RE: [ActiveDir] MS Schema GUIDS different from my Forest to MSDN
That about settles it. I didn't realize schemaIDGuid existed and I was looking at the wrong attribute. Thanks for the help. -Brandon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Kaplan Sent: Tuesday, August 15, 2006 6:05 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] MS Schema GUIDS different from my Forest to MSDN MS Schema GUIDS different from my Forest to MSDNobjectGUID and schemaIDGUID are not the same thing. objectGUID will always be randomly generated when an object is created and will differ between different forests for schema. schemaIDGUID can and usually is (at least for schema from MS) set when the object is created, so those tend to be the same between all installations*. Did you look at the schemaIDGUID attribute to compare there? Joe K. * If schemaIDGUID isn't specified at create time, AD and ADAM will happily create a random one for you. It is generally considered to be a best practice to specify the schemaIDGUID though so that it can be published as a static value. Letting the directory create it for you is generally considered hackish. - Original Message - From: Bernier, Brandon (.) To: ActiveDir@mail.activedir.org Sent: Tuesday, August 15, 2006 4:26 PM Subject: [ActiveDir] MS Schema GUIDS different from my Forest to MSDN Answer to my question below: I'm missing an ACE for ms-DS-Az-Admin-Manager. but what's interesting is that I'm using the Schema GUID from MSDN and for some reason that different from what I have in production (verified using ADFind to dump all the Classes ObjectGUID in the Schema). I asked someone who implemented the Schema here why and they said they ran across the same issue and it was told it wasn't a big deal...I disagree, since if that was the case my code would be working and this note wouldn't exist. Anyone seen this before? -Brandon _ From: Bernier, Brandon (.) Sent: Tuesday, August 15, 2006 1:24 PM To: 'ActiveDir@mail.activedir.org' Subject:ADSIEdit unable to enumerate list of objects that a group can create OK..I'm probably doing something silly here but I need more insight on how ADSIEdit enumerates what object types you can create.. The scenario is I have 1 OU and in that OU I have a Group that I've ACL'd to create/delete ms-DS-Az-Admin-Manager objects and mod some attributes on it in that OU . So I bind up as a User in this Group using ADSIEdit and try to create a instance of this object, well that list is empty..so I can't create jack. What am I missing? I'll write a quick little VBScript to test that out, but in the meantime what gives? Thanks! -Brandon List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] MS Schema GUIDS different from my Forest to MSDN
Title: MS Schema GUIDS different from my Forest to MSDN Answer to my question below: I'm missing an ACE for ms-DS-Az-Admin-Manager but what's interesting is that I'm using the Schema GUID from MSDN and for some reason that different from what I have in production (verified using ADFind to dump all the Classes ObjectGUID in the Schema). I asked someone who implemented the Schema here why and they said they ran across the same issue and it was told it wasn't a big deal..I disagree, since if that was the case my code would be working and this note wouldnt exist. Anyone seen this before? -Brandon _ From: Bernier, Brandon (.) Sent: Tuesday, August 15, 2006 1:24 PM To: 'ActiveDir@mail.activedir.org' Subject: ADSIEdit unable to enumerate list of objects that a group can create OK..I'm probably doing something silly here but I need more insight on how ADSIEdit enumerates what object types you can create.. The scenario is I have 1 OU and in that OU I have a Group that I've ACL'd to create/delete ms-DS-Az-Admin-Manager objects and mod some attributes on it in that OU . So I bind up as a User in this Group using ADSIEdit and try to create a instance of this object, well that list is empty..so I can't create jack. What am I missing? I'll write a quick little _vbscript_ to test that out, but in the meantime what gives? Thanks! -Brandon
Re: [ActiveDir] MS Schema GUIDS different from my Forest to MSDN
MS Schema GUIDS different from my Forest to MSDNobjectGUID and schemaIDGUID are not the same thing. objectGUID will always be randomly generated when an object is created and will differ between different forests for schema. schemaIDGUID can and usually is (at least for schema from MS) set when the object is created, so those tend to be the same between all installations*. Did you look at the schemaIDGUID attribute to compare there? Joe K. * If schemaIDGUID isn't specified at create time, AD and ADAM will happily create a random one for you. It is generally considered to be a best practice to specify the schemaIDGUID though so that it can be published as a static value. Letting the directory create it for you is generally considered hackish. - Original Message - From: Bernier, Brandon (.) To: ActiveDir@mail.activedir.org Sent: Tuesday, August 15, 2006 4:26 PM Subject: [ActiveDir] MS Schema GUIDS different from my Forest to MSDN Answer to my question below: I'm missing an ACE for ms-DS-Az-Admin-Manager. but what's interesting is that I'm using the Schema GUID from MSDN and for some reason that different from what I have in production (verified using ADFind to dump all the Classes ObjectGUID in the Schema). I asked someone who implemented the Schema here why and they said they ran across the same issue and it was told it wasn't a big deal...I disagree, since if that was the case my code would be working and this note wouldn't exist. Anyone seen this before? -Brandon _ From: Bernier, Brandon (.) Sent: Tuesday, August 15, 2006 1:24 PM To: 'ActiveDir@mail.activedir.org' Subject:ADSIEdit unable to enumerate list of objects that a group can create OK..I'm probably doing something silly here but I need more insight on how ADSIEdit enumerates what object types you can create.. The scenario is I have 1 OU and in that OU I have a Group that I've ACL'd to create/delete ms-DS-Az-Admin-Manager objects and mod some attributes on it in that OU . So I bind up as a User in this Group using ADSIEdit and try to create a instance of this object, well that list is empty..so I can't create jack. What am I missing? I'll write a quick little VBScript to test that out, but in the meantime what gives? Thanks! -Brandon List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
