none
[MS-DRSR] Are there any filter when processing 4.1.13.1.14 DS_REPL_OBJ_META_DATA ? RRS feed

  • Question

  • Hello,

    4.1.13.1.14 DS_REPL_OBJ_META_DATA indicates "The DS_REPL_OBJ_META_DATA structure defines a set of attribute stamps for a given object. This structure is a concrete representation of the sequence of AttributeStamp values for all attributes of a given object.".

    I understand the "ALL" as there is no filter.

    Indeed, when we look using repadmin for hidden attribute such as unicodepwd or ms-mcs-admpwd (LAPS), we do have some information about the version of the attribute and its last change.

    However the BitLocker information is stored in attributes such as ms-FVE-RecoveryPassword

    But repadmin shows not indication of this attribute and this attribute should be replicated over all DC.

    At the light of this example, my question is simple: are there any mechanisms in place prohibiting to show the metadata of some attributes ?

    regards,

    Vincent LE TOUX

    Wednesday, March 13, 2019 12:19 PM

Answers

  • Vincent,

    Per my research, I don’t see any filter being applied. Attributes that have been touched will have the correct per-property metadata. There, you can see stamps for all the replicated attributes of the given object by using DS_REPL_INFO_METADATA_FOR_OBJ.

    When I retrieve the replPropertyMetaData, it doesn’t report “all” the attributes, including the one you mentioned and several others, because there is no metadata available on those.

    If you wanted to retrieve the internal replication state information of objects, you should use [MS-DRSR] “4.1.13 IDL_DRSGetReplInfo (Opnum 19)” to see whether there is any entry in the public form of the object meta data vector for the given object.

     

    Thanks,

    Edgar

    • Marked as answer by vletoux2 Saturday, March 23, 2019 7:09 AM
    Thursday, March 21, 2019 4:16 AM
    Moderator

All replies

  • Hi vletoux2,

    Thank you for your question.  An engineer from the protocols team will contact you soon.


    Bryan S. Burgin Senior Escalation Engineer Microsoft Protocol Open Specifications Team

    Wednesday, March 13, 2019 5:46 PM
    Moderator
  • Hello Vincent,

    I will investigate and follow-up as soon as I have an update.

    Thanks,

    Edgar


    Wednesday, March 13, 2019 6:27 PM
    Moderator
  • Vincent,

    Non-replicated attributes do not produce metadata. Perhaps that “ALL” doesn’t make it explicit that we shouldn't be looking for replication meta data for non-replicated attributes.

     

    [MS-DRSR]

     

    replicated attribute: An attribute whose values are replicated to other NC replicas. An attribute is replicated if its attributeSchema object o does not have a value for the systemFlags attribute, or if the FLAG_ATTR_NOT_REPLICATED bit (bit 0) of o! systemFlags is zero.

     

    4.1.15.2.3     AttrIsNonReplicated

           procedure AttrIsNonReplicated(attr: ATTRTYP): boolean

    Returns true if the attribute attr is a nonreplicated attribute, and returns false otherwise.

           return FLAG_ATTR_NOT_REPLICATED in SchemaObj(attr)!systemFlags

     

    Thanks,

    Edgar

    Friday, March 15, 2019 9:40 PM
    Moderator
  • But ms-fve-recoverypassword is replicated or did I missed something ?

    • Edited by vletoux2 Friday, March 15, 2019 9:53 PM spelling
    Friday, March 15, 2019 9:52 PM
  • Vincent,

    Per my research, I don’t see any filter being applied. Attributes that have been touched will have the correct per-property metadata. There, you can see stamps for all the replicated attributes of the given object by using DS_REPL_INFO_METADATA_FOR_OBJ.

    When I retrieve the replPropertyMetaData, it doesn’t report “all” the attributes, including the one you mentioned and several others, because there is no metadata available on those.

    If you wanted to retrieve the internal replication state information of objects, you should use [MS-DRSR] “4.1.13 IDL_DRSGetReplInfo (Opnum 19)” to see whether there is any entry in the public form of the object meta data vector for the given object.

     

    Thanks,

    Edgar

    • Marked as answer by vletoux2 Saturday, March 23, 2019 7:09 AM
    Thursday, March 21, 2019 4:16 AM
    Moderator
  • Edgar,

    you are right.

    Bitlocker information are stored in a child object class

    (it took me a while to reproduce this test case in a lab)

    That explains why the metadata doesn't describe it.

    Vincent

    Saturday, March 23, 2019 7:09 AM