Microsoft Windows Vista Community Forums - Vistaheads
Forums Register Donate FAQ PhotoPlog Members List Calendar Arcade Search Today's Posts Mark Forums Read
   
Driver Scanner 2009 - Free Scan Now



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Extending Active Directory Schema for Bitlocker recovery information

microsoft.public.windows.vista.general


Click On Your Flag for Translation
Simplified Chinese French Spanish Italian Portugeuse Japanese German Dutch
Reply
 
Thread Tools Display Modes
  #1 (permalink)  
Old 02-17-2007
Ragnar
 

Posts: n/a
Extending Active Directory Schema for Bitlocker recovery information
Hi

I'm performing the BitLocker Active Directory schema extension with the
commands and files described in the "Configuring Active Directory to Back up
Windows BitLocker Drive Encryption and Trusted Platform Module Recovery
Information". However ldifde stops at step 13 and gives the following error:

------------------------------------------------------------------------------------------------------------------------
13:
CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=tes tdomain,dc=com
Entry DN:
CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=tes tdomain,dc=com
changetype: modify
Attribute 0) searchFlags:152

Add error on line 223: Unwilling To Perform
The server side error is "The search flags for the attribute are invalid.
The ANR bit is valid only on attributes of Unicode or Teletex strings."
6 entries modified successfully.
An error has occurred in the program
------------------------------------------------------------------------------------------------------------------------

Btw, line 223 in the ldif file is the first line above "13:
CN=ms-TPM-OwnerInformation,CN..."

Anyone experienced this?


Thanks.


/Ragnar

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 02-18-2007
.Josh
 

Posts: n/a
Re: Extending Active Directory Schema for Bitlocker recovery information
Your DC's at SP1?


"Ragnar" <Ragnar@noemail.noemail> wrote in message
news:87B133D5-CE85-46AA-9A7E-ADB74C2D7E4A@microsoft.com...
> Hi
>
> I'm performing the BitLocker Active Directory schema extension with the
> commands and files described in the "Configuring Active Directory to Back
> up Windows BitLocker Drive Encryption and Trusted Platform Module Recovery
> Information". However ldifde stops at step 13 and gives the following
> error:
>
> ------------------------------------------------------------------------------------------------------------------------
> 13:
> CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=tes tdomain,dc=com
> Entry DN:
> CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=tes tdomain,dc=com
> changetype: modify
> Attribute 0) searchFlags:152
>
> Add error on line 223: Unwilling To Perform
> The server side error is "The search flags for the attribute are invalid.
> The ANR bit is valid only on attributes of Unicode or Teletex strings."
> 6 entries modified successfully.
> An error has occurred in the program
> ------------------------------------------------------------------------------------------------------------------------
>
> Btw, line 223 in the ldif file is the first line above "13:
> CN=ms-TPM-OwnerInformation,CN..."
>
> Anyone experienced this?
>
>
> Thanks.
>
>
> /Ragnar

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 02-18-2007
Ragnar
 

Posts: n/a
Re: Extending Active Directory Schema for Bitlocker recovery information
Yes, the environment meets all requirements as described in the
documentation, including SP1 (I have R2)...

/Ragnar



".Josh" <josh@win-nospam-dowsconnected.com> wrote in message
news:46392DCB-CF3B-4282-9C19-1CDCE1F30139@microsoft.com...
> Your DC's at SP1?
>
>
> "Ragnar" <Ragnar@noemail.noemail> wrote in message
> news:87B133D5-CE85-46AA-9A7E-ADB74C2D7E4A@microsoft.com...
>> Hi
>>
>> I'm performing the BitLocker Active Directory schema extension with the
>> commands and files described in the "Configuring Active Directory to Back
>> up Windows BitLocker Drive Encryption and Trusted Platform Module
>> Recovery Information". However ldifde stops at step 13 and gives the
>> following error:
>>
>> ------------------------------------------------------------------------------------------------------------------------
>> 13:
>> CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=tes tdomain,dc=com
>> Entry DN:
>> CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=tes tdomain,dc=com
>> changetype: modify
>> Attribute 0) searchFlags:152
>>
>> Add error on line 223: Unwilling To Perform
>> The server side error is "The search flags for the attribute are invalid.
>> The ANR bit is valid only on attributes of Unicode or Teletex strings."
>> 6 entries modified successfully.
>> An error has occurred in the program
>> ------------------------------------------------------------------------------------------------------------------------
>>
>> Btw, line 223 in the ldif file is the first line above "13:
>> CN=ms-TPM-OwnerInformation,CN..."
>>
>> Anyone experienced this?
>>
>>
>> Thanks.
>>
>>
>> /Ragnar
>

