Hi Ragnar,
You may contact Microsoft Customer Service and Support (CSS). For the
security newsgroup, it is for Microsoft Partner that need user account and
password.
Thanks & Regards,
Ken Zhao
Microsoft Online Support
Microsoft Global Technical Support Center
Get Secure! -
www.microsoft.com/security <
http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Ragnar" <
[email protected]>
| References: <
[email protected]>
<
[email protected]>
<
[email protected]>
<
[email protected]>
<
[email protected]>
<
[email protected]>
| In-Reply-To: <
[email protected]>
| Subject: Re: Extending Active Directory Schema for Bitlocker recovery
information
| Date: Sat, 24 Feb 2007 09:20:42 +0100
| Lines: 206
| MIME-Version: 1.0
| Content-Type: text/plain;
| format=flowed;
| charset="iso-8859-1";
| reply-type=original
| Content-Transfer-Encoding: 7bit
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Windows Mail 6.0.6000.16386
| X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16386
| Message-ID: <#qnorx#
[email protected]>
| Newsgroups: microsoft.public.windows.vista.general
| NNTP-Posting-Host: s1015-0322.dsl.start.no 195.159.141.130
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.vista.general:47182
| X-Tomcat-NG: microsoft.public.windows.vista.general
|
| Thanks for your reply.
|
| I don't really know where to find the
| microsoft.private.directaccess.security newsgroup. Is it available for
| Technet Plus subscribers?
|
| /Ragnar
|
|
| | > Hello Ragnar,
| >
| > Thank you for using newsgroup!
| >
| > From your post, you are following the guide article from our website to
| > configure Active Directory to back up Windows BitLocker drive
encryption.
| > You are encountering an issue when you follow these steps. Please
| > understand these steps are tested in our original test environment not
in
| > your specific environment. Therefore, we suspect this issue may be
related
| > to your specific AD environment. For this kind of issue, I'd like to
| > suggest you try the following channels to obtain effective assistance:
| >
| > Channel 1:
| > You may also post to the security newsgroup to see if they have any
| > information to share with you:
| > microsoft.private.directaccess.security
| >
| > This is a more appropriate forum for your question where you will get
the
| > most qualified pool of respondents and other partners in the newsgroups
| > who
| > can either share their knowledge or learn from your interaction with us.
| >
| > Channel 2:
| > Please understand if the issue only occurs in your environment, this
may
| > be
| > a complex issue and need more time to troubleshoot this issue.
Therefore,
| > please contact our CSS to support this kind issue. For a complete list
of
| > Microsoft Customer Service and Support (CSS) phone numbers and
information
| > about support costs, please go to the following address on the World
Wide
| > Web:
| >
http://support.microsoft.com/directory/overview.asp
| >
| > Thanks & Regards,
| >
| > Ken Zhao
| >
| > Microsoft Online Support
| > Microsoft Global Technical Support Center
| >
| > Get Secure! -
www.microsoft.com/security
| > <
http://www.microsoft.com/security>
| > ====================================================
| > When responding to posts, please "Reply to Group" via your newsreader so
| > that others may learn and benefit from your issue.
