 allowedAttributesEffective.schemaIdGuid: 9a7ad941-ca53-11d1-bbd0-0080c76670c0
 allowedAttributesEffective.searchFlags: 0
-allowedAttributesEffective.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+allowedAttributesEffective.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 allowedAttributesEffective.systemOnly: TRUE
 allowedAttributesEffective.zzzblank
 allowedChildClasses.attributeId: 1.2.840.113556.1.4.911
 <at>  <at>  -772,7 +772,7  <at>  <at> 
 allowedChildClasses.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 allowedChildClasses.schemaIdGuid: 9a7ad942-ca53-11d1-bbd0-0080c76670c0
 allowedChildClasses.searchFlags: 0
-allowedChildClasses.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+allowedChildClasses.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 allowedChildClasses.systemOnly: TRUE
 allowedChildClasses.zzzblank
 allowedChildClassesEffective.attributeId: 1.2.840.113556.1.4.912
 <at>  <at>  -785,7 +785,7  <at>  <at> 
 allowedChildClassesEffective.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 allowedChildClassesEffective.schemaIdGuid: 9a7ad943-ca53-11d1-bbd0-0080c76670c0
 allowedChildClassesEffective.searchFlags: 0
-allowedChildClassesEffective.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+allowedChildClassesEffective.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 allowedChildClassesEffective.systemOnly: TRUE
 allowedChildClassesEffective.zzzblank
 altSecurityIdentities.attributeId: 1.2.840.113556.1.4.867
 <at>  <at>  -811,7 +811,7  <at>  <at> 
 aNR.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 aNR.schemaIdGuid: 45b01500-c419-11d1-bbc9-0080c76670c0
 aNR.searchFlags: 0
-aNR.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+aNR.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 aNR.systemOnly: FALSE
 aNR.zzzblank
 applicationEntity.cn: Application-Entity
 <at>  <at>  -1025,7 +1025,7  <at>  <at> 
 attributeSchema.rdnAttId: cn
 attributeSchema.schemaIdGuid:bf967a80-0de6-11d0-a285-00aa003049e2
 attributeSchema.subClassOf: top
-attributeSchema.systemFlags: FLAG_SCHEMA_BASE_OBJECT
+attributeSchema.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_DOMAIN_DISALLOW_RENAME
 attributeSchema.systemMayContain:systemOnly,searchFlags,schemaFlagsEx,rangeUpper,rangeLower,oMObjectClass,msDs-Schema-Extensions,msDS-IntId,mAPIID,linkID,isMemberOfPartialAttributeSet,isEphemeral,isDefunct,extendedCharsAllowed,classDisplayName,attributeSecurityGUID 
 attributeSchema.systemMustContain:schemaIDGUID,oMSyntax,lDAPDisplayName,isSingleValued,cn,attributeSyntax,attributeID 
 attributeSchema.systemOnly: FALSE
 <at>  <at>  -1066,7 +1066,7  <at>  <at> 
 attributeTypes.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 attributeTypes.schemaIdGuid: 9a7ad944-ca53-11d1-bbd0-0080c76670c0
 attributeTypes.searchFlags: 0
-attributeTypes.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+attributeTypes.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 attributeTypes.systemOnly: TRUE
 attributeTypes.zzzblank
 audio.attributeId: 0.9.2342.19200300.100.1.55
 <at>  <at>  -1368,7 +1368,7  <at>  <at> 
 canonicalName.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 canonicalName.schemaIdGuid: 9a7ad945-ca53-11d1-bbd0-0080c76670c0
 canonicalName.searchFlags: 0
-canonicalName.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+canonicalName.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 canonicalName.systemOnly: TRUE
 canonicalName.zzzblank
 canUpgradeScript.attributeId: 1.2.840.113556.1.4.815
 <at>  <at>  -1556,7 +1556,7  <at>  <at> 
 classSchema.rdnAttId: cn
 classSchema.schemaIdGuid:bf967a83-0de6-11d0-a285-00aa003049e2
 classSchema.subClassOf: top
-classSchema.systemFlags: FLAG_SCHEMA_BASE_OBJECT
+classSchema.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_DOMAIN_DISALLOW_RENAME
 classSchema.systemMayContain:systemPossSuperiors,systemOnly,systemMustContain,systemMayContain,systemAuxiliaryClass,schemaFlagsEx,rDNAttID,possSuperiors,mustContain,msDs-Schema-Extensions,msDS-IntId,mayContain,lDAPDisplayName,isDefunct,defaultSecurityDescriptor,defaultHidingValue,classDisplayName,auxiliaryClass 
 classSchema.systemMustContain:subClassOf,schemaIDGUID,objectClassCategory,governsID,defaultObjectCategory,cn 
 classSchema.systemOnly: FALSE
 <at>  <at>  -1963,7 +1963,7  <at>  <at> 
 createTimeStamp.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 createTimeStamp.schemaIdGuid: 2df90d73-009f-11d2-aa4c-00c04fd7d83a
 createTimeStamp.searchFlags: 0
-createTimeStamp.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+createTimeStamp.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 createTimeStamp.systemOnly: TRUE
 createTimeStamp.zzzblank
 createWizardExt.attributeId: 1.2.840.113556.1.4.812
 <at>  <at>  -2687,7 +2687,7  <at>  <at> 
 dITContentRules.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 dITContentRules.schemaIdGuid: 9a7ad946-ca53-11d1-bbd0-0080c76670c0
 dITContentRules.searchFlags: 0
-dITContentRules.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+dITContentRules.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 dITContentRules.systemOnly: TRUE
 dITContentRules.zzzblank
 division.attributeId: 1.2.840.113556.1.4.261
 <at>  <at>  -3041,7 +3041,7  <at>  <at> 
 domainDNS.cn: Domain-DNS
 domainDNS.defaultHidingValue: FALSE
 domainDNS.defaultObjectCategory:CN=Domain-DNS,CN=Schema,CN=Configuration,<RootDomainDN> 
-domainDNS.defaultSecurityDescriptor:D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;RO)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) 
+domainDNS.defaultSecurityDescriptor:D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) 
 domainDNS.governsId: 1.2.840.113556.1.5.67
 domainDNS.ldapDisplayName: domainDNS
