????? ??? ????? ??? ??? ???? ???? ?? Windows Server 2003 ?????? ????? ?????? Service Pack 1

???? ???????: 922836 - ??? ???????? ???? ????? ????? ??? ???????.
????? ???????? ????? ????? ??????? ?????? ?????? ???????
????? ???? | ?? ????

?? ??? ??????

??????

?? ???? ?????? "Active Directory" ????? ??????? Microsoft Windows Server 2000 ??? ??? ???? ??????? Windows Server 2003 ? ???? ?? ????? ??? ?????? ?? ????? ???. ???? ???? ??? ??? ???????? ???????? READ_PROPERTY ???? ?? ??????? ??????? ?????? ??, ??? ??? ?? ?????? ???????. ??? ????? ?????? ????????? ?? "Active Directory" ???? ?????????? ????????? ?????? ??????? ??? ???? ??????. ?????? ??? ??????? ????? ??? ?? ?????? ??????? ???? ?? Windows Server 2003 Service Pack 1 (SP1).
???? ??? ?????? | ????? ???????

????? ???

???? ??? ??????? ????? ??? ????? ??? ??? ???? ???? ?? Windows Server 2003 ?????? ????? ?????? Service Pack 1.
???? ??? ?????? | ????? ???????

??????? ????

???? Windows Server 2003 ?????? ????? ?????? SP1 ????? ???? ????? ??? ??? ???? ????. ?????? ????? ????? ????? ???? ????? searchFlags ?? ??????. ???? ????? searchFlags ????? ??? ??? ????? ???? ???? ???? ??????? ???????? ???. ??? ???? ??????? ??? ?? ????? ?? 1, ??? ????? ?????. ????? ?? 7 (128) ????? ????.

??????? ???????

??? ?????? ??????? ???? ???? ????? ??????? Windows Server 2003 ?????? ????? ?????? SP1 ?? ????? ???? ???????? ???? ????? ?????? ????. ???? ???? ???? ?????? ????? Windows Server 2003 ?????? ????? ?????? SP1 ?? ????? ????. ?? ????? ??? ?????? ??? ?? ??? ?? ????? ???? ?? ????? ??????? ????.

?? ?????? ???? ???? ???? ??? ??? ????? ???????? ?????????:
  • ????? ???? ????? ?????? ??????? ?????? ????? ??????? Windows Server 2003 ?Windows Server 2003 ?????? ????? ?????? SP1 ?? ????? ???? ??????.
  • ?? ????? ???? ????? ???? ?????? ???????? ??? ???? ??????? Windows 2000 ?? ???????.
??? ???? ???? ????? ??? ???? ?? ????? ???? ?????? ???? ???? ????? ??????? Windows 2000 Server? ???? ??????? ?????? ?? Windows Server 2003 ? Windows Server 2003 SP1 ?? ???? ????????? ??????:
  • ??? ??? ???? ??? ?????? ?? ?????????? ????? ???? ?????? ???????? ??? Windows 2000 Server ? ???????? ??? Windows Server 2003 ????? ???? ????????, ???? ?????? ?? ????? ????????.
  • ??? ??? ???? ??? ?????? ?? ?????????? ???? ???? ???? ????? ??? Windows Server 2003 ?????? ????? ?????? SP1 ????? ???? ???????? ? ???? ??? ??? ?? ?????? ?? ???? ????? ????????.
?? ????? ??? ????? ??? ???? ???? ???? ????. ???? ???? ?????? ??? ??? ?????? ???????. ?? ???? ??? ????? ??? ????? ??? ???? ???? ?? ????? ???? ????? systemsFlags ????? ?? ??? 0x10 (?????? ???????). ????? ?? ?????????? ???? ??? "????? ????? ?? ??? ???? ??? ??? ???? ?????" "?" ????? "????? ????? ???? ????? searchFlags ??? ??????? ??? ??????".

??????

??? ?????? ?? ????? ??? "Active Directory" ?? ???? ??????, ?? ???????? ?????? ??????? ????? ?????? ?? ???? mirrors ???????? ??????? ?????? ??. ?????? ????? ??? ???? ??????? ???? ???? ?????? ? ?????? ?????.

