Hi Douglas: To me, the quote from MS-ADTS looks more problematic than the MS-SMAR's. There will not be a password history if we are setting a password.
I am looking into it and I think this is a bug in MS-ADTS. Regards, Obaid Farooqi Sr. Escalation Engineer | Microsoft -----Original Message----- From: Michael Bowen <[email protected]> Sent: Wednesday, September 24, 2025 6:17 PM To: Douglas Bagnall <[email protected]>; [email protected] Cc: Microsoft Support <[email protected]> Subject: RE: [EXTERNAL] [MS-SAMR] 3.1.1.7.1 General Password Policy -- interaction with LDAP_SERVER_POLICY_HINTS_OID - TrackingID#2509240040013358 [DocHelp to bcc] Hi Douglas, Thanks for your question. I've created case number 2509240040013358 to track this issue. Please leave the number in the subject line and use reply all your correspondence. One of our engineers will contact you soon. Best regards, Michael Bowen Sr. Escalation Engineer - Microsoft® Corporation  -----Original Message----- From: Douglas Bagnall <[email protected]> Sent: Wednesday, September 24, 2025 3:39 PM To: Interoperability Documentation Help <[email protected]>; [email protected] Subject: [EXTERNAL] [MS-SAMR] 3.1.1.7.1 General Password Policy -- interaction with LDAP_SERVER_POLICY_HINTS_OID hi Dochelp, MS-ADTS 3.1.1.3.4.1.27 says that when LDAP_SERVER_POLICY_HINTS_OID is used with a control value of 1, the password history length constraint is enforced on password-set operations. I think that means at the bottom of MS-SAMR 3.1.1.7.1 General Password Policy, where it says: > 5. The requesting protocol message is a password change (as compared to a > password set). it should say something like 5. The requesting protocol message is a password change (as compared to a password set), or the message is a password set with the LDAP_SERVER_POLICY_HINTS_OID control set with the value 0x1. Is that right? Douglas _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
