none
[MS-DRSR] Pseudo function IsProtectedObject RRS feed

  • Question

  • Hello,

    In MS-DRSR 4.1.10.3.11 there is a function defined named "IsProtectedObject".

    I couldn't find a usage of this function in the MS-DRSR documentation (just search for the word "IsProtectedObject" in MS-DRSR)

    Indeed a fix could be just "remove this function", but MS-ADTS "3.1.1.5.5.3 Protected Objects" specifies a set of protection that should be implemented in MS-DRSR that would require such function.

    I couldn't find any alternative to this function in the MS-DRSR code. Is the algorithm calling IsProtectedObject missing ?

    Regards,

    Vincent LE TOUX

    Sunday, August 27, 2017 7:06 PM

Answers

  • Vincent,

    MS-DRSR “5.161 RemoveObj” refers to MS-ADTS Sections 3.1.1.5.5.* under “Delete Operation”, which in turn has statements on the MS-ADTS 3.1.1.5.5.3 Protected Objects. 

    The MS-DRSR RemoveObj is descriptive and does not explicitly call IsProtectedObject() but points to the MS-ADTS invariants that the delete operation needs to conform to. Those requirements are much broader than solely IsProtectedObject().

    I will ask the product group whether they want to remove the IsProtectedObject() pseudo-code. For the time being, I consider that pseudo code as informative.

     

    MS-ADTS

    3.1.1.5.5.1.1        Tombstone Requirements

    • A protected object cannot be deleted and transformed into a tombstone (see Protected Objects (section 3.1.1.5.5.3)).

    3.1.1.5.5.1.2        Deleted-Object Requirements

    • A protected object cannot be deleted and transformed into a deleted-object (see Protected Objects in section 3.1.1.5.5.3).

    3.1.1.5.5.3           Protected Objects

    The following objects are considered protected and cannot be deleted:

    • The DC's nTDSDSA object and all of its ancestors.
    • The DC's rIDSet object and all of its ancestors. A DC's rIDSet object is the referent of the rIDSetReferences attribute of the DC's Domain Controller object (section 6.1.1.3.1).
    • The crossRef objects corresponding to the DC's config, schema , and default domain NCs.

    Thanks,

    Edgar


    Wednesday, August 30, 2017 9:28 PM
    Moderator

All replies

  • Hi Vincent,

    Thank you for contacting the Microsoft Open Protocols forum.  We have received the question and someone from protocols documentation support team will be in contact to assist. 

    Thanks,

    Nathan

    Monday, August 28, 2017 12:45 AM
    Moderator
  • Hi Vincent,

    I am looking into this and will follow-up.

    Thank you,

    Edgar

    Monday, August 28, 2017 9:20 PM
    Moderator
  • Vincent,

    MS-DRSR “5.161 RemoveObj” refers to MS-ADTS Sections 3.1.1.5.5.* under “Delete Operation”, which in turn has statements on the MS-ADTS 3.1.1.5.5.3 Protected Objects. 

    The MS-DRSR RemoveObj is descriptive and does not explicitly call IsProtectedObject() but points to the MS-ADTS invariants that the delete operation needs to conform to. Those requirements are much broader than solely IsProtectedObject().

    I will ask the product group whether they want to remove the IsProtectedObject() pseudo-code. For the time being, I consider that pseudo code as informative.

     

    MS-ADTS

    3.1.1.5.5.1.1        Tombstone Requirements

    • A protected object cannot be deleted and transformed into a tombstone (see Protected Objects (section 3.1.1.5.5.3)).

    3.1.1.5.5.1.2        Deleted-Object Requirements

    • A protected object cannot be deleted and transformed into a deleted-object (see Protected Objects in section 3.1.1.5.5.3).

    3.1.1.5.5.3           Protected Objects

    The following objects are considered protected and cannot be deleted:

    • The DC's nTDSDSA object and all of its ancestors.
    • The DC's rIDSet object and all of its ancestors. A DC's rIDSet object is the referent of the rIDSetReferences attribute of the DC's Domain Controller object (section 6.1.1.3.1).
    • The crossRef objects corresponding to the DC's config, schema , and default domain NCs.

    Thanks,

    Edgar


    Wednesday, August 30, 2017 9:28 PM
    Moderator
  • ok

    thanks for the feedback

    Thursday, August 31, 2017 5:55 AM