????? ?????? ??? ???? ??????

??? ????? ???? ?????? SP1 ?????? ????? ??????? Windows Server 2003 ???? "Active Directory" ????? ??? ???? ??????? ????? Active ???? ????. ??? ??? ?????? ???? ???? ?????? ?? ???? ????? ?????? READ_PROPERTY ??? ?????? Active ???? ????? CONTROL_ACCESS ???????? ?????? ?? ???????? ??????? ?????? ???.

?????? ????? ????? ??? "?????? ??????" ????? CONTROL_ACCESS.

???? Active Directory ?????? ?? ???? ??????? ??? ??? ???????? ?? ??????? ???????:
  • ??? ????? ?? ??? ??? ?????? ????? ???? ????? ?????.
  • ??? ?????? ???? ???? ???? ?????? ?? ???? ????? ?????.
????? ????????? ??????????? ???? ????????? ??? ???????? CONTROL_ACCESS ??? ???? ????????. ????? ???? ????????? ??? ????? ???? ????. ?? ????????? ????? ??? ???????? ??? ?????? ?? ??? ??????.

??????? ???? ??????? ?????? ? ?????? ???????

????? ?? ???? ?? "Active Directory" ?????? ??? ???? ?????? ????????? ???????? ??. ????? ??? ????????? ??? ???? ????. ???? ?????? ????? ???? ?????? ???? ????? ?????????? ?????????. ??? ???????? ????? ???? ?????? ????? ??? ????? ??????.

????? ?????? ??????? ???????? ?? ???? ???? ??? ????? ???? ??????? ??????? (DACL). ????? ?? ????? ??? ?? DACL ????? ???? ???? (ACE).

???? ??? ???????? ??? ?????? ?? ??? ?????? CONTROL_ACCESS ???? ???? ???????? ????? ???? ??????? ????? ?? ?????? ??????? ??? ??????. ????? ??? ???????? ???? ???? ???? ??? ?????? ?? ???????? ???????. ???? ????? ????? ????? ???? ???? ??????? ??????? ?? ????? ???? ?? ?????? ??????? ???????.

??????? ???? ??????? ?????? ? ?????? ??????? ???? ????? ?? ?????. ?? ????? ??? ?? ????? ????? ?? ???? ???? ???? ???? ??????? ?????? ??????? ??? ??????? ? ??? ?????? ??? ??????. ????? ??????? ???? ??????? ????? ??? ???? ???????. ???? ??????? ?????? ??????? ?????? ??????? ?????? ?? ?????? ?? ?? ?? ?????? ??? ????? ?????? ???????. ??? ??????? ????? ???? ??????? ?????? ??????? ???? ????? ????? ?? ?????? ??????? ?????? ???? ??? ????? ?????? ???????.

??? ??????? ???? ???? ???? ??? ??? ??? CONTROL_ACCESS ?? ???? ????? ????? ???? ??????? ??? ??? ??????. ??? ?? ??? ??? CONTROL_ACCESS ?? ???? ????? ????? ???? ???? ?????? ??????? ????? ???????? ??? CONTROL_ACCESS ????? ???? ???.

??? ??? ???????? ??????? ??? ??????? ????? ???? ??????? ???:
  • ???? ???? ???????
  • ?????? ???????
  • ????? ???? ??????
  • ???? ????
  • ????? ????? ???? ????
  • ????? ????
?? ???? ???????? ???????? ??? ??????? ????? ???? ??????? ??? ?????? ???? ?? ???????? ??? ?????? ??????. ??? ??? ??? ?????? ????? ????? ????? ???? ???? ?????? ??????? ??? ?????? ???? ??? ????? ????? ?????? ??????? ??? ??? ??? ????. ??? ??????? ??????? ?????? ??????? ?????? ??????? ????? ?????? ?? ??????? ?? ????? ????? ????? ????? ?????? ??????? ????.

