none
[MS-ADTS][MS-DRSR] Missing information about SchemaInfo RRS feed

  • Question

  • Hello,

    SchemaInfo is an attribute on the schema defined in MS-ADTS "3.1.1.2.1 Schema NC"

    But when an AD is created, this attribute is not filled (as an example my demo lab).

    However the value of this attribute is required in MS-DRSR 4.1.10.6.1 ProcessGetNCChangesReply as "schemasignature".

    The value of schemainfo used in MS-DRSR when it is initialized is 0xFF followed by 20 0x00 (total length = 21). I got this value in the debugger while examining a IDL_DRSGetNCChanges response.

    This is also confirmed in the SAMBA implementation (https://github.com/samba-team/samba/blob/78009659b9e424da4bb2cee08bf714cea40ca475/source4/dsdb/schema/schema_info_attr.c#L56)

    => I couldn't find this information in MS-ADTS nor in MS-DRSR ; there is also no information about the trigger and who's responsible for its recomputation in case of schema update.

    regards,

    Vincent LE TOUX

    Sunday, August 27, 2017 6:48 PM

Answers

  • Vincent,

    The answer is in the same section. The SchemaInfo is updated for modifications to the schema NC. It does not matter whether the Add or Modify results from a replication or a direct schema update.

     

    MS-ADTS

    3.1.1.2.1  Schema NC

    Attribute schemaInfo on the schema container stores a String(Octet) value of length 21 bytes. This attribute is updated on every original schema Add or Modify in the same transaction, and it is replicated to all the domain controllers in the forest upon completion of schema NC replication. The first byte of schemaInfo is 0xFF. The next 4 bytes are a 32-bit integer in big-endian byte order, used as the version of the update. The last 16 bytes are the invocationId of the DC where the schema change is made. The version starts from 1 for a new forest. Once a schema change is done, the version is incremented by one, and the invocationId of the DC where the schema change is done is written into the GUID part of the string. The invocationId attribute is specified in section 3.1.1.1.9.

     

    Thanks,

    Edgar

    Tuesday, August 29, 2017 7:38 PM
    Moderator
  • Agreed, the initial value of invalid SchemaInfo is "FF0000000000000000000000000000000000000000". A valid value (after Schema NC is written) would have a version greater or equal to 1 and a non-zero invocation ID.

    I will log a request to document the initial value in a future release of the specification.

    Thanks,

    Edgar

    Tuesday, August 29, 2017 8:53 PM
    Moderator

All replies

  • Hi Vincent,

    Thank you for contacting the Microsoft Open Protocols forum.  We have received the question and someone from protocols documentation support team will be in contact to assist. 

    Thanks,

    Nathan

    Monday, August 28, 2017 12:43 AM
    Moderator
  • Hello Vincent,

    Thank you for this inquiry. I am researching this question as well and will follow-up.

    Regards,

    Edgar

    Monday, August 28, 2017 9:21 PM
    Moderator
  • Vincent,

    The answer is in the same section. The SchemaInfo is updated for modifications to the schema NC. It does not matter whether the Add or Modify results from a replication or a direct schema update.

     

    MS-ADTS

    3.1.1.2.1  Schema NC

    Attribute schemaInfo on the schema container stores a String(Octet) value of length 21 bytes. This attribute is updated on every original schema Add or Modify in the same transaction, and it is replicated to all the domain controllers in the forest upon completion of schema NC replication. The first byte of schemaInfo is 0xFF. The next 4 bytes are a 32-bit integer in big-endian byte order, used as the version of the update. The last 16 bytes are the invocationId of the DC where the schema change is made. The version starts from 1 for a new forest. Once a schema change is done, the version is incremented by one, and the invocationId of the DC where the schema change is done is written into the GUID part of the string. The invocationId attribute is specified in section 3.1.1.1.9.

     

    Thanks,

    Edgar

    Tuesday, August 29, 2017 7:38 PM
    Moderator
  • Hello,

    Except that the first value used in GetNCChanges (cf screenshots) when SchemaInfo is not available is undocumented.

    "FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"

    regards,

    Vincent

    Tuesday, August 29, 2017 7:46 PM
  • Agreed, the initial value of invalid SchemaInfo is "FF0000000000000000000000000000000000000000". A valid value (after Schema NC is written) would have a version greater or equal to 1 and a non-zero invocation ID.

    I will log a request to document the initial value in a future release of the specification.

    Thanks,

    Edgar

    Tuesday, August 29, 2017 8:53 PM
    Moderator