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 02-19-2007
admp.team@gmail.com
 

Posts: n/a
Re: Extending Active Directory Schema for Bitlocker recovery information
Hi,

Open the ADSI Edit(using adsiedit.msc) and check the availability
of searchFlags and their Syntax & Value.
Schema --> CN=Schema, CN=configuration,DC=testdomain,dc=com. Right
click and click Properties of the "CN=ms-TPM-OwnerInformation" object.
The searchFlags Attribute Syntax should be "Integer" and their value
should be 136(which will be changed to 152).

Adam,
ADManager Plus Team.


On Feb 18, 11:21 pm, "Ragnar" <Rag...@noemail.noemail> wrote:
> Yes, the environment meets all requirements as described in the
> documentation, including SP1 (I have R2)...
>
> /Ragnar
>
> ".Josh" <j...@win-nospam-dowsconnected.com> wrote in message
>
> news:46392DCB-CF3B-4282-9C19-1CDCE1F30139@microsoft.com...
>
> > Your DC's at SP1?
>
> > "Ragnar" <Rag...@noemail.noemail> wrote in message
> >news:87B133D5-CE85-46AA-9A7E-ADB74C2D7E4A@microsoft.com...
> >> Hi
>
> >> I'm performing the BitLocker Active Directory schema extension with the
> >> commands and files described in the "Configuring Active Directory to Back
> >> up Windows BitLocker Drive Encryption and Trusted Platform Module
> >> Recovery Information". However ldifde stops at step 13 and gives the
> >> following error:
>
> >> ------------------------------------------------------------------------------------------------------------------------
> >> 13:
> >> CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=tes tdomain,dc=com
> >> Entry DN:
> >> CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=tes tdomain,dc=com
> >> changetype: modify
> >> Attribute 0) searchFlags:152
>
> >> Add error on line 223: Unwilling To Perform
> >> The server side error is "The search flags for the attribute are invalid.
> >> The ANR bit is valid only on attributes of Unicode or Teletex strings."
> >> 6 entries modified successfully.
> >> An error has occurred in the program
> >> ------------------------------------------------------------------------------------------------------------------------
>
> >> Btw, line 223 in the ldif file is the first line above "13:
> >> CN=ms-TPM-OwnerInformation,CN..."
>
> >> Anyone experienced this?
>
> >> Thanks.
>
> >> /Ragnar


Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 02-19-2007
Ragnar
 

Posts: n/a
Re: Extending Active Directory Schema for Bitlocker recovery information
Hello

I checked (using adsiedit.msc) the searchFlags attribute for
CN=ms-TPM-OwnerInformation. It said 152, however I'm unable to change to 136
or choose OK when 152 is the value. I then get the following error message:
"The search flags for the attribute are invalid. The ANR bit is valid only
on attributes of Unicode or Teletex strings."

When checking msdn the error code for this message is:
ERROR_DS_INVALID_SEARCH_FLAG
8500

I'm allowed to set the value to 1 and clear the value, but not set to 136 or
152.

The searchFlags attribute syntax is Integer.

Any ideas? Thanks!



