James Atwell
2021-Aug-13 17:07 UTC
[Samba] How to add or modify msDS-PrincipalName Attribute
On 8/12/2021 3:43 PM, Rowland Penny via samba wrote:> On Thu, 2021-08-12 at 15:29 -0400, James Atwell via samba wrote: >> Rowland, >> >> Thanks for the reply and link. I'm not familiar with working >> with >> ldb modules. Can you point me in the direction to learn how? Thank >> you. >> >> -James > To put it bluntly, no :-) > To me 'C' comes between 'B' and 'D' :-D > > Perhaps Andrew can help here, or Scott Jordahl, the original poster, I > presume he got it working. > > Rowland > >Appreciate the bluntness. I may be looking at my issue the wrong way.? I'm not familiar with constructed attributes but they appear to not exist in AD but rather get created on the fly when queried.? This would explain why they don't exists when I look for them. As a simple test can I query for msDS-PrinciaplName using sambat-tool or another software? I only see I can do this using Powershell but it relies on webservcies and Samba doesn't support it. -James
Rowland Penny
2021-Aug-13 18:24 UTC
[Samba] How to add or modify msDS-PrincipalName Attribute
On Fri, 2021-08-13 at 13:07 -0400, James Atwell via samba wrote:> On 8/12/2021 3:43 PM, Rowland Penny via samba wrote: > > On Thu, 2021-08-12 at 15:29 -0400, James Atwell via samba wrote: > > > Rowland, > > > > > > Thanks for the reply and link. I'm not familiar with > > > working > > > with > > > ldb modules. Can you point me in the direction to learn how? > > > Thank > > > you. > > > > > > -James > > To put it bluntly, no :-) > > To me 'C' comes between 'B' and 'D' :-D > > > > Perhaps Andrew can help here, or Scott Jordahl, the original > > poster, I > > presume he got it working. > > > > Rowland > > > > > Appreciate the bluntness. I may be looking at my issue the wrong > way. > I'm not familiar with constructed attributes but they appear to not > exist in AD but rather get created on the fly when queried. This > would > explain why they don't exists when I look for them. As a simple test > can > I query for msDS-PrinciaplName using sambat-tool or another software? > I > only see I can do this using Powershell but it relies on webservcies > and > Samba doesn't support it.There are quite a few 'constructed' attributes and they do not exist in AD, they are constructed on the fly, but for this you need code. Samba does not seem to have this code readily available for the msDS- PrincipalName attribute. From my limited understanding, the code needs to construct the attribute as shown here: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/69474c61-a302-4dd2-bc8c-4fac6ccd1eee Rowland