samba - Jun 2020 - Update of operatingSystem and operatingSystemVersion attributes in AD

Hi list,

We've been looking into updating? operatingSystem and 
operatingSystemVersion attributes automatically and periodically (so 
version remains correct after OS upgrades) but quickly found out the 
machine account principal does not have enough permissions as it would 
error out with INSUFF_ACCESS_RIGHTS.

As Windows /is /able to update those attributes I've been doing some 
debugging with Samba logs and network traces and came to the same 
conclusion as in 
https://lists.samba.org/archive/samba-technical/2007-March/052448.html 
that Windows clients update those attributes via the 
NetrLogonGetDomainInfo() MS-RPC call.

Since 2007 a lot has changed obviously and it looks like Microsoft made 
the docs for NetrLogonGetDomainInfo available:

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/7c3ad0cc-ee05-4643-b773-4d84e1d431dc
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/3ae9e9a9-a303-4fa5-8e11-823d9e7e1e61

/-> The NETLOGON_WORKSTATION_INFO structure defines information passed 
into the NetrLogonGetDomainInfo method, as specified in 3.5.4.4.9. It 
SHOULD<20> be used to convey information about a member workstation from 
the client side to the server side./

Any chance we can get this into rpcclient? Any idea why RPC would work 
while LDAP updates error out with INSUFF_ACCESS_RIGHTS? I must admit I'm 
not an expert, just the sysadmin trying to get things done! :-)

Many thanks,
Geert