?? ???? ?????? ?? ????? ???????? ?? Windows Server 2003 Control_Access ????????. ????? ??????? ?????? Dsacls.exe ?????? ?????? Control_Access ?? ???? ????? ????? ???? ???? ????. ??? ???? ?? ????? ??????? ??? ?????? ????? ????? ???? ???? ?????? ???????. ?? ?????? ??????? ???? ???? ????? ?????? Control_Access ?? ???? ????? ????? ???? ???? ?????? ??????? ???? Ldp.exe.

???????????? ??????? ?? ?????? ?? ?????? ???? ???? ??? ??????. ????? ?? ????????? ??? ?????? ??????? ?????? ????? Microsoft ??????? ??? ?????:
http://msdn.microsoft.com/en-us/library/aa374860(VS.85).aspx
(http://msdn.microsoft.com/en-us/library/aa374860(VS.85).aspx)
http://technet.microsoft.com/en-us/library/cc749433.aspx
(http://technet.microsoft.com/en-us/library/cc749433.aspx)

????? ??????? ???????

?? ???? ???? ???? ??? ?? ?????? ?????? ?????? ??????? ?????? ??? ?????? ?? ?????? ?? ??? ?? ???? ????? ??? ??? ????. ???? ?? ??????? ????? ????? ????? ???? ???? ??????? ??????? ???? ?? ??????? ?????? ???????. ??? ????? ????? ???? ?????? ??? ??? ???? ???????? ??????? ?????? ???? ???????.

???? ???????? ??? ????? ????? ?????? ??? ???? ??????? ????????? (OU) ???????? ??? ???? ?????? ?????????? ???????? ???? ??????? ??????. ??? ??? ?????? ?????? ?????????? ???? ??? ????? ????? ?? ??? ??? ?????? ?????? ?????? ?? ???? ??? ???? ??????? ?????? ??? ????? ??????? ??? ????????. ????? ?? ????? ???? ????? ??? ??? ????????.

????? ????? ??? ????

  1. ????? ??? ?? ???? ????? ???? ?? ????? ??? ???? ???? ???? ????.
  2. ??? ?????????? ???????? ?????? Control_Access ???? ???? ?????????? ??? ???????? ?????.
???? ??????? ????? ??? Ldp.exe ??????? Adsiedit.msc ????? ??? ????. ????? ?? ??? ??????? ????? .ldf ?????? ??????. ???? ????? ??????? ??? ??????? ???? ????? ??? ??? ???? ????. ??? ?? ???? ????? ??????? ???? ???? ???????? ??????? ????? ????? ???????? ???? ???? ?????? ?? ???? ????? ??? ?????? ??? ??? ????? ???????. ??? ????? .ldf ?????.

???? ??????? ????? ?????? ?????? ??? .ldf ?????? ??? ???:
  • ????? ??? ??? ??????
  • ??? ????? ??? ????? ???? ????
  • ????? ????? ??? ??? ????????
?????? ??? ??????? ????? .ldf ???? ?? ????? ????? "???? ??????" ? "???? ???? ?????" ?????? ??? ??????? ???? ??? ????? ????? ?????? ??????? ??? ??????.

????? .ldf ??????

???????? ???????? ??????? ????? ??? ??? ?????? ???? ?? ????? ???? ????. 
dn: CN=ConfidentialAttribute-LDF,CN=Schema,Cn=Configuration,DC=domain,DC=com
changetype: add
objectClass: attributeSchema
lDAPDisplayName: ConfidentialAttribute
adminDescription: This attribute stores user's confidential data
attributeID: 1.2.840.113556.1.xxxx.xxxx.1.x
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
showInAdvancedViewOnly: TRUE
searchFlags: 128

dn:
changeType: modify
add: schemaupdatenow
schemaupdatenow: 1
-
???????? ???????? ?????? ??? ????? ??? ????? ??? class. ???????? 
dn: CN=User,CN=Schema,CN=Configuration,DC=domain,DC=com
changetype: modify
add: mayContain
mayContain: ConfidentialAttribute

dn:
changeType: modify
add: schemaupdatenow
schemaupdatenow: 1
-

????? ?????? ?????????? ??? ???????? ???? ???????? ???