/Ragnar


<admp.team@gmail.com> wrote in message
news:1171888905.089602.259340@m58g2000cwm.googlegr oups.com...
> Hi,
>
> Open the ADSI Edit(using adsiedit.msc) and check the availability
> of searchFlags and their Syntax & Value.
> Schema --> CN=Schema, CN=configuration,DC=testdomain,dc=com. Right
> click and click Properties of the "CN=ms-TPM-OwnerInformation" object.
> The searchFlags Attribute Syntax should be "Integer" and their value
> should be 136(which will be changed to 152).
>
> Adam,
> ADManager Plus Team.
>
>
> On Feb 18, 11:21 pm, "Ragnar" <Rag...@noemail.noemail> wrote:
>> Yes, the environment meets all requirements as described in the
>> documentation, including SP1 (I have R2)...
>>
>> /Ragnar
>>
>> ".Josh" <j...@win-nospam-dowsconnected.com> wrote in message
>>
>> news:46392DCB-CF3B-4282-9C19-1CDCE1F30139@microsoft.com...
>>
>> > Your DC's at SP1?
>>
>> > "Ragnar" <Rag...@noemail.noemail> wrote in message
>> >news:87B133D5-CE85-46AA-9A7E-ADB74C2D7E4A@microsoft.com...
>> >> Hi
>>
>> >> I'm performing the BitLocker Active Directory schema extension with
>> >> the
>> >> commands and files described in the "Configuring Active Directory to
>> >> Back
>> >> up Windows BitLocker Drive Encryption and Trusted Platform Module
>> >> Recovery Information". However ldifde stops at step 13 and gives the
>> >> following error:
>>
>> >> ------------------------------------------------------------------------------------------------------------------------
>> >> 13:
>> >> CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=tes tdomain,dc=com
>> >> Entry DN:
>> >> CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=tes tdomain,dc=com
>> >> changetype: modify
>> >> Attribute 0) searchFlags:152
>>
>> >> Add error on line 223: Unwilling To Perform
>> >> The server side error is "The search flags for the attribute are
>> >> invalid.
>> >> The ANR bit is valid only on attributes of Unicode or Teletex
>> >> strings."
>> >> 6 entries modified successfully.
>> >> An error has occurred in the program
>> >> ------------------------------------------------------------------------------------------------------------------------
>>
>> >> Btw, line 223 in the ldif file is the first line above "13:
>> >> CN=ms-TPM-OwnerInformation,CN..."
>>
>> >> Anyone experienced this?
>>
>> >> Thanks.
>>
>> >> /Ragnar
>
>

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 02-20-2007
Ken Zhao [MSFT]
 

Posts: n/a
Re: Extending Active Directory Schema for Bitlocker recovery information
Hello Ragnar,

Thank you for using newsgroup!

From your post, you are following the guide article from our website to
configure Active Directory to back up Windows BitLocker drive encryption.
You are encountering an issue when you follow these steps. Please
understand these steps are tested in our original test environment not in
your specific environment. Therefore, we suspect this issue may be related
to your specific AD environment. For this kind of issue, I'd like to
suggest you try the following channels to obtain effective assistance:

Channel 1:
You may also post to the security newsgroup to see if they have any
information to share with you:
microsoft.private.directaccess.security

This is a more appropriate forum for your question where you will get the
most qualified pool of respondents and other partners in the newsgroups who
can either share their knowledge or learn from your interaction with us.

Channel 2:
Please understand if the issue only occurs in your environment, this may be
a complex issue and need more time to troubleshoot this issue. Therefore,
please contact our CSS to support this kind issue. For a complete list of
Microsoft Customer Service and Support (CSS) phone numbers and information
about support costs, please go to the following address on the World Wide
Web:
http://support.microsoft.com/directory/overview.asp

Thanks & Regards,

Ken Zhao

Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
================================================== ==
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
================================================== ==
This posting is provided "AS IS" with no warranties, and confers no rights.