 domainDNS.objectClassCategory: 1
 <at>  <at>  -3431,7 +3431,7  <at>  <at> 
 extendedAttributeInfo.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 extendedAttributeInfo.schemaIdGuid: 9a7ad947-ca53-11d1-bbd0-0080c76670c0
 extendedAttributeInfo.searchFlags: 0
-extendedAttributeInfo.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+extendedAttributeInfo.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 extendedAttributeInfo.systemOnly: TRUE
 extendedAttributeInfo.zzzblank
 extendedCharsAllowed.attributeId: 1.2.840.113556.1.2.380
 <at>  <at>  -3457,7 +3457,7  <at>  <at> 
 extendedClassInfo.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 extendedClassInfo.schemaIdGuid: 9a7ad948-ca53-11d1-bbd0-0080c76670c0
 extendedClassInfo.searchFlags: 0
-extendedClassInfo.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+extendedClassInfo.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 extendedClassInfo.systemOnly: TRUE
 extendedClassInfo.zzzblank
 extensionName.attributeId: 1.2.840.113556.1.2.227
 <at>  <at>  -3636,7 +3636,7  <at>  <at> 
 fromEntry.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 fromEntry.schemaIdGuid: 9a7ad949-ca53-11d1-bbd0-0080c76670c0
 fromEntry.searchFlags: 0
-fromEntry.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+fromEntry.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 fromEntry.systemOnly: TRUE
 fromEntry.zzzblank
 fromServer.attributeId: 1.2.840.113556.1.4.40
 <at>  <at>  -4482,6 +4482,7  <at>  <at> 
 homePhone.rangeUpper: 64
 homePhone.schemaIdGuid: f0f8ffa1-1191-11d0-a060-00aa006c33ed
 homePhone.searchFlags: 0
+homePhone.systemFlags: 0
 homePhone.systemFlags: FLAG_SCHEMA_BASE_OBJECT
 homePhone.systemOnly: FALSE
 homePhone.zzzblank
 <at>  <at>  -4593,7 +4594,7  <at>  <at> 
 inetOrgPerson.cn: inetOrgPerson
 inetOrgPerson.defaultHidingValue: FALSE
 inetOrgPerson.defaultObjectCategory:CN=Person,CN=Schema,CN=Configuration,<RootDomainDN> 
-inetOrgPerson.defaultSecurityDescriptor:D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561) 
+inetOrgPerson.defaultSecurityDescriptor:D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561) 
 inetOrgPerson.governsId: 2.16.840.1.113730.3.2.2
 inetOrgPerson.ldapDisplayName: inetOrgPerson
 inetOrgPerson.mayContain:x500uniqueIdentifier,userSMIMECertificate,userPKCS12,userCertificate,uid,secretary,roomNumber,preferredLanguage,photo,pager,o,mobile,manager,mail,labeledURI,jpegPhoto,initials,homePostalAddress,homePhone,givenName,employeeType,employeeNumber,displayName,departmentNumber,carLicense,businessCategory,audio 
 <at>  <at>  -4818,6 +4819,7  <at>  <at> 
 invocationId.omSyntax: 4
 invocationId.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 invocationId.schemaIdGuid: bf96798e-0de6-11d0-a285-00aa003049e2
+invocationId.searchFlags: 0
 invocationId.searchFlags: fATTINDEX
 invocationId.systemFlags: FLAG_SCHEMA_BASE_OBJECT
 invocationId.systemOnly: TRUE
 <at>  <at>  -5405,7 +5407,7  <at>  <at> 
 lastLogonTimestamp.omSyntax: 65
 lastLogonTimestamp.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 lastLogonTimestamp.schemaIdGuid: c0e20a04-0e5a-4ff3-9482-5efeaecd7060
-lastLogonTimestamp.searchFlags: 0
+lastLogonTimestamp.searchFlags: fATTINDEX
 lastLogonTimestamp.systemFlags: FLAG_SCHEMA_BASE_OBJECT
 lastLogonTimestamp.systemOnly: FALSE
 lastLogonTimestamp.zzzblank
 <at>  <at>  -6532,7 +6534,7  <at>  <at> 
 modifyTimeStamp.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 modifyTimeStamp.schemaIdGuid: 9a7ad94a-ca53-11d1-bbd0-0080c76670c0
 modifyTimeStamp.searchFlags: 0
-modifyTimeStamp.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+modifyTimeStamp.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 modifyTimeStamp.systemOnly: TRUE
 modifyTimeStamp.zzzblank
 moniker.attributeId: 1.2.840.113556.1.4.82
 <at>  <at>  -6663,6 +6665,21  <at>  <at> 
 ms-net-ieee-80211-GP-PolicyReserved.systemFlags: FLAG_SCHEMA_BASE_OBJECT
 ms-net-ieee-80211-GP-PolicyReserved.systemOnly: FALSE
 ms-net-ieee-80211-GP-PolicyReserved.zzzblank
+ms-net-ieee-80211-GroupPolicy.cn: ms-net-ieee-80211-GroupPolicy
+ms-net-ieee-80211-GroupPolicy.defaultHidingValue: TRUE
+ms-net-ieee-80211-GroupPolicy.defaultObjectCategory:CN=ms-net-ieee-80211-GroupPolicy,CN=Schema,CN=Configuration,<RootDomainDN> 
+ms-net-ieee-80211-GroupPolicy.defaultSecurityDescriptor:D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) 
+ms-net-ieee-80211-GroupPolicy.governsID: 1.2.840.113556.1.5.251
+ms-net-ieee-80211-GroupPolicy.lDAPDisplayName: ms-net-ieee-80211-GroupPolicy
+ms-net-ieee-80211-GroupPolicy.objectClassCategory: 1
+ms-net-ieee-80211-GroupPolicy.rDNAttID: cn
+ms-net-ieee-80211-GroupPolicy.schemaIDGUID: 1cb81863-b822-4379-9ea2-5ff7bdc6386d
+ms-net-ieee-80211-GroupPolicy.subClassOf: top
+ms-net-ieee-80211-GroupPolicy.systemFlags: FLAG_SCHEMA_BASE_OBJECT
+ms-net-ieee-80211-GroupPolicy.systemMayContain:ms-net-ieee-80211-GP-PolicyReserved,ms-net-ieee-80211-GP-PolicyData,ms-net-ieee-80211-GP-PolicyGUID 
+ms-net-ieee-80211-GroupPolicy.systemOnly: FALSE
+ms-net-ieee-80211-GroupPolicy.systemPossSuperiors:computer,container,person 
+ms-net-ieee-80211-GroupPolicy.zzzblank
 ms-net-ieee-8023-GP-PolicyData.attributeId: 1.2.840.113556.1.4.1955
 ms-net-ieee-8023-GP-PolicyData.attributeSyntax: 2.5.5.12
 ms-net-ieee-8023-GP-PolicyData.cn: ms-net-ieee-8023-GP-PolicyData
 <at>  <at>  -6699,6 +6716,21  <at>  <at> 
 ms-net-ieee-8023-GP-PolicyReserved.systemFlags: FLAG_SCHEMA_BASE_OBJECT
 ms-net-ieee-8023-GP-PolicyReserved.systemOnly: FALSE
 ms-net-ieee-8023-GP-PolicyReserved.zzzblank
+ms-net-ieee-8023-GroupPolicy.cn: ms-net-ieee-8023-GroupPolicy
+ms-net-ieee-8023-GroupPolicy.defaultHidingValue: TRUE
+ms-net-ieee-8023-GroupPolicy.defaultObjectCategory:CN=ms-net-ieee-8023-GroupPolicy,CN=Schema,CN=Configuration,<RootDomainDN> 