?????? ????? ????????? ??????? ??????? ???? Ldp.exe ??????? ?? Windows Server 2003 R2 ?????? ???? ??????? ??? (ADAM). ?? ???? ????? ??????? ???? ?? ???? Ldp.exe ????????.

????? ????? ???????? Control_Access ?????? ??? ???? ????????

  1. ???? ???? Ldp.exe ??????? ?? Windows Server 2003 R2 ADAM.
  2. ??????? ?????? ?? ??????.
  3. ??? ???? ?????? ? ???? ??? ?????? ?????? ??? ?????? ? ???? ??? ?????? ?????? ? ???? ??? ???? ?????? ?? ???? ??? ?????.
  4. ?? ?????? DACL ???? ??? ????? ACE.
  5. ?? ???? "????? ??????? ???" ? ???? ??? ???????? ?? ??? ???????? ???? ???? ??? ??????.
  6. ?? ?????? ???? ?????? ? ???? ?? ????????? ???? ??? ??? ?? ?????? 5.

????? ??????? ????? ?????? ?????? Control_Access

???????? ????? ????? ????? ???? ??????? ????? ???? ?????? Control_Access ??????? ?????????? ?? ????????? ???????? ???? ?? ??????? ?????? ????? ?? ???????? ???? ??? ???? ????. ???? ????? ????? ???? ?????? ??? ??? ????? ?????? ?? ??? ?? ???? ?? ??????? ?????? ????? ???? ???? ??? ?????. ??? ?? ???? ???????? ??????? ???? ??? ???? ???? ????? ?????.

?????? ?????? Control_Access ???? ??????? ???????:
  1. ??? ??? Ldp.exe ??????? ?? Windows Server 2003 R2 ADAM.
  2. ??????? ?????? ?? ????.
  3. ??? OU ?? ????? ?? ?????? ?? ??????? ?????? ????? ?? ???????? ???? ??? ???? ???? ??? ?????? ?????? ??? ?????? ????????? (OU) ?? ???????, ???? ??? ?????? ?????? ???? ??? ???? ?????? ? ?? ???? ??? ?????.
  4. ?? ?????? DACL ???? ??? ????? ACE.
  5. ?? ???? "????? ??????? ???" ? ???? ??? ???????? ?? ??? ???????? ???? ???? ??? ??????.
  6. ?? ?????? ???? ?????? ? ???? ?? ????????? ???? ??? ??? ?? ?????? 5.
  7. ?? ?????? ??? ?????? ???? ??? ??? ?????? ???? ??? ????????.
  8. ???? ?? ????? ??????? ??? ???????? ?????.

????? ????? ???? ????? systemFlags ??? ??????? ??? ??????

??? ??????? ???? ?????? ??? ?????? ?? ?? ???? ????? searchFlags ??????. ??? ??? ?????? ???? ??? ????? ????? ?????? ??? ????? ??????. ???? ?????? ?? ????? ?????? ??? ???? ????? searchFlags. ?????? ??????? ???? ?????? ???? ???? ??.

???????? ???? Ldp.exe ?????? ??? ???? ????? searchFlags ???? ??????? ???????:
  1. ???? ??? ???? ?? ???? ??? ????? ????? LDP ?? ???? ??? ?????.
  2. ???? ??? ????? ?? ???? ??? ???.
  3. ???? ?????? ???? ????? ?? ??? ??? ???? "????? ???????".
  4. ???? ??? ??? ?? ???? ??? ????.
  5. ???? ??? CN = ?????? cn = ???????? dc = rootdomain ? ?? ???? ??? ?????.
  6. ?? ????? ??????? ?? ?????? CN = ?????? cn = ???????? dc = rootdomain.
  7. ??? ???? ??? ?????? ?? ?????? ???? ???? ??? ????? ???? ??? ??? ??? ?? ?? ??????.
  8. ?? ????? ???? ??? ????? ?????? ???? ?? searchFlags ?????? ???? ????? searchFlags ??????? ???? ??????.
?????? ?????? ???? ????? searchFlags ???? ?????? ?????? ???????:
128 + current searchFlags attribute value = new searchFlags attribute value

????? ????? ?? ??? ???? ??? ??? ???? ???????