--------------------
| From: "Ragnar" <Ragnar@noemail.noemail>
| References: <87B133D5-CE85-46AA-9A7E-ADB74C2D7E4A@microsoft.com>
<46392DCB-CF3B-4282-9C19-1CDCE1F30139@microsoft.com>
<244F2C49-1223-4989-939A-7477D75FD59B@microsoft.com>
<1171888905.089602.259340@m58g2000cwm.googlegroups .com>
| In-Reply-To: <1171888905.089602.259340@m58g2000cwm.googlegroups .com>
| Subject: Re: Extending Active Directory Schema for Bitlocker recovery
information
| Date: Mon, 19 Feb 2007 20:04:46 +0100
| Lines: 91
| Message-ID: <8D1C7BE6-1503-4E6D-8341-3BF3A9E5EBF1@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| format=flowed;
| charset="iso-8859-1";
| reply-type=original
| Content-Transfer-Encoding: 7bit
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Windows Mail 6.0.6000.16386
| X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16386
| X-MS-CommunityGroup-PostID: {8D1C7BE6-1503-4E6D-8341-3BF3A9E5EBF1}
| X-MS-CommunityGroup-ThreadID: 87B133D5-CE85-46AA-9A7E-ADB74C2D7E4A
| X-MS-CommunityGroup-ParentID: 070253AA-3D53-4F47-A240-A47A58479B34
| Newsgroups:
microsoft.public.windows.server.active_directory,m icrosoft.public.windows.vi
sta.general,microsoft.public.windows.vista.securit y
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.vista.general:42895
microsoft.public.windows.vista.security:1961
microsoft.public.windows.server.active_directory:8 388
| NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
| X-Tomcat-NG: microsoft.public.windows.vista.general
|
| Hello
|
| I checked (using adsiedit.msc) the searchFlags attribute for
| CN=ms-TPM-OwnerInformation. It said 152, however I'm unable to change to
136
| or choose OK when 152 is the value. I then get the following error
message:
| "The search flags for the attribute are invalid. The ANR bit is valid
only
| on attributes of Unicode or Teletex strings."
|
| When checking msdn the error code for this message is:
| ERROR_DS_INVALID_SEARCH_FLAG
| 8500
|
| I'm allowed to set the value to 1 and clear the value, but not set to 136
or
| 152.
|
| The searchFlags attribute syntax is Integer.
|
| Any ideas? Thanks!
|
|
|
| /Ragnar
|
|
| <admp.team@gmail.com> wrote in message
| news:1171888905.089602.259340@m58g2000cwm.googlegr oups.com...
| > Hi,
| >
| > Open the ADSI Edit(using adsiedit.msc) and check the availability
| > of searchFlags and their Syntax & Value.
| > Schema --> CN=Schema, CN=configuration,DC=testdomain,dc=com. Right
| > click and click Properties of the "CN=ms-TPM-OwnerInformation" object.
| > The searchFlags Attribute Syntax should be "Integer" and their value
| > should be 136(which will be changed to 152).
| >
| > Adam,
| > ADManager Plus Team.
| >
| >
| > On Feb 18, 11:21 pm, "Ragnar" <Rag...@noemail.noemail> wrote:
| >> Yes, the environment meets all requirements as described in the
| >> documentation, including SP1 (I have R2)...
| >>
| >> /Ragnar
| >>
| >> ".Josh" <j...@win-nospam-dowsconnected.com> wrote in message
| >>
| >> news:46392DCB-CF3B-4282-9C19-1CDCE1F30139@microsoft.com...
| >>
| >> > Your DC's at SP1?
| >>
| >> > "Ragnar" <Rag...@noemail.noemail> wrote in message
| >> >news:87B133D5-CE85-46AA-9A7E-ADB74C2D7E4A@microsoft.com...
| >> >> Hi
| >>
| >> >> I'm performing the BitLocker Active Directory schema extension with
| >> >> the
| >> >> commands and files described in the "Configuring Active Directory
to
| >> >> Back
| >> >> up Windows BitLocker Drive Encryption and Trusted Platform Module
| >> >> Recovery Information". However ldifde stops at step 13 and gives the
| >> >> following error:
| >>
| >> >>
----------------------------------------------------------------------------
--------------------------------------------
| >> >> 13:
| >> >>
CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=tes tdomain,dc=com
| >> >> Entry DN:
| >> >>
CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=tes tdomain,dc=com
| >> >> changetype: modify
| >> >> Attribute 0) searchFlags:152
| >>
| >> >> Add error on line 223: Unwilling To Perform
| >> >> The server side error is "The search flags for the attribute are
| >> >> invalid.
| >> >> The ANR bit is valid only on attributes of Unicode or Teletex
| >> >> strings."
| >> >> 6 entries modified successfully.
| >> >> An error has occurred in the program
| >> >>
----------------------------------------------------------------------------
--------------------------------------------
| >>
| >> >> Btw, line 223 in the ldif file is the first line above "13:
| >> >> CN=ms-TPM-OwnerInformation,CN..."
| >>
| >> >> Anyone experienced this?
| >>
| >> >> Thanks.
| >>
| >> >> /Ragnar
| >
| >
|
|

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 02-24-2007
Ragnar
 

Posts: n/a
Re: Extending Active Directory Schema for Bitlocker recovery information
Thanks for your reply.

I don't really know where to find the
microsoft.private.directaccess.security newsgroup. Is it available for
Technet Plus subscribers?