+ms-net-ieee-8023-GroupPolicy.defaultSecurityDescriptor:D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) 
+ms-net-ieee-8023-GroupPolicy.governsID: 1.2.840.113556.1.5.252
+ms-net-ieee-8023-GroupPolicy.lDAPDisplayName: ms-net-ieee-8023-GroupPolicy
+ms-net-ieee-8023-GroupPolicy.objectClassCategory: 1
+ms-net-ieee-8023-GroupPolicy.rDNAttID: cn
+ms-net-ieee-8023-GroupPolicy.schemaIDGUID: 99a03a6a-ab19-4446-9350-0cb878ed2d9b
+ms-net-ieee-8023-GroupPolicy.subClassOf: top
+ms-net-ieee-8023-GroupPolicy.systemFlags: FLAG_SCHEMA_BASE_OBJECT
+ms-net-ieee-8023-GroupPolicy.systemMayContain:ms-net-ieee-8023-GP-PolicyReserved,ms-net-ieee-8023-GP-PolicyData,ms-net-ieee-8023-GP-PolicyGUID 
+ms-net-ieee-8023-GroupPolicy.systemOnly: FALSE
+ms-net-ieee-8023-GroupPolicy.systemPossSuperiors:computer,container,person 
+ms-net-ieee-8023-GroupPolicy.zzzblank
 mS-SQL-Alias.attributeId: 1.2.840.113556.1.4.1395
 mS-SQL-Alias.attributeSyntax: 2.5.5.12
 mS-SQL-Alias.cn: MS-SQL-Alias
 <at>  <at>  -7428,9 +7460,25  <at>  <at> 
 msDFS-Commentv2.omSyntax: 64
 msDFS-Commentv2.rangeLower: 0
 msDFS-Commentv2.rangeUpper: 32766
-msDFS-Commentv2.schemaIdGuid: 4fb42f00-29bd-4f82-b94b-07c7fa61e449
+msDFS-Commentv2.schemaIdGuid: b786cec9-61fd-4523-b2c1-5ceb3860bb32
 msDFS-Commentv2.searchFlags: 0
 msDFS-Commentv2.zzzblank
+msDFS-DeletedLinkv2.cn: ms-DFS-Deleted-Link-v2
+msDFS-DeletedLinkv2.defaultHidingValue: TRUE
+msDFS-DeletedLinkv2.defaultObjectCategory:CN=ms-DFS-Deleted-Link-v2,CN=Schema,CN=Configuration,<RootDomainDN> 
+msDFS-DeletedLinkv2.defaultSecurityDescriptor:D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) 
+msDFS-DeletedLinkv2.governsId: 1.2.840.113556.1.5.260
+msDFS-DeletedLinkv2.ldapDisplayName: msDFS-DeletedLinkv2
+msDFS-DeletedLinkv2.objectClassCategory: 1
+msDFS-DeletedLinkv2.rdnAttId: cn
+msDFS-DeletedLinkv2.schemaIdGuid: 25173408-04ca-40e8-865e-3f9ce9bf1bd3
+msDFS-DeletedLinkv2.subClassOf: top
+msDFS-DeletedLinkv2.systemFlags: FLAG_SCHEMA_BASE_OBJECT
+msDFS-DeletedLinkv2.systemMayContain:msDFS-Commentv2,msDFS-ShortNameLinkPathv2 
+msDFS-DeletedLinkv2.systemMustContain:msDFS-NamespaceIdentityGUIDv2,msDFS-LinkIdentityGUIDv2,msDFS-LastModifiedv2,msDFS-LinkPathv2 
+msDFS-DeletedLinkv2.systemOnly: FALSE
+msDFS-DeletedLinkv2.systemPossSuperiors:msDFS-Namespacev2 
+msDFS-DeletedLinkv2.zzzblank
 msDFS-GenerationGUIDv2.attributeId: 1.2.840.113556.1.4.2032
 msDFS-GenerationGUIDv2.attributeSyntax: 2.5.5.10
 msDFS-GenerationGUIDv2.cn: ms-DFS-Generation-GUID-v2
 <at>  <at>  -7440,7 +7488,7  <at>  <at> 
 msDFS-GenerationGUIDv2.omSyntax: 4
 msDFS-GenerationGUIDv2.rangeLower: 16
 msDFS-GenerationGUIDv2.rangeUpper: 16
-msDFS-GenerationGUIDv2.schemaIdGuid: 62a45d41-424c-4905-b728-e5ef1fc4fe42
+msDFS-GenerationGUIDv2.schemaIdGuid: 35b8b3d9-c58f-43d6-930e-5040f2f1a781
 msDFS-GenerationGUIDv2.searchFlags: 0
 msDFS-GenerationGUIDv2.zzzblank
 msDFS-LastModifiedv2.attributeId: 1.2.840.113556.1.4.2034
 <at>  <at>  -7450,7 +7498,7  <at>  <at> 
 msDFS-LastModifiedv2.isSingleValued: TRUE
 msDFS-LastModifiedv2.ldapDisplayName: msDFS-LastModifiedv2
 msDFS-LastModifiedv2.omSyntax: 24
-msDFS-LastModifiedv2.schemaIdGuid: d6147e9b-b369-4b98-9f7b-1f345bb0680a
+msDFS-LastModifiedv2.schemaIdGuid: 3c095e8a-314e-465b-83f5-ab8277bcf29b
 msDFS-LastModifiedv2.searchFlags: 0
 msDFS-LastModifiedv2.zzzblank
 msDFS-LinkIdentityGUIDv2.attributeId: 1.2.840.113556.1.4.2041
 <at>  <at>  -7462,7 +7510,7  <at>  <at> 
 msDFS-LinkIdentityGUIDv2.omSyntax: 4
 msDFS-LinkIdentityGUIDv2.rangeLower:16
 msDFS-LinkIdentityGUIDv2.rangeUpper: 16
-msDFS-LinkIdentityGUIDv2.schemaIdGuid: 19e2bd91-e8fa-49b2-be2b-7efd5ae5676d
+msDFS-LinkIdentityGUIDv2.schemaIdGuid: edb027f3-5726-4dee-8d4e-dbf07e1ad1f1
 msDFS-LinkIdentityGUIDv2.searchFlags: 0
 msDFS-LinkIdentityGUIDv2.zzzblank
 msDFS-LinkPathv2.attributeId: 1.2.840.113556.1.4.2039
 <at>  <at>  -7474,7 +7522,7  <at>  <at> 
 msDFS-LinkPathv2.omSyntax: 64
 msDFS-LinkPathv2.rangeLower: 0
 msDFS-LinkPathv2.rangeUpper: 32766
-msDFS-LinkPathv2.schemaIdGuid: 5882bb1e-3101-4845-a21e-1516e59279f2
+msDFS-LinkPathv2.schemaIdGuid: 86b021f6-10ab-40a2-a252-1dc0cc3be6a9
 msDFS-LinkPathv2.searchFlags: 0
 msDFS-LinkPathv2.zzzblank
 msDFS-LinkSecurityDescriptorv2.attributeId: 1.2.840.113556.1.4.2040
 <at>  <at>  -7484,9 +7532,40  <at>  <at> 
 msDFS-LinkSecurityDescriptorv2.isSingleValued: TRUE
 msDFS-LinkSecurityDescriptorv2.ldapDisplayName: msDFS-LinkSecurityDescriptorv2
 msDFS-LinkSecurityDescriptorv2.omSyntax: 66
-msDFS-LinkSecurityDescriptorv2.schemaIdGuid: d780b945-3caa-4d28-975b-eb3f08e455e1
+msDFS-LinkSecurityDescriptorv2.schemaIdGuid: 57cf87f7-3426-4841-b322-02b3b6e9eba8
 msDFS-LinkSecurityDescriptorv2.searchFlags: 0
 msDFS-LinkSecurityDescriptorv2.zzzblank
+msDFS-Linkv2.cn: ms-DFS-Link-v2
+msDFS-Linkv2.defaultHidingValue: TRUE
+msDFS-Linkv2.defaultObjectCategory:CN=ms-DFS-Link-v2,CN=Schema,CN=Configuration,<RootDomainDN> 
+msDFS-Linkv2.defaultSecurityDescriptor:D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) 
+msDFS-Linkv2.governsId: 1.2.840.113556.1.5.259
+msDFS-Linkv2.ldapDisplayName: msDFS-Linkv2
+msDFS-Linkv2.objectClassCategory: 1
+msDFS-Linkv2.rdnAttId: cn
+msDFS-Linkv2.schemaIdGuid: 7769fb7a-1159-4e96-9ccd-68bc487073eb
+msDFS-Linkv2.subClassOf: top
+msDFS-Linkv2.systemFlags: FLAG_SCHEMA_BASE_OBJECT
+msDFS-Linkv2.systemMayContain:msDFS-Commentv2,msDFS-LinkSecurityDescriptorv2,msDFS-ShortNameLinkPathv2 
+msDFS-Linkv2.systemMustContain:msDFS-GenerationGUIDv2,msDFS-NamespaceIdentityGUIDv2,msDFS-LinkIdentityGUIDv2,msDFS-LastModifiedv2,msDFS-Ttlv2,msDFS-TargetListv2,msDFS-Propertiesv2,msDFS-LinkPathv2 
+msDFS-Linkv2.systemOnly: FALSE
+msDFS-Linkv2.systemPossSuperiors:msDFS-Namespacev2 
+msDFS-Linkv2.zzzblank
