# ----------------------------------------------------------------------- # Copyright 2004 Microsoft Corporation # # MODULE: credroam.ldf # ABSTRACT: add key roaming Active Directory schemas & attributes # ----------------------------------------------------------------------- # define property set Private-Information # ----------------------------------------------------------------------- dn: cn=Private-Information,CN=Extended-Rights,CN=Configuration,DC=X changetype: add cn: Private-Information objectClass: controlAccessRight displayName: Private Information appliesTo: 4828cc14-1437-45bc-9b07-ad6f015e5f28 appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2 rightsGUID: 91e647de-d96f-4b70-9557-d63ff4f3ccd8 validAccesses: 48 dn: changetype: modify add: schemaUpdateNow schemaUpdateNow: 1 - # ----------------------------------------------------------------------- # define schemas for: # ms-PKI-RoamingTimeStamp # ms-PKI-DPAPIMasterKeys # ms-PKI-AccountCredentials # # NOTE: searchFlags 128 (CONFIDENTIAL_DATA) is implemented in an AD # server-side Update such that the attributes having this bit # will not be readable except für SELF. # ----------------------------------------------------------------------- dn: cn=ms-PKI-RoamingTimeStamp,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaadd objectClass: attributeSchema lDAPDisplayName: msPKIRoamingTimeStamp adminDisplayName: MS-PKI-RoamingTimeStamp adminDescription: Time stamp für last change to roaming tokens attributeId: 1.2.840.113556.1.4.1892 attributeSyntax: 2.5.5.10 oMSyntax: 4 schemaIDGUID:: rOQXZvGiq0O2DBH70frPBQ== attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A== searchFlags: 128 dn: cn=ms-PKI-DPAPIMasterKeys,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaadd objectClass: attributeSchema lDAPDisplayName: msPKIDPAPIMasterKeys adminDisplayName: MS-PKI-DPAPIMasterKeys adminDescription: Storage of encrypted DPAPI Master Keys für User attributeId: 1.2.840.113556.1.4.1893 attributeSyntax: 2.5.5.7 linkID: 2046 oMSyntax: 127 oMObjectClass:: KoZIhvcUAQEBCw== schemaIDGUID:: IzD5szmSfE+5nGdF2Hrbwg== attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A== searchFlags: 128 dn: cn=ms-PKI-AccountCredentials,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaadd objectClass: attributeSchema lDAPDisplayName: msPKIAccountCredentials adminDisplayName: MS-PKI-AccountCredentials adminDescription: Storage of encrypted User credential token blobs für roaming attributeId: 1.2.840.113556.1.4.1894 attributeSyntax: 2.5.5.7 linkID: 2048 oMSyntax: 127 oMObjectClass:: KoZIhvcUAQEBCw== schemaIDGUID:: RKffuNwx8U6sfIS69++dpw== attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A== searchFlags: 128 dn: changetype: modify add: schemaUpdateNow schemaUpdateNow: 1 - # ----------------------------------------------------------------------- # adding the attributes to User class. # ----------------------------------------------------------------------- dn: CN=User,CN=Schema,CN=Configuration,DC=X changetype: modify add: mayContain mayContain: msPKIRoamingTimeStamp mayContain: msPKIDPAPIMasterKeys mayContain: msPKIAccountCredentials - dn: changetype: modify add: schemaUpdateNow schemaUpdateNow: 1 -