| > ====================================================
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| >
| >
| >
| > --------------------
| > | From: "Ragnar" <
[email protected]>
| > | References: <
[email protected]>
| > <
[email protected]>
| > <
[email protected]>
| > <
[email protected]>
| > | In-Reply-To: <
[email protected]>
| > | Subject: Re: Extending Active Directory Schema for Bitlocker recovery
| > information
| > | Date: Mon, 19 Feb 2007 20:04:46 +0100
| > | Lines: 91
| > | Message-ID: <
[email protected]>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | format=flowed;
| > | charset="iso-8859-1";
| > | reply-type=original
| > | Content-Transfer-Encoding: 7bit
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Windows Mail 6.0.6000.16386
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16386
| > | X-MS-CommunityGroup-PostID: {8D1C7BE6-1503-4E6D-8341-3BF3A9E5EBF1}
| > | X-MS-CommunityGroup-ThreadID: 87B133D5-CE85-46AA-9A7E-ADB74C2D7E4A
| > | X-MS-CommunityGroup-ParentID: 070253AA-3D53-4F47-A240-A47A58479B34
| > | Newsgroups:
| >
microsoft.public.windows.server.active_directory,microsoft.public.windows.vi
| > sta.general,microsoft.public.windows.vista.security
| > | Path: TK2MSFTNGHUB02.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl
| > microsoft.public.windows.vista.general:42895
| > microsoft.public.windows.vista.security:1961
| > microsoft.public.windows.server.active_directory:8388
| > | NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
| > | X-Tomcat-NG: microsoft.public.windows.vista.general
| > |
| > | Hello
| > |
| > | I checked (using adsiedit.msc) the searchFlags attribute for
| > | CN=ms-TPM-OwnerInformation. It said 152, however I'm unable to change
to
| > 136
| > | or choose OK when 152 is the value. I then get the following error
| > message:
| > | "The search flags for the attribute are invalid. The ANR bit is valid
| > only
| > | on attributes of Unicode or Teletex strings."
| > |
| > | When checking msdn the error code for this message is:
| > | ERROR_DS_INVALID_SEARCH_FLAG
| > | 8500
| > |
| > | I'm allowed to set the value to 1 and clear the value, but not set to
| > 136
| > or
| > | 152.
| > |
| > | The searchFlags attribute syntax is Integer.
| > |
| > | Any ideas? Thanks!
| > |
| > |
| > |
| > | /Ragnar
| > |
| > |
| > | | > | > Hi,
| > | >
| > | > Open the ADSI Edit(using adsiedit.msc) and check the availability
| > | > of searchFlags and their Syntax & Value.
| > | > Schema --> CN=Schema, CN=configuration,DC=testdomain,dc=com. Right
| > | > click and click Properties of the "CN=ms-TPM-OwnerInformation"
object.
| > | > The searchFlags Attribute Syntax should be "Integer" and their value
| > | > should be 136(which will be changed to 152).
| > | >
| > | > Adam,
| > | > ADManager Plus Team.
| > | >
| > | >
| > | >> Yes, the environment meets all requirements as described in the
| > | >> documentation, including SP1 (I have R2)...
| > | >>
| > | >> /Ragnar
| > | >>
| > | >>
| > | >> | > | >>
| > | >> > Your DC's at SP1?
| > | >>
| > | >> >| > | >> >> Hi
| > | >>
| > | >> >> I'm performing the BitLocker Active Directory schema extension
| > with
| > | >> >> the
| > | >> >> commands and files described in the "Configuring Active
Directory
| > to
| > | >> >> Back
| > | >> >> up Windows BitLocker Drive Encryption and Trusted Platform
Module
| > | >> >> Recovery Information". However ldifde stops at step 13 and
gives
| > the
| > | >> >> following error:
| > | >>
| > | >> >>
| >
----------------------------------------------------------------------------
| > --------------------------------------------
| > | >> >> 13:
| > | >> >>
| >
CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=testdomain,dc=com
| > | >> >> Entry DN:
| > | >> >>
| >
CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=testdomain,dc=com
| > | >> >> changetype: modify
| > | >> >> Attribute 0) searchFlags:152
| > | >>
| > | >> >> Add error on line 223: Unwilling To Perform
| > | >> >> The server side error is "The search flags for the attribute are
| > | >> >> invalid.
| > | >> >> The ANR bit is valid only on attributes of Unicode or Teletex
| > | >> >> strings."
| > | >> >> 6 entries modified successfully.
| > | >> >> An error has occurred in the program
| > | >> >>
| >
----------------------------------------------------------------------------
| > --------------------------------------------
| > | >>
| > | >> >> Btw, line 223 in the ldif file is the first line above "13:
| > | >> >> CN=ms-TPM-OwnerInformation,CN..."
| > | >>
| > | >> >> Anyone experienced this?
| > | >>
| > | >> >> Thanks.
| > | >>
| > | >> >> /Ragnar
| > | >
| > | >
| > |
| > |
| >
|
|