?????? ?? ??? ???? ??? ??? ???? ?????, ?????? ???? Ldp.exe ?????? ?? ???? ????? systemFlags.

????? LDP-????? ?????? ? systemFlags: = 0x10 (FLAG_SCHEMA_BASE_OBJECT)

????? Ldp.exe ????? Ldp.exe ????? ?????? "???? ????? systemFlags ?? 0x10 ? ???? ???? ?????. ????? ?? ????? ????? ??? ????? ???? ????. 
>> Dn: CN=Employee-ID,CN=Schema,CN=Configuration,DC=domain,DC=com
	2> objectClass: top; attributeSchema; 
	1> cn: Employee-ID; 
	1> distinguishedName: CN=Employee-ID,CN=Schema,CN=Configuration,DC=domain,DC=com; 
	1> instanceType: 0x4 = ( IT_WRITE ); 
	1> whenCreated: 08/05/2005 14:58:58 Central Standard Time; 
	1> whenChanged: 08/05/2005 14:58:58 Central Standard Time; 
	1> uSNCreated: 220; 
	1> attributeID: 1.2.840.113556.1.4.35; 
	1> attributeSyntax: 2.5.5.12 = ( SYNTAX_UNICODE_TYPE ); 
	1> isSingleValued: TRUE; 
	1> rangeLower: 0; 
	1> rangeUpper: 16; 
	1> uSNChanged: 220; 
	1> showInAdvancedViewOnly: TRUE; 
	1> adminDisplayName: Employee-ID; 
	1> adminDescription: Employee-ID; 
	1> oMSyntax: 64 = ( OM_S_UNICODE_STRING ); 
	1> searchFlags: 0x0 = (  ); 
	1> lDAPDisplayName: employeeID; 
	1> name: Employee-ID; 
	1> objectGUID: 64fb3ed1-338f-466e-a879-595bd3940ab7; 
	1> schemaIDGUID: bf967962-0de6-11d0-a285-00aa003049e2; 
	1> systemOnly: FALSE; 
	1> systemFlags: 0x10 = ( FLAG_SCHEMA_BASE_OBJECT ); 
	1> objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=domain,DC=com;

????? LDP systemFlags ??? ??????: 0 × 0 =)

?? ????? Ldp.exe ????? ?????? ????? Ldp.exe ???? ????? systemFlags ?? 0. This attribute can be marked as confidential.
>> Dn: CN=Employee-Number,CN=Schema,CN=Configuration,DC=warrenw,DC=com
	2> objectClass: top; attributeSchema; 
	1> cn: Employee-Number; 
	1> distinguishedName: CN=Employee-Number,CN=Schema,CN=Configuration,DC=warrenw,DC=com; 
	1> instanceType: 0x4 = ( IT_WRITE ); 
	1> whenCreated: 08/05/2005 14:58:58 Central Standard Time; 
	1> whenChanged: 08/05/2005 14:58:58 Central Standard Time; 
	1> uSNCreated: 221; 
	1> attributeID: 1.2.840.113556.1.2.610; 
	1> attributeSyntax: 2.5.5.12 = ( SYNTAX_UNICODE_TYPE ); 
	1> isSingleValued: TRUE; 
	1> rangeLower: 1; 
	1> rangeUpper: 512; 
	1> mAPIID: 35943; 
	1> uSNChanged: 221; 
	1> showInAdvancedViewOnly: TRUE; 
	1> adminDisplayName: Employee-Number; 
	1> adminDescription: Employee-Number; 
	1> oMSyntax: 64 = ( OM_S_UNICODE_STRING ); 
	1> searchFlags: 0x0 = (  ); 
	1> lDAPDisplayName: employeeNumber; 
	1> name: Employee-Number; 
	1> objectGUID: 2446d04d-b8b6-46c7-abbf-4d8e7e1bb6ec; 
	1> schemaIDGUID: a8df73ef-c5ea-11d1-bbcb-0080c76670c0; 
	1> systemOnly: FALSE; 
	1> systemFlags: 0x0 = (  ); 
	1> objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=warrenw,DC=com; 
-----------

?????? ????????