+msDFS-NamespaceAnchor.cn: ms-DFS-Namespace-Anchor
+msDFS-NamespaceAnchor.defaultHidingValue: TRUE
+msDFS-NamespaceAnchor.defaultObjectCategory:CN=ms-DFS-Namespace-Anchor,CN=Schema,CN=Configuration,<RootDomainDN> 
+msDFS-NamespaceAnchor.defaultSecurityDescriptor:D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) 
+msDFS-NamespaceAnchor.governsId: 1.2.840.113556.1.5.257
+msDFS-NamespaceAnchor.ldapDisplayName: msDFS-NamespaceAnchor
+msDFS-NamespaceAnchor.objectClassCategory: 1
+msDFS-NamespaceAnchor.rdnAttId: cn
+msDFS-NamespaceAnchor.schemaIdGuid: da73a085-6e64-4d61-b064-015d04164795
+msDFS-NamespaceAnchor.subClassOf: top
+msDFS-NamespaceAnchor.systemFlags: FLAG_SCHEMA_BASE_OBJECT
+msDFS-NamespaceAnchor.systemMustContain:msDFS-SchemaMajorVersion 
+msDFS-NamespaceAnchor.systemOnly: FALSE
+msDFS-NamespaceAnchor.systemPossSuperiors:dfsConfiguration 
+msDFS-NamespaceAnchor.zzzblank
 msDFS-NamespaceIdentityGUIDv2.attributeId: 1.2.840.113556.1.4.2033
 msDFS-NamespaceIdentityGUIDv2.attributeSyntax: 2.5.5.10
 msDFS-NamespaceIdentityGUIDv2.cn: ms-DFS-Namespace-Identity-GUID-v2
 <at>  <at>  -7496,19 +7575,35  <at>  <at> 
 msDFS-NamespaceIdentityGUIDv2.omSyntax: 4
 msDFS-NamespaceIdentityGUIDv2.rangeLower: 16
 msDFS-NamespaceIdentityGUIDv2.rangeUpper: 16
-msDFS-NamespaceIdentityGUIDv2.schemaIdGuid: 87011f22-e651-4c27-b55b-51daf9f9d364
+msDFS-NamespaceIdentityGUIDv2.schemaIdGuid: 200432ce-ec5f-4931-a525-d7f4afe34e68
 msDFS-NamespaceIdentityGUIDv2.searchFlags: 0
 msDFS-NamespaceIdentityGUIDv2.zzzblank
+msDFS-Namespacev2.cn: ms-DFS-Namespace-v2
+msDFS-Namespacev2.defaultHidingValue: TRUE
+msDFS-Namespacev2.defaultObjectCategory:CN=ms-DFS-Namespace-v2,CN=Schema,CN=Configuration,<RootDomainDN> 
+msDFS-Namespacev2.defaultSecurityDescriptor:D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) 
+msDFS-Namespacev2.governsId: 1.2.840.113556.1.5.258
+msDFS-Namespacev2.ldapDisplayName: msDFS-Namespacev2
+msDFS-Namespacev2.objectClassCategory: 1
+msDFS-Namespacev2.rdnAttId: cn
+msDFS-Namespacev2.schemaIdGuid: 21cb8628-f3c3-4bbf-bff6-060b2d8f299a
+msDFS-Namespacev2.subClassOf: top
+msDFS-Namespacev2.systemFlags: FLAG_SCHEMA_BASE_OBJECT
+msDFS-Namespacev2.systemMayContain:msDFS-Commentv2 
+msDFS-Namespacev2.systemMustContain:msDFS-SchemaMajorVersion,msDFS-SchemaMinorVersion,msDFS-GenerationGUIDv2,msDFS-NamespaceIdentityGUIDv2,msDFS-LastModifiedv2,msDFS-Ttlv2,msDFS-TargetListv2,msDFS-Propertiesv2 
+msDFS-Namespacev2.systemOnly: FALSE
+msDFS-Namespacev2.systemPossSuperiors:msDFS-NamespaceAnchor 
+msDFS-Namespacev2.zzzblank
 msDFS-Propertiesv2.attributeId: 1.2.840.113556.1.4.2037
 msDFS-Propertiesv2.attributeSyntax: 2.5.5.12
 msDFS-Propertiesv2.cn: ms-DFS-Properties-v2
 msDFS-Propertiesv2.isMemberOfPartialAttributeSet: FALSE
-msDFS-Propertiesv2.isSingleValued: TRUE
+msDFS-Propertiesv2.isSingleValued: FALSE
 msDFS-Propertiesv2.ldapDisplayName: msDFS-Propertiesv2
 msDFS-Propertiesv2.omSyntax: 64
 msDFS-Propertiesv2.rangeLower: 0
 msDFS-Propertiesv2.rangeUpper: 1024
-msDFS-Propertiesv2.schemaIdGuid: 1c070014-ebf6-4088-95b4-28b16cc31241
+msDFS-Propertiesv2.schemaIdGuid: 0c3e5bc5-eb0e-40f5-9b53-334e958dffdb
 msDFS-Propertiesv2.searchFlags: 0
 msDFS-Propertiesv2.zzzblank
 msDFS-SchemaMajorVersion.attributeId: 1.2.840.113556.1.4.2030
 <at>  <at>  -7520,7 +7615,7  <at>  <at> 
 msDFS-SchemaMajorVersion.omSyntax: 2
 msDFS-SchemaMajorVersion.rangeLower: 2
 msDFS-SchemaMajorVersion.rangeUpper: 2
-msDFS-SchemaMajorVersion.schemaIdGuid: 2bcf447b-39d8-4ee8-909a-bb0755cc2f8d
+msDFS-SchemaMajorVersion.schemaIdGuid: ec6d7855-704a-4f61-9aa6-c49a7c1d54c7
 msDFS-SchemaMajorVersion.searchFlags: 0
 msDFS-SchemaMajorVersion.zzzblank
 msDFS-SchemaMinorVersion.attributeId: 1.2.840.113556.1.4.2031
 <at>  <at>  -7532,7 +7627,7  <at>  <at> 
 msDFS-SchemaMinorVersion.omSyntax: 2
 msDFS-SchemaMinorVersion.rangeLower: 0
 msDFS-SchemaMinorVersion.rangeUpper: 0
-msDFS-SchemaMinorVersion.schemaIdGuid: d1e1dafb-8559-4519-866e-89e775557b9c
+msDFS-SchemaMinorVersion.schemaIdGuid: fef9a725-e8f1-43ab-bd86-6a0115ce9e38
 msDFS-SchemaMinorVersion.searchFlags: 0
 msDFS-SchemaMinorVersion.zzzblank
 msDFS-ShortNameLinkPathv2.attributeId: 1.2.840.113556.1.4.2042
 <at>  <at>  -7544,7 +7639,7  <at>  <at> 
 msDFS-ShortNameLinkPathv2.omSyntax: 64
 msDFS-ShortNameLinkPathv2.rangeLower: 0
 msDFS-ShortNameLinkPathv2.rangeUpper: 32766
-msDFS-ShortNameLinkPathv2.schemaIdGuid: 52bfc673-9713-4e9b-aafd-56ee72fd16a4
+msDFS-ShortNameLinkPathv2.schemaIdGuid: 2d7826f0-4cf7-42e9-a039-1110e0d9ca99
 msDFS-ShortNameLinkPathv2.searchFlags: 0
 msDFS-ShortNameLinkPathv2.zzzblank
 msDFS-TargetListv2.attributeId: 1.2.840.113556.1.4.2038
 <at>  <at>  -7556,7 +7651,7  <at>  <at> 
 msDFS-TargetListv2.omSyntax: 4
 msDFS-TargetListv2.rangeLower: 0
 msDFS-TargetListv2.rangeUpper: 2097152
-msDFS-TargetListv2.schemaIdGuid: 9649b643-59a7-4791-999d-79100cf871d7
+msDFS-TargetListv2.schemaIdGuid: 6ab126c6-fa41-4b36-809e-7ca91610d48f
 msDFS-TargetListv2.searchFlags: 0
 msDFS-TargetListv2.zzzblank
 msDFS-Ttlv2.attributeId: 1.2.840.113556.1.4.2035
 <at>  <at>  -7566,7 +7661,7  <at>  <at> 
 msDFS-Ttlv2.isSingleValued: TRUE
 msDFS-Ttlv2.ldapDisplayName: msDFS-Ttlv2
 msDFS-Ttlv2.omSyntax: 2
-msDFS-Ttlv2.schemaIdGuid: 81ee1500-467e-4c83-a41a-295d12bdcc23
+msDFS-Ttlv2.schemaIdGuid: ea944d31-864a-4349-ada5-062e2c614f5e
 msDFS-Ttlv2.searchFlags: 0
 msDFS-Ttlv2.zzzblank
 msDFSR-CachePolicy.attributeId: 1.2.840.113556.1.6.13.3.29
 <at>  <at>  -7666,7 +7761,7  <at>  <at> 
 msDFSR-Content.defaultSecurityDescriptor:D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) 
 msDFSR-Content.governsId: 1.2.840.113556.1.6.13.4.6
 msDFSR-Content.ldapDisplayName: msDFSR-Content
-msDFSR-Content.mayContain:msDFSR-Flags,msDFSR-Options,msDFSR-Extension 
