[MS-LSAT]: Local Security Authority (Translation Methods) Remote Protocol

This topic lists the Errata found in [MS-LSAT] since it was last published. Since this topic is updated frequently, we recommend that you subscribe to these RSS or Atom feeds to receive update notifications.

Errata are subject to the same terms as the Open Specifications documentation referenced.

RSS

Atom

To view a PDF file of the errata for the previous versions of this document, see the following ERRATA Archives:

July 18, 2016 - Download

June 1, 2017 - Download

June 1, 2017 - Download

September 15, 2017 - Download

Errata below are for Protocol Document Version V30.0 - 2018/09/12

Errata Published*

Description

2020/09/28

In Section 3.1.1.1.2   Configurable Translation Database and Corresponding View, clarified the process to map the Security Principal SID from the ServiceName rather than the DisplayName.​

Changed from: ​

The mapping rules are defined as follows:

● Domain DNS Name, Additional Security Principal Name, User Principal Name, Default User Principal Names, and Security Principal SID History columns are left empty.

● Security Principal SID is mapped from DisplayName in [MS-SCMR] section 3.1.1 using the following method:

● Convert the DisplayName field to the uppercase, UTF-16 representation.

● Take the SHA1 hash of the name:

● Hash[0] denoting the first 4 bytes of the resulting hash as an unsigned integer.

● Hash[1] denoting the second 4 bytes of the resulting hash as an unsigned integer.

● And so on.

● Create the SID using the following mapping:

● S-1-5-80-hash[0]-hash[1]-hash[2]-hash[3]-hash[4]

● Security Principal Name is mapped from DisplayName in [MS-SCMR] section 3.1.1.

● Security Principal Type is mapped to SidTypeWellKnownGroup.

Changed to: ​

The mapping rules are defined as follows:

● For all these entries:Domain DNS Name, Additional Security Principal Name, User Principal Name, Default User Principal Names, and Security Principal SID; the History columns are left empty.

● For the "NT SERVICE" domain entry, the mapping rules are defined as follows:

● Security Principal Name is “NT SERVICE”

● Service Principal SID is S-1-5-80

● Security Principal Type is SidTypeDomain

● For each service definition entry, the mapping rules are defined as follows:

● Security Principal Name is mapped from the ServiceName in [MS-SCMR] section 3.1.1.

● Security Principal SID is mapped from the ServiceName in [MS-SCMR] section 3.1.1 using the following method:

● Convert the ServiceName field to the uppercase, UTF-16 representation.

● Take the SHA1 hash of the name:

● Hash[0] denoting the first 4 bytes of the resulting hash as an unsigned integer.

● Hash[1] denoting the second 4 bytes of the resulting hash as an unsigned integer.

● And so on.

● Create the SID using the following mapping:

● S-1-5-80-hash[0]-hash[1]-hash[2]-hash[3]-hash[4]

● Security Principal Type is mapped to SidTypeWellKnownGroup.

*Date format: YYYY/MM/DD