/Ragnar


""Ken Zhao [MSFT]"" <v-kzhao@online.microsoft.com> wrote in message
news:joJOr2KVHHA.2356@TK2MSFTNGHUB02.phx.gbl...
> Hello Ragnar,
>
> Thank you for using newsgroup!
>
> From your post, you are following the guide article from our website to
> configure Active Directory to back up Windows BitLocker drive encryption.
> You are encountering an issue when you follow these steps. Please
> understand these steps are tested in our original test environment not in
> your specific environment. Therefore, we suspect this issue may be related
> to your specific AD environment. For this kind of issue, I'd like to
> suggest you try the following channels to obtain effective assistance:
>
> Channel 1:
> You may also post to the security newsgroup to see if they have any
> information to share with you:
> microsoft.private.directaccess.security
>
> This is a more appropriate forum for your question where you will get the
> most qualified pool of respondents and other partners in the newsgroups
> who
> can either share their knowledge or learn from your interaction with us.
>
> Channel 2:
> Please understand if the issue only occurs in your environment, this may
> be
> a complex issue and need more time to troubleshoot this issue. Therefore,
> please contact our CSS to support this kind issue. For a complete list of
> Microsoft Customer Service and Support (CSS) phone numbers and information
> about support costs, please go to the following address on the World Wide
> Web:
> http://support.microsoft.com/directory/overview.asp
>
> Thanks & Regards,
>
> Ken Zhao
>
> Microsoft Online Support
> Microsoft Global Technical Support Center
>
> Get Secure! - www.microsoft.com/security
> <http://www.microsoft.com/security>
> ================================================== ==
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ================================================== ==
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
>
>
> --------------------
> | From: "Ragnar" <Ragnar@noemail.noemail>
> | References: <87B133D5-CE85-46AA-9A7E-ADB74C2D7E4A@microsoft.com>
> <46392DCB-CF3B-4282-9C19-1CDCE1F30139@microsoft.com>
> <244F2C49-1223-4989-939A-7477D75FD59B@microsoft.com>
> <1171888905.089602.259340@m58g2000cwm.googlegroups .com>
> | In-Reply-To: <1171888905.089602.259340@m58g2000cwm.googlegroups .com>
> | Subject: Re: Extending Active Directory Schema for Bitlocker recovery
> information
> | Date: Mon, 19 Feb 2007 20:04:46 +0100
> | Lines: 91
> | Message-ID: <8D1C7BE6-1503-4E6D-8341-3BF3A9E5EBF1@microsoft.com>
> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | format=flowed;
> | charset="iso-8859-1";
> | reply-type=original
> | Content-Transfer-Encoding: 7bit
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Windows Mail 6.0.6000.16386
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16386
> | X-MS-CommunityGroup-PostID: {8D1C7BE6-1503-4E6D-8341-3BF3A9E5EBF1}
> | X-MS-CommunityGroup-ThreadID: 87B133D5-CE85-46AA-9A7E-ADB74C2D7E4A
> | X-MS-CommunityGroup-ParentID: 070253AA-3D53-4F47-A240-A47A58479B34
> | Newsgroups:
> microsoft.public.windows.server.active_directory,m icrosoft.public.windows.vi
> sta.general,microsoft.public.windows.vista.securit y
> | Path: TK2MSFTNGHUB02.phx.gbl
> | Xref: TK2MSFTNGHUB02.phx.gbl
> microsoft.public.windows.vista.general:42895
> microsoft.public.windows.vista.security:1961
> microsoft.public.windows.server.active_directory:8 388
> | NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
> | X-Tomcat-NG: microsoft.public.windows.vista.general
> |
> | Hello
> |
> | I checked (using adsiedit.msc) the searchFlags attribute for
> | CN=ms-TPM-OwnerInformation. It said 152, however I'm unable to change to
> 136
> | or choose OK when 152 is the value. I then get the following error
> message:
> | "The search flags for the attribute are invalid. The ANR bit is valid
> only
> | on attributes of Unicode or Teletex strings."
> |
> | When checking msdn the error code for this message is:
> | ERROR_DS_INVALID_SEARCH_FLAG
> | 8500
> |
> | I'm allowed to set the value to 1 and clear the value, but not set to
> 136
> or
> | 152.
> |
> | The searchFlags attribute syntax is Integer.
> |
> | Any ideas? Thanks!
> |
> |
> |
> | /Ragnar
> |
> |
> | <admp.team@gmail.com> wrote in message
> | news:1171888905.089602.259340@m58g2000cwm.googlegr oups.com...
> | > Hi,
> | >
> | > Open the ADSI Edit(using adsiedit.msc) and check the availability
> | > of searchFlags and their Syntax & Value.
> | > Schema --> CN=Schema, CN=configuration,DC=testdomain,dc=com. Right
> | > click and click Properties of the "CN=ms-TPM-OwnerInformation" object.
> | > The searchFlags Attribute Syntax should be "Integer" and their value
> | > should be 136(which will be changed to 152).
> | >
> | > Adam,
> | > ADManager Plus Team.
> | >
> | >
> | > On Feb 18, 11:21 pm, "Ragnar" <Rag...@noemail.noemail> wrote:
> | >> Yes, the environment meets all requirements as described in the
> | >> documentation, including SP1 (I have R2)...
> | >>
> | >> /Ragnar
> | >>
> | >> ".Josh" <j...@win-nospam-dowsconnected.com> wrote in message
> | >>
> | >> news:46392DCB-CF3B-4282-9C19-1CDCE1F30139@microsoft.com...
> | >>
> | >> > Your DC's at SP1?
> | >>
> | >> > "Ragnar" <Rag...@noemail.noemail> wrote in message
> | >> >news:87B133D5-CE85-46AA-9A7E-ADB74C2D7E4A@microsoft.com...
> | >> >> Hi
> | >>
> | >> >> I'm performing the BitLocker Active Directory schema extension
> with
> | >> >> the
> | >> >> commands and files described in the "Configuring Active Directory
> to
> | >> >> Back
> | >> >> up Windows BitLocker Drive Encryption and Trusted Platform Module
> | >> >> Recovery Information". However ldifde stops at step 13 and gives
> the
> | >> >> following error:
> | >>
> | >> >>
> ----------------------------------------------------------------------------
> --------------------------------------------
> | >> >> 13:
> | >> >>
> CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=tes tdomain,dc=com
> | >> >> Entry DN:
> | >> >>
> CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=tes tdomain,dc=com
> | >> >> changetype: modify
> | >> >> Attribute 0) searchFlags:152
> | >>
> | >> >> Add error on line 223: Unwilling To Perform
> | >> >> The server side error is "The search flags for the attribute are
> | >> >> invalid.
> | >> >> The ANR bit is valid only on attributes of Unicode or Teletex
> | >> >> strings."
> | >> >> 6 entries modified successfully.
> | >> >> An error has occurred in the program
> | >> >>
> ----------------------------------------------------------------------------
> --------------------------------------------
> | >>
> | >> >> Btw, line 223 in the ldif file is the first line above "13:
> | >> >> CN=ms-TPM-OwnerInformation,CN..."
> | >>
> | >> >> Anyone experienced this?
> | >>
> | >> >> Thanks.
> | >>
> | >> >> /Ragnar
> | >
> | >
> |
> |
>