+msDFSR-Content.mayContain:msDFSR-Options2,msDFSR-Flags,msDFSR-Options,msDFSR-Extension 
 msDFSR-Content.objectClassCategory: 1
 msDFSR-Content.possSuperiors:msDFSR-ReplicationGroup 
 msDFSR-Content.rdnAttId: cn
 <at>  <at>  -7818,7 +7913,7  <at>  <at> 
 msDFSR-GlobalSettings.defaultSecurityDescriptor:D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) 
 msDFSR-GlobalSettings.governsId: 1.2.840.113556.1.6.13.4.4
 msDFSR-GlobalSettings.ldapDisplayName: msDFSR-GlobalSettings
-msDFSR-GlobalSettings.mayContain:msDFSR-Flags,msDFSR-Options,msDFSR-Extension 
+msDFSR-GlobalSettings.mayContain:msDFSR-Options2,msDFSR-Flags,msDFSR-Options,msDFSR-Extension 
 msDFSR-GlobalSettings.objectClassCategory: 1
 msDFSR-GlobalSettings.possSuperiors:container 
 msDFSR-GlobalSettings.rdnAttId: cn
 <at>  <at>  -7843,7 +7938,7  <at>  <at> 
 msDFSR-LocalSettings.defaultSecurityDescriptor:D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) 
 msDFSR-LocalSettings.governsId: 1.2.840.113556.1.6.13.4.1
 msDFSR-LocalSettings.ldapDisplayName: msDFSR-LocalSettings
-msDFSR-LocalSettings.mayContain:msDFSR-Version,msDFSR-Flags,msDFSR-Options,msDFSR-Extension 
+msDFSR-LocalSettings.mayContain:msDFSR-StagingCleanupTriggerInPercent,msDFSR-CommonStagingSizeInMb,msDFSR-CommonStagingPath,msDFSR-Options2,msDFSR-Version,msDFSR-Flags,msDFSR-Options,msDFSR-Extension 
 msDFSR-LocalSettings.objectClassCategory: 1
 msDFSR-LocalSettings.possSuperiors:computer 
 msDFSR-LocalSettings.rdnAttId: cn
 <at>  <at>  -7867,7 +7962,7  <at>  <at> 
 msDFSR-Member.defaultSecurityDescriptor:D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) 
 msDFSR-Member.governsId: 1.2.840.113556.1.6.13.4.9
 msDFSR-Member.ldapDisplayName: msDFSR-Member
-msDFSR-Member.mayContain:serverReference,msDFSR-Keywords,msDFSR-Flags,msDFSR-Options,msDFSR-Extension 
+msDFSR-Member.mayContain:msDFSR-Options2,serverReference,msDFSR-Keywords,msDFSR-Flags,msDFSR-Options,msDFSR-Extension 
 msDFSR-Member.mustContain:msDFSR-ComputerReference 
 msDFSR-Member.objectClassCategory: 1
 msDFSR-Member.possSuperiors:msDFSR-Topology 
 <at>  <at>  -8101,7 +8196,7  <at>  <at> 
 msDFSR-Subscriber.defaultSecurityDescriptor:D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) 
 msDFSR-Subscriber.governsId: 1.2.840.113556.1.6.13.4.2
 msDFSR-Subscriber.ldapDisplayName: msDFSR-Subscriber
-msDFSR-Subscriber.mayContain:msDFSR-Flags,msDFSR-Options,msDFSR-Extension 
+msDFSR-Subscriber.mayContain:msDFSR-Options2,msDFSR-Flags,msDFSR-Options,msDFSR-Extension 
 msDFSR-Subscriber.mustContain:msDFSR-MemberReference,msDFSR-ReplicationGroupGuid 
 msDFSR-Subscriber.objectClassCategory: 1
 msDFSR-Subscriber.possSuperiors:msDFSR-LocalSettings 
 <at>  <at>  -8142,7 +8237,7  <at>  <at> 
 msDFSR-Topology.defaultSecurityDescriptor:D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) 
 msDFSR-Topology.governsId: 1.2.840.113556.1.6.13.4.8
 msDFSR-Topology.ldapDisplayName: msDFSR-Topology
-msDFSR-Topology.mayContain:msDFSR-Flags,msDFSR-Options,msDFSR-Extension 
+msDFSR-Topology.mayContain:msDFSR-Options2,msDFSR-Flags,msDFSR-Options,msDFSR-Extension 
 msDFSR-Topology.objectClassCategory: 1
 msDFSR-Topology.possSuperiors:msDFSR-ReplicationGroup 
 msDFSR-Topology.rdnAttId: cn
 <at>  <at>  -9077,7 +9172,7  <at>  <at> 
 msDS-LockoutDuration.isSingleValued: TRUE
 msDS-LockoutDuration.ldapDisplayName: msDS-LockoutDuration
 msDS-LockoutDuration.omSyntax: 65
-msDS-LockoutDuration.rangeLower: 0
+msDS-LockoutDuration.rangeUpper: 0
 msDS-LockoutDuration.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 msDS-LockoutDuration.schemaIdGuid: 421f889a-472e-4fe4-8eb9-e1d0bc6071b2
 msDS-LockoutDuration.searchFlags: 0
 <at>  <at>  -9090,7 +9185,7  <at>  <at> 
 msDS-LockoutObservationWindow.isSingleValued: TRUE
 msDS-LockoutObservationWindow.ldapDisplayName: msDS-LockoutObservationWindow
 msDS-LockoutObservationWindow.omSyntax: 65
-msDS-LockoutObservationWindow.rangeLower: 0
+msDS-LockoutObservationWindow.rangeUpper: 0
 msDS-LockoutObservationWindow.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 msDS-LockoutObservationWindow.schemaIdGuid: b05bda89-76af-468a-b892-1be55558ecc8
 msDS-LockoutObservationWindow.searchFlags: 0
 <at>  <at>  -9144,7 +9239,7  <at>  <at> 
 msDS-MaximumPasswordAge.isSingleValued: TRUE
 msDS-MaximumPasswordAge.ldapDisplayName: msDS-MaximumPasswordAge
 msDS-MaximumPasswordAge.omSyntax: 65
-msDS-MaximumPasswordAge.rangeLower: 0
+msDS-MaximumPasswordAge.rangeUpper: 0
 msDS-MaximumPasswordAge.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 msDS-MaximumPasswordAge.schemaIdGuid: fdd337f5-4999-4fce-b252-8ff9c9b43875
 msDS-MaximumPasswordAge.searchFlags: 0
 <at>  <at>  -9196,7 +9291,7  <at>  <at> 
 msDS-MinimumPasswordAge.isSingleValued: TRUE
 msDS-MinimumPasswordAge.ldapDisplayName: msDS-MinimumPasswordAge
 msDS-MinimumPasswordAge.omSyntax: 65
-msDS-MinimumPasswordAge.rangeLower: 0
+msDS-MinimumPasswordAge.rangeUpper: 0
 msDS-MinimumPasswordAge.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 msDS-MinimumPasswordAge.schemaIdGuid: 2a74f878-4d9c-49f9-97b3-6767d1cbd9a3
 msDS-MinimumPasswordAge.searchFlags: 0
 <at>  <at>  -9521,7 +9616,7  <at>  <at> 
 msDS-PasswordSettingsPrecedence.isSingleValued: TRUE
 msDS-PasswordSettingsPrecedence.ldapDisplayName: msDS-PasswordSettingsPrecedence
 msDS-PasswordSettingsPrecedence.omSyntax: 2
-msDS-PasswordSettingsPrecedence.rangeLower: 0
+msDS-PasswordSettingsPrecedence.rangeLower: 1
 msDS-PasswordSettingsPrecedence.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 msDS-PasswordSettingsPrecedence.schemaIdGuid: 456374ac-1f0a-4617-93cf-bc55a7c9d341
 msDS-PasswordSettingsPrecedence.searchFlags: 0
 <at>  <at>  -9675,7 +9770,7  <at>  <at> 
 msDS-PSOApplied.omSyntax: 127