??? ????? ??? ?? ???? ??? ??? ?????? ?? ?????? ???????? ?? ????? ?????? (???? ????? ?? OID). ??? ??????? ?????? ???? ???? ???? ?????? ???? ?????? ???????. ???? ?? ???? ?????? ??? ????? ???? ???? ?????? ??? ????? ??. ????? ????? ??????? ????????, ??? ?????? Oidgen.exe ??? ??????. ?????? ??? ???? ???? ?? Microsoft ?? ?????? ???? Microsoft ?????? ??? ?????:
http://msdn2.microsoft.com/en-us/library/ms677620.aspx
(http://msdn2.microsoft.com/en-us/library/ms677620.aspx)

???? ???? ?????

??? attributeSyntax ????? ????? ????? ?????? ?????? ??? ??????. ????? ??? ????? ????? ??????? ????? ?????? ?????? ?????? ??????? ???????? ????? ???????. ???? ???? ????? ?? ??? ??? ??? ?? ???? ???? ????? ????? ?? ??? ???? ???????. ??? ??? ?? ???? ????? ???? ???? ????. ???? ?? ????? ???? ?????? ?????? ????? ??? ?????. ??? ??? ???? ??? ?? ???? ?????? ???? ???????? ???? ?????? ?????? ???? (LDAP) ?? LDAP ??? ??????. ??? ????? ????? ??? ?????? ?? ???? ????? ???? ???? ????? ?????? ??.

????? ?? ????????? ??? ????? attributeSyntax ?? ?????? ???? Microsoft ?????? ??? ?????:
hhttp://msdn.microsoft.com/en-us/library/ms675236(VS.85).aspx
(http://msdn.microsoft.com/en-us/library/ms675236(VS.85).aspx)
?????? ??? ???? ?? ????????? ??? ????? ?? ??? searchFlags ?????? ???? Microsoft ?????? ??? ????? ?? ?? ?????? ?? "??????? ?? ??????? ?? ????? ????":
http://technet2.microsoft.com/WindowsServer/en/library/8196d68e-776a-4bbc-99a6-d8c19f36ded41033.mspx?mfr=true
(http://technet2.microsoft.com/WindowsServer/en/library/8196d68e-776a-4bbc-99a6-d8c19f36ded41033.mspx?mfr=true)
???? ??? ?????? | ????? ???????

???????

???? ???????: 922836 - ????? ??? ??????: 29/?????/1428 - ??????: 3.4
????? ???
  • Microsoft Windows Server 2003 Service Pack 1, ????? ?????? ??:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard x64 Edition
????? ??????: 
kbmt kbhowto kbinfo KB922836 KbMtar
????? ????
???: ??? ????? ??? ?????? ???????? ?????? ????? ???? ????? ?????????? ????? ?? ????????? ?????? ????. ???? ???? ?????????? ???? ?? ???????? ???????? ?????? ????????? ????? ????????? ???????? ????? ???????? ?????? ?? ?????? ??? ?? ???????? ???????? ?? ????? ??????? ?????? ??? ??????? ?????? ??. ?????? ?? ???? ??? ??????? ???????? ????? ?? ???? ????? ?????? ??? ????? ??? ????? ??????? ?? ????? ?? ?????? ??? ??? ??????? ??????? ?? ????? ????? ????? ????? ?????. ?? ????? ???? ?????????? ??????? ??? ????? ?? ??????? ?? ????? ?????? ?? ??? ????? ?? ????? ??????? ?? ???????? ?? ??? ???????. ???? ???? ?????????? ???????? ??? ????? ?????? ??????? ??????
???? ??? ????? ??????? ?????? ??????????922836
(http://support.microsoft.com/kb/922836/en-us/ )
???? ??? ?????? | ????? ???????

????? ???????

 
???? ??? ?????????? ??? ??????