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 02-27-2007
Ken Zhao [MSFT]
 

Posts: n/a
Re: Extending Active Directory Schema for Bitlocker recovery information
Hi Ragnar,

You may contact Microsoft Customer Service and Support (CSS). For the
security newsgroup, it is for Microsoft Partner that need user account and
password.

Thanks & Regards,

Ken Zhao

Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
================================================== ==
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
================================================== ==
This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
| From: "Ragnar" <Ragnar@noemail.noemail>
| References: <87B133D5-CE85-46AA-9A7E-ADB74C2D7E4A@microsoft.com>
<46392DCB-CF3B-4282-9C19-1CDCE1F30139@microsoft.com>
<244F2C49-1223-4989-939A-7477D75FD59B@microsoft.com>
<1171888905.089602.259340@m58g2000cwm.googlegroups .com>
<8D1C7BE6-1503-4E6D-8341-3BF3A9E5EBF1@microsoft.com>
<joJOr2KVHHA.2356@TK2MSFTNGHUB02.phx.gbl>
| In-Reply-To: <joJOr2KVHHA.2356@TK2MSFTNGHUB02.phx.gbl>
| Subject: Re: Extending Active Directory Schema for Bitlocker recovery
information
| Date: Sat, 24 Feb 2007 09:20:42 +0100
| Lines: 206
| MIME-Version: 1.0
| Content-Type: text/plain;
| format=flowed;
| charset="iso-8859-1";
| reply-type=original
| Content-Transfer-Encoding: 7bit
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Windows Mail 6.0.6000.16386
| X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16386
| Message-ID: <#qnorx#VHHA.1120@TK2MSFTNGP02.phx.gbl>
| Newsgroups: microsoft.public.windows.vista.general
| NNTP-Posting-Host: s1015-0322.dsl.start.no 195.159.141.130
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSF TNGP02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.vista.general:47182
| X-Tomcat-NG: microsoft.public.windows.vista.general
|
| Thanks for your reply.
|
| I don't really know where to find the
| microsoft.private.directaccess.security newsgroup. Is it available for
| Technet Plus subscribers?
|
| /Ragnar
|
|
| ""Ken Zhao [MSFT]"" <v-kzhao@online.microsoft.com> wrote in message
| news:joJOr2KVHHA.2356@TK2MSFTNGHUB02.phx.gbl...
| > Hello Ragnar,
| >
| > Thank you for using newsgroup!
| >
| > From your post, you are following the guide article from our website to
| > configure Active Directory to back up Windows BitLocker drive
encryption.
| > You are encountering an issue when you follow these steps. Please
| > understand these steps are tested in our original test environment not
in
| > your specific environment. Therefore, we suspect this issue may be
related
| > to your specific AD environment. For this kind of issue, I'd like to
| > suggest you try the following channels to obtain effective assistance:
| >
| > Channel 1:
| > You may also post to the security newsgroup to see if they have any
| > information to share with you:
| > microsoft.private.directaccess.security
| >
| > This is a more appropriate forum for your question where you will get
the
| > most qualified pool of respondents and other partners in the newsgroups
| > who
| > can either share their knowledge or learn from your interaction with us.
| >
| > Channel 2:
| > Please understand if the issue only occurs in your environment, this
may
| > be
| > a complex issue and need more time to troubleshoot this issue.
Therefore,
| > please contact our CSS to support this kind issue. For a complete list
of
| > Microsoft Customer Service and Support (CSS) phone numbers and
information
| > about support costs, please go to the following address on the World
Wide
| > Web:
| > http://support.microsoft.com/directory/overview.asp
| >
| > Thanks & Regards,
| >
| > Ken Zhao
| >
| > Microsoft Online Support
| > Microsoft Global Technical Support Center
| >
| > Get Secure! - www.microsoft.com/security
| > <http://www.microsoft.com/security>
| > ================================================== ==
| > When responding to posts, please "Reply to Group" via your newsreader so
| > that others may learn and benefit from your issue.
| > ================================================== ==
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| >
| >
| >
| > --------------------
| > | From: "Ragnar" <Ragnar@noemail.noemail>
| > | References: <87B133D5-CE85-46AA-9A7E-ADB74C2D7E4A@microsoft.com>
| > <46392DCB-CF3B-4282-9C19-1CDCE1F30139@microsoft.com>
| > <244F2C49-1223-4989-939A-7477D75FD59B@microsoft.com>
| > <1171888905.089602.259340@m58g2000cwm.googlegroups .com>
| > | In-Reply-To: <1171888905.089602.259340@m58g2000cwm.googlegroups .com>
| > | Subject: Re: Extending Active Directory Schema for Bitlocker recovery
| > information
| > | Date: Mon, 19 Feb 2007 20:04:46 +0100
| > | Lines: 91
| > | Message-ID: <8D1C7BE6-1503-4E6D-8341-3BF3A9E5EBF1@microsoft.com>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | format=flowed;
| > | charset="iso-8859-1";
| > | reply-type=original
| > | Content-Transfer-Encoding: 7bit
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Windows Mail 6.0.6000.16386