 msDS-PSOApplied.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 msDS-PSOApplied.schemaIdGuid: 5e6cf031-bda8-43c8-aca4-8fee4127005b
-msDS-PSOApplied.searchFlags: 0
+msDS-PSOApplied.searchFlags: fCOPY
 msDS-PSOApplied.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
 msDS-PSOApplied.systemOnly: TRUE
 msDS-PSOApplied.zzzblank
 <at>  <at>  -9842,7 +9937,7  <at>  <at> 
 msDS-ResultantPSO.omSyntax: 127
 msDS-ResultantPSO.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 msDS-ResultantPSO.schemaIdGuid: b77ea093-88d0-4780-9a98-911f8e8b1dca
-msDS-ResultantPSO.searchFlags: 0
+msDS-ResultantPSO.searchFlags: fCOPY
 msDS-ResultantPSO.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
 msDS-ResultantPSO.systemOnly: TRUE
 msDS-ResultantPSO.zzzblank
 <at>  <at>  -10256,7 +10351,7  <at>  <at> 
 msFVE-KeyPackage.ldapDisplayName: msFVE-KeyPackage
 msFVE-KeyPackage.omSyntax: 4
 msFVE-KeyPackage.rangeUpper: 102400
-msFVE-KeyPackage.schemaIdGuid: 1fd55ea8-88a7-47dc-8129-0daa97186a54
+msFVE-KeyPackage.schemaIdGuid: 1fd55ea8-88a7-47dc-8129-0daa-97186a54
 msFVE-KeyPackage.searchFlags: fRODCFilteredAttribute | fCONFIDENTIAL | fCOPY | fPRESERVEONDELETE
 msFVE-KeyPackage.systemFlags: FLAG_SCHEMA_BASE_OBJECT
 msFVE-KeyPackage.zzzblank
 <at>  <at>  -11256,6 +11351,7  <at>  <at> 
 mSMQUserSid.rangeUpper: 128
 mSMQUserSid.schemaIdGuid: c58aae32-56f9-11d2-90d0-00c04fd91ab1
 mSMQUserSid.searchFlags: 0
+mSMQUserSid.systemFlags: FLAG_SCHEMA_BASE_OBJECT
 mSMQUserSid.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
 mSMQUserSid.systemOnly: TRUE
 mSMQUserSid.zzzblank
 <at>  <at>  -12066,7 +12162,7  <at>  <at> 
 msSFU30PosixMemberOf.omSyntax: 127
 msSFU30PosixMemberOf.schemaIdGuid: 7bd76b92-3244-438a-ada6-24f5ea34381e
 msSFU30PosixMemberOf.searchFlags: 0
-msSFU30PosixMemberOf.systemFlags:  FLAG_ATTR_NOT_REPLICATED
+msSFU30PosixMemberOf.systemFlags: FLAG_ATTR_NOT_REPLICATED
 msSFU30PosixMemberOf.systemOnly: FALSE
 msSFU30PosixMemberOf.zzzblank
 msSFU30ResultAttributes.attributeId: 1.2.840.113556.1.6.18.1.305
 <at>  <at>  -12197,7 +12293,7  <at>  <at> 
 msTPM-OwnerInformation.omSyntax: 64
 msTPM-OwnerInformation.rangeUpper: 128
 msTPM-OwnerInformation.schemaIdGuid: aa4e1a6d-550d-4e05-8c35-4afcb917a9fe
-msTPM-OwnerInformation.searchFlags: fRODCFilteredAttribute | fCOPY | fPRESERVEONDELETE | fPDNTATTINDEX | fATTINDEX
+msTPM-OwnerInformation.searchFlags: fPRESERVEONDELETE | fCOPY | fCONFIDENTIAL | fRODCFILTEREDATTRIBUTE
 msTPM-OwnerInformation.systemFlags: FLAG_SCHEMA_BASE_OBJECT
 msTPM-OwnerInformation.zzzblank
 msTSAllowLogon.attributeId: 1.2.840.113556.1.4.1979
 <at>  <at>  -13803,7 +13899,7  <at>  <at> 
 nTFRSReplicaSet.cn: NTFRS-Replica-Set
 nTFRSReplicaSet.defaultHidingValue: TRUE
 nTFRSReplicaSet.defaultObjectCategory:CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,<RootDomainDN> 
-nTFRSReplicaSet.defaultSecurityDescriptor:D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) 
+nTFRSReplicaSet.defaultSecurityDescriptor:D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(OA;;CCDC;2a132586-9373-11d1-aebc-0000f80367c1;;ED) 
 nTFRSReplicaSet.governsId: 1.2.840.113556.1.5.102
 nTFRSReplicaSet.ldapDisplayName: nTFRSReplicaSet
 nTFRSReplicaSet.objectClassCategory: 1
 <at>  <at>  -13910,6 +14006,7  <at>  <at> 
 nTSecurityDescriptor.schemaIdGuid: bf9679e3-0de6-11d0-a285-00aa003049e2
 nTSecurityDescriptor.searchFlags: fPRESERVEONDELETE
 nTSecurityDescriptor.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_OPERATIONAL | FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+nTSecurityDescriptor.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
 nTSecurityDescriptor.systemOnly: FALSE
 nTSecurityDescriptor.zzzblank
 o.attributeId: 2.5.4.10
 <at>  <at>  -13954,7 +14051,7  <at>  <at> 
 objectClass.omSyntax: 6
 objectClass.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 objectClass.schemaIdGuid: bf9679e5-0de6-11d0-a285-00aa003049e2
-objectClass.searchFlags: fPRESERVEONDELETE
+objectClass.searchFlags: fATTINDEX | fPRESERVEONDELETE
 objectClass.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
 objectClass.systemOnly: TRUE
 objectClass.zzzblank
 <at>  <at>  -13982,7 +14079,7  <at>  <at> 
 objectClasses.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 objectClasses.schemaIdGuid: 9a7ad94b-ca53-11d1-bbd0-0080c76670c0
 objectClasses.searchFlags: 0
-objectClasses.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+objectClasses.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 objectClasses.systemOnly: TRUE
 objectClasses.zzzblank
 objectCount.attributeId: 1.2.840.113556.1.4.506
 <at>  <at>  -14594,7 +14691,7  <at>  <at> 
 parentGUID.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 parentGUID.schemaIdGuid: 2df90d74-009f-11d2-aa4c-00c04fd7d83a
 parentGUID.searchFlags: 0
-parentGUID.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+parentGUID.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 parentGUID.systemOnly: TRUE
 parentGUID.zzzblank
 partialAttributeDeletionList.attributeId: 1.2.840.113556.1.4.663
 <at>  <at>  -14999,7 +15096,7  <at>  <at> 
 possibleInferiors.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 possibleInferiors.schemaIdGuid: 9a7ad94c-ca53-11d1-bbd0-0080c76670c0
 possibleInferiors.searchFlags: 0
-possibleInferiors.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+possibleInferiors.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 possibleInferiors.systemOnly: TRUE
 possibleInferiors.zzzblank
 possSuperiors.attributeId: 1.2.840.113556.1.2.8
 <at>  <at>  -16080,6 +16177,7  <at>  <at> 
 replPropertyMetaData.schemaIdGuid: 281416c0-1968-11d0-a28f-00aa003049e2
 replPropertyMetaData.searchFlags: fPRESERVEONDELETE
 replPropertyMetaData.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_OPERATIONAL | FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+replPropertyMetaData.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
 replPropertyMetaData.systemOnly: TRUE
 replPropertyMetaData.zzzblank
 replTopologyStayOfExecution.attributeId: 1.2.840.113556.1.4.677
 <at>  <at>  -16671,7 +16769,7  <at>  <at> 
 samDomain.cn: Sam-Domain
 samDomain.defaultHidingValue: TRUE
 samDomain.defaultObjectCategory:CN=Sam-Domain,CN=Schema,CN=Configuration,<RootDomainDN> 
-samDomain.defaultSecurityDescriptor:D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;RO)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) 
+samDomain.defaultSecurityDescriptor:D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) 
 samDomain.governsId: 1.2.840.113556.1.5.3
 samDomain.ldapDisplayName: samDomain
 samDomain.objectClassCategory: 3
 <at>  <at>  -16746,7 +16844,7  <at>  <at> 
 schemaFlagsEx.schemaIdGuid: bf967a2b-0de6-11d0-a285-00aa003049e2
 schemaFlagsEx.searchFlags: 0
 schemaFlagsEx.systemFlags: FLAG_SCHEMA_BASE_OBJECT
-schemaFlagsEx.systemOnly: FALSE
+schemaFlagsEx.systemOnly: TRUE
 schemaFlagsEx.zzzblank
 schemaIDGUID.attributeId: 1.2.840.113556.1.4.148
 schemaIDGUID.attributeSyntax: 2.5.5.10
 <at>  <at>  -16831,7 +16929,7  <at>  <at> 
 sDRightsEffective.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 sDRightsEffective.schemaIdGuid: c3dbafa6-33df-11d2-98b2-0000f87a57d4
 sDRightsEffective.searchFlags: 0
-sDRightsEffective.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+sDRightsEffective.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 sDRightsEffective.systemOnly: FALSE
 sDRightsEffective.zzzblank
 searchFlags.attributeId: 1.2.840.113556.1.2.334
 <at>  <at>  -17731,7 +17829,7  <at>  <at> 
 subSchema.rdnAttId: cn
 subSchema.schemaIdGuid:5a8b3261-c38d-11d1-bbc9-0080c76670c0
 subSchema.subClassOf: top
-subSchema.systemFlags: FLAG_SCHEMA_BASE_OBJECT
+subSchema.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_DOMAIN_DISALLOW_RENAME
 subSchema.systemMayContain:objectClasses,modifyTimeStamp,extendedClassInfo,extendedAttributeInfo,dITContentRules,attributeTypes 
 subSchema.systemOnly: TRUE
 subSchema.systemPossSuperiors:dMD 
 <at>  <at>  -17746,7 +17844,7  <at>  <at> 
 subSchemaSubEntry.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 subSchemaSubEntry.schemaIdGuid: 9a7ad94d-ca53-11d1-bbd0-0080c76670c0
 subSchemaSubEntry.searchFlags: 0
-subSchemaSubEntry.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+subSchemaSubEntry.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 subSchemaSubEntry.systemOnly: TRUE
 subSchemaSubEntry.zzzblank
 superiorDNSRoot.attributeId: 1.2.840.113556.1.4.532
 <at>  <at>  -18006,7 +18104,7  <at>  <at> 
 terminalServer.omSyntax: 4
 terminalServer.rangeUpper: 20480
 terminalServer.schemaIdGuid: 6db69a1c-9422-11d1-aebd-0000f80367c1
-terminalServer.searchFlags: 0
+terminalServer.searchFlags: fATTINDEX
 terminalServer.systemFlags: FLAG_SCHEMA_BASE_OBJECT
 terminalServer.systemOnly: FALSE
 terminalServer.zzzblank
 <at>  <at>  -18099,7 +18197,7  <at>  <at> 
 tokenGroups.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 tokenGroups.schemaIdGuid: b7c69e6d-2cc7-11d2-854e-00a0c983f608
 tokenGroups.searchFlags: 0
-tokenGroups.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+tokenGroups.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 tokenGroups.systemOnly: FALSE
 tokenGroups.zzzblank
 tokenGroupsGlobalAndUniversal.attributeId: 1.2.840.113556.1.4.1418
 <at>  <at>  -18112,7 +18210,7  <at>  <at> 
 tokenGroupsGlobalAndUniversal.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 tokenGroupsGlobalAndUniversal.schemaIdGuid: 46a9b11d-60ae-405a-b7e8-ff8a58d456d2
 tokenGroupsGlobalAndUniversal.searchFlags: 0
-tokenGroupsGlobalAndUniversal.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+tokenGroupsGlobalAndUniversal.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 tokenGroupsGlobalAndUniversal.systemOnly: FALSE
 tokenGroupsGlobalAndUniversal.zzzblank
 tokenGroupsNoGCAcceptable.attributeId: 1.2.840.113556.1.4.1303
 <at>  <at>  -18125,7 +18223,7  <at>  <at> 
 tokenGroupsNoGCAcceptable.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 tokenGroupsNoGCAcceptable.schemaIdGuid: 040fc392-33df-11d2-98b2-0000f87a57d4
 tokenGroupsNoGCAcceptable.searchFlags: 0
-tokenGroupsNoGCAcceptable.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+tokenGroupsNoGCAcceptable.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED | FLAG_DOMAIN_DISALLOW_RENAME
 tokenGroupsNoGCAcceptable.systemOnly: FALSE
 tokenGroupsNoGCAcceptable.zzzblank
 tombstoneLifetime.attributeId: 1.2.840.113556.1.2.54
 <at>  <at>  -18524,7 +18622,7  <at>  <at> 
 user.cn: User
 user.defaultHidingValue: FALSE
 user.defaultObjectCategory:CN=Person,CN=Schema,CN=Configuration,<RootDomainDN> 
-user.defaultSecurityDescriptor:D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561) 
+user.defaultSecurityDescriptor:D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561) 
 user.governsId: 1.2.840.113556.1.5.9
 user.ldapDisplayName: user
 user.mayContain:msSFU30NisDomain,msSFU30Name,msDS-SourceObjectDN,x500uniqueIdentifier,userSMIMECertificate,userPKCS12,uid,secretary,roomNumber,preferredLanguage,photo,labeledURI,jpegPhoto,homePostalAddress,givenName,employeeType,employeeNumber,displayName,departmentNumber,carLicense,audio 
 <at>  <at>  -18947,6 +19045,7  <at>  <at> 
 whenCreated.schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
 whenCreated.schemaIdGuid: bf967a78-0de6-11d0-a285-00aa003049e2
 whenCreated.searchFlags: 0
+whenCreated.systemFlags: FLAG_SCHEMA_BASE_OBJECT
 whenCreated.systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
 whenCreated.systemOnly: TRUE
 whenCreated.zzzblank