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16386
| > | X-MS-CommunityGroup-PostID: {8D1C7BE6-1503-4E6D-8341-3BF3A9E5EBF1}
| > | X-MS-CommunityGroup-ThreadID: 87B133D5-CE85-46AA-9A7E-ADB74C2D7E4A
| > | X-MS-CommunityGroup-ParentID: 070253AA-3D53-4F47-A240-A47A58479B34
| > | Newsgroups:
| >
microsoft.public.windows.server.active_directory,m icrosoft.public.windows.vi
| > sta.general,microsoft.public.windows.vista.securit y
| > | Path: TK2MSFTNGHUB02.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl
| > microsoft.public.windows.vista.general:42895
| > microsoft.public.windows.vista.security:1961
| > microsoft.public.windows.server.active_directory:8 388
| > | NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
| > | X-Tomcat-NG: microsoft.public.windows.vista.general
| > |
| > | Hello
| > |
| > | I checked (using adsiedit.msc) the searchFlags attribute for
| > | CN=ms-TPM-OwnerInformation. It said 152, however I'm unable to change
to
| > 136
| > | or choose OK when 152 is the value. I then get the following error
| > message:
| > | "The search flags for the attribute are invalid. The ANR bit is valid
| > only
| > | on attributes of Unicode or Teletex strings."
| > |
| > | When checking msdn the error code for this message is:
| > | ERROR_DS_INVALID_SEARCH_FLAG
| > | 8500
| > |
| > | I'm allowed to set the value to 1 and clear the value, but not set to
| > 136
| > or
| > | 152.
| > |
| > | The searchFlags attribute syntax is Integer.
| > |
| > | Any ideas? Thanks!
| > |
| > |
| > |
| > | /Ragnar
| > |
| > |
| > | <admp.team@gmail.com> wrote in message
| > | news:1171888905.089602.259340@m58g2000cwm.googlegr oups.com...
| > | > Hi,
| > | >
| > | > Open the ADSI Edit(using adsiedit.msc) and check the availability
| > | > of searchFlags and their Syntax & Value.
| > | > Schema --> CN=Schema, CN=configuration,DC=testdomain,dc=com. Right
| > | > click and click Properties of the "CN=ms-TPM-OwnerInformation"
object.
| > | > The searchFlags Attribute Syntax should be "Integer" and their value
| > | > should be 136(which will be changed to 152).
| > | >
| > | > Adam,
| > | > ADManager Plus Team.
| > | >
| > | >
| > | > On Feb 18, 11:21 pm, "Ragnar" <Rag...@noemail.noemail> wrote:
| > | >> Yes, the environment meets all requirements as described in the
| > | >> documentation, including SP1 (I have R2)...
| > | >>
| > | >> /Ragnar
| > | >>
| > | >> ".Josh" <j...@win-nospam-dowsconnected.com> wrote in message
| > | >>
| > | >> news:46392DCB-CF3B-4282-9C19-1CDCE1F30139@microsoft.com...
| > | >>
| > | >> > Your DC's at SP1?
| > | >>
| > | >> > "Ragnar" <Rag...@noemail.noemail> wrote in message
| > | >> >news:87B133D5-CE85-46AA-9A7E-ADB74C2D7E4A@microsoft.com...
| > | >> >> Hi
| > | >>
| > | >> >> I'm performing the BitLocker Active Directory schema extension
| > with
| > | >> >> the
| > | >> >> commands and files described in the "Configuring Active
Directory
| > to
| > | >> >> Back
| > | >> >> up Windows BitLocker Drive Encryption and Trusted Platform
Module
| > | >> >> Recovery Information". However ldifde stops at step 13 and
gives
| > the
| > | >> >> following error:
| > | >>
| > | >> >>
| >
----------------------------------------------------------------------------
| > --------------------------------------------
| > | >> >> 13:
| > | >> >>
| >
CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=tes tdomain,dc=com
| > | >> >> Entry DN:
| > | >> >>
| >
CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=tes tdomain,dc=com
| > | >> >> changetype: modify
| > | >> >> Attribute 0) searchFlags:152
| > | >>
| > | >> >> Add error on line 223: Unwilling To Perform
| > | >> >> The server side error is "The search flags for the attribute are
| > | >> >> invalid.
| > | >> >> The ANR bit is valid only on attributes of Unicode or Teletex
| > | >> >> strings."
| > | >> >> 6 entries modified successfully.
| > | >> >> An error has occurred in the program
| > | >> >>
| >
----------------------------------------------------------------------------
| > --------------------------------------------
| > | >>
| > | >> >> Btw, line 223 in the ldif file is the first line above "13:
| > | >> >> CN=ms-TPM-OwnerInformation,CN..."
| > | >>
| > | >> >> Anyone experienced this?
| > | >>
| > | >> >> Thanks.
| > | >>
| > | >> >> /Ragnar
| > | >
| > | >
| > |
| > |
| >
|
|

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows Vista Bitlocker Active Directory Schema Ragnar microsoft.public.windows.vista.general 6 03-01-2007 03:47
Temp Directory acts like media directory Henry Jones microsoft.public.windows.vista.general 2 03-01-2007 02:58
Re: Active Directory users and computers snap-in =?Utf-8?B?TWFyayBIb3dlbGw=?= microsoft.public.windows.vista.general 1 02-28-2007 21:03
Active Directory microsoft.public.windows.vista.general 4 02-28-2007 20:51
Snap-in for Active Directory for Vista =?Utf-8?B?aGFwcHlkdWRl?= microsoft.public.windows.vista.administration accounts passwords 1 02-28-2007 14:10


All times are GMT +1. The time now is 23:08.