_______________________________________________
cifs-protocol mailing list
cifs-protocol@...
https://lists.samba.org/mailman/listinfo/cifs-protocol

Monthly message from The Technical Committee

The Technical Committee was formed to help enforce the Microsoft anti-trust Final Judgment entered by the
US Courts in 2002 (see http://www.thetc.org).  The TC has been involved in reviewing and commenting on
much of the recently posted technical documentation and is interested in hearing about your experiences
using these documents for product development or enhancement, either by posting your feedback to this
mailing list, or by contacting the TC on a strictly confidential basis by sending e-mail to docfeedback <at> thetc.org

We will send this e-mail to the list once per month.

How is a krb5 request to cifs/my.realm handled?

A number of our users are having trouble with group policy in Samba4,
and it seems that their clients (WinXP, Vista) look for their group
policy information in //my.realm/sysvol 

This name resolves in DNS, but we don't currently have a mapping for it
in our KDC, because I don't know, if I were to create a mixed
Microsoft/Samba4 domain what key this would resolve to.

Given that it must be shared between all domain controllers, is this
somehow mapped to krbtgt/my.realm?  Is DNS/my.realm also handled this
way?

(In the meantime it would of course be trivial to add such a mapping,
but I want to solve this properly)

Thanks,

Andrew Bartlett
--

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

_______________________________________________
cifs-protocol mailing list
cifs-protocol@...
https://lists.samba.org/mailman/listinfo/cifs-protocol

Re: Help wanted - simple python or perl script for schema conversion

On Wed, 2008-12-10 at 21:46 +0530, S P wrote:
> On Wed, Dec 10, 2008 at 12:37 PM, Andrew Bartlett
<abartlet@...> wrote:
> > On Tue, 2008-12-09 at 20:20 +0530, S P wrote:
> >> On Tue, Dec 9, 2008 at 6:52 PM, S P <sree314@...> wrote:
> >>
> >> This version handles CRLF/LF using python's universal newlines
> >> support, so it should work on DOS-style files as well.
> >>
> >> I've also rewritten the LDIF line-unfolding code, and it matches the
> >> spec more closely now.
> >>
> >> Let me know if it works now.
> >
> > I'm still having a few odd problems, but I've got permission to publish
> > the text-format schema, so you can find that in a current GIT checkout
> > in source4/setup/ad-schema.
> 
> Thanks! I checked out the files you were using, and they are indeed
> CR-LF files which should've worked with the last program I sent you.
> However, they also contain three types of errors that will prevent it
> from working.

I've CC'ed Richard Guthrie from Microsoft, and the mailing lists we use
to co-ordinate fixing this documentation.  I hope he can you can work to
get this file into correct shape. 

Richard, can you look into these problems with the 'text-file' schema
you sent me a few months back:

> Firstly, there are spurious blank lines -- creating a separate record
> (this gives the ldapDisplayName not found error). I fixed these.
> 
> The second error is that attribute msDS-ResultantPSO is missing the
> attributeId field
> 
> The third error is the presence of two attr: values for a single
> valued field, systemFlags, with differing values.
> 
> I've fixed the latter two of these errors by comparing to the docs, a
> patch is attached. I've not compared all of the MS files with the ones
> I extracted from the docs, though.
> 
> Applying the patch is necessary to make the code I sent you run,
> though I've added some debug statements now as well. I'll post the
> code to the list, but should I post the current patch to fix the text
> files as well?

I don't think posting the patch should be a problem.  I've re-attached
it here so Richard can see the problem. 

> > What I now need is a clear copyright statement from you, including any
> > statement from minschema (if you copied code from that),
> 
> Neither minschema.js nor minschema.py contains any statement :(
> However my code clearly contains code copied from minschema.py. I'll
> note this in the message to the mailing list. Will follow other
> instructions as well.

I'll get that fixed.

Thanks,

Andrew Bartlett

--

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

_______________________________________________
cifs-protocol mailing list
cifs-protocol@...
https://lists.samba.org/mailman/listinfo